Aqua Security Runtime Protection provides runtime security for cloud native workloads including containers, Kubernetes, serverless functions, and virtual machines across hybrid and multi-cloud environments. The product uses eBPF-based detection to identify threats at the kernel level and incorporates threat intelligence from Aqua Nautilus research team. The solution offers drift prevention to enforce container immutability by blocking unauthorized activity and ensuring only original image executables run. It detects and blocks malware including ransomware, botnets, backdoors, cryptominers, and Trojans using behavioral and signature-based detection methods. The platform identifies fileless attacks and Indicators of Compromise (IoCs) through multiple detection techniques. Runtime visibility is provided through kernel-level monitoring that tracks malicious actions without causing business disruption. The product includes container memory forensics capabilities that capture selective memory dumps at the moment of attack for incident investigation. Process lineage tracking connects runtime activity with forensic data to trace attack paths. The platform operates with a single policy engine that manages security across different workload types. Preconfigured runtime policies are included for deployment. Detection and response capabilities work at enterprise scale with integration support for existing SIEM and analysis tools.