全球云端/应用程式运行时安全（CARS）市场（2025-2029）

CDR 和 ADR 正在经历变革性成长。

SecOps 和 SOC 团队专注于核心威胁管理业务，例如威胁监控、事件回应、威胁情报分析和安全漏洞管理。传统上，这些团队依靠 SIEM、UEBA 和 XDR 等工具来管理本地环境中的威胁。

然而，云端和云端原生应用服务的快速普及使得传统的威胁管理策略显得力不从心。云端环境（尤其是容器和无伺服器功能）的动态性、分散式和短暂性，使得攻击面瞬息万变。这些资源快速切换，使得 SecOps 团队难以保持即时可见度并有效应对威胁。

云端原生应用的多层架构（包括容器、微服务和云端基础架构）进一步增加了侦测和回应的复杂性。攻击通常始于应用程式层，利用被利用的 API 或未知漏洞，并透过容器和基础设施跨层传播。为了管理这些威胁，SecOps 团队必须跨层关联事件，这需要整合的可视性和进阶资料关联功能。

虽然 CNAPP 和 AppSec 测试工具在风险与合规性管理方面具有重要价值，但它们主要着重于安全左移。 CNAPP（尤其是无代理平台）专注于识别漏洞和错误配置并强化环境。这些工具着重于部署前风险缓解，而非即时防护，因此它们对云端工程师、DevOps 和开发人员的益处大于对 SecOps 团队的益处。

为了弥补这些差距，组织必须投资现代运行时安全方法。 CDR 和 ADR 解决方案是 CNAPP、AppSec 工具以及 WAF、RASP、运行时可及性和 EDR 等传统运行时防御措施的有力补充。这些工具为 SecOps 团队提供了跨云端堆迭的即时可见性、威胁侦测和回应功能，使他们能够应对左移工具无法侦测或遏制的主动威胁。

收益及预测

基准估计（2024 年）收入为 5.283 亿美元，研究期间的复合年增长率为 58.2%。

对汽车市场的三大策略影响

变革大趋势

• 原因：云端原生技术的快速采用正在重塑应用程式执行环境。
• 观点：诸如边界安全和旧式侦测工具等传统方法正在被专为云端原生运行时设计的先进即时侦测和回应解决方案所取代。预计未来五年，产业应用将加速全球范围内的这一转变。

竞争加剧

• 原因：经济不确定性、预算限制和地缘政治紧张局势迫使企业优化安全支出，从而推动了对高效且经济实惠的运行时安全解决方案的需求。 CNADR、CDR 和 ADR 供应商必须提供具有竞争力的价格、更低的总拥有成本 (TCO) 以及可验证的安全成果，以满足不断变化的客户期望。
• 观点：随着企业纷纷转向云端以降低资本支出并提高业务效率，市场竞争将推动企业转向以更低成本提供更高价值的 CNADR、CDR 和 ADR 工具。更低的价格和更高的可近性将在未来三到五年内加速 CNADR、CDR 和 ADR 工具的普及。

颠覆性技术

• 原因：向微服务、容器、无伺服器函数和 K8s 的迁移正在从根本上改变运行时安全格局，并凸显了对专门威胁侦测和回应机制的需求。这些新技术需要一种即时侦测和回应的安全方法，并针对云端原生应用程式的动态、短暂工作负载进行量身定制。
• 观点：对鬆散耦合的运行时安全策略和微分段原则的需求将显着增长，传统解决方案将逐渐淘汰。企业将优先考虑即时威胁侦测、自动回应和精细可见性，以保护复杂且短暂的执行环境。因此，安全投资将继续从传统方法转向专注于即时保护云端原生应用程式的云端和应用程式运行时安全工具。

分析范围

• 本报告评估了云端和应用程式运行时安全 (CARS) 市场，重点关注 CDR、ADR 以及新云端安全类别 (CNADR) 的潜在出现。
• 这项研究涵盖的技术供应商包括 CNAPP-first CDR、独立 CDR、ADR 供应商以及提供整合 CNADR 平台的新兴企业。
• 这项研究的重点是 CNADR、CDR 和 ADR，但也包括对相邻工具的见解，例如 CWPP、API 安全性、特定于云端的 EDR 以及更广泛的 CNAPP 生态系统。
• 本研究深入分析了云端和应用程式运行时安全市场的全球市场格局和采用趋势，重点关注 CDR、ADR 和 CNADR，以及这些技术的未来趋势。由于 CDR、ADR 和 CNADR 仍属于新兴技术，因此难以估算准确的收入数字，尤其是对于 Palo Alto Networks、Wiz、CrowdStrike、Orca 和 Microsoft 等以 CNAPP 为先的供应商。因此，本报告仅提供大致的估计值，包括：
• 新兴供应商的总合收益，包括 ARMO、Oligo、Upwind、Sweet Security、Stream Security、Mitiga、Raven 和 Miggo。
• CNAPP 现有供应商（例如 CrowdStrike、Microsoft、Palo Alto Networks 和 Wiz）的总收入。
• 随着客户采用混合云和多重云端策略，云端和应用程式运行时安全解决方案必须能够支援这两种环境。本研究仅涵盖提供专为混合云和多重云端部署而设计的专用云中立解决方案的供应商。
• 本研究基于 Frost & Sullivan 的二手资料研究，以及供应商、通路伙伴和其他产业相关人员的意见。所有收益估算和预测均反映 Frost & Sullivan 的专有分析和模型。

主要竞争对手

• Aqua
• Security
• ARMO
• Contrast
• Security
• Crowd
• Strike
• Datadog
• Kodem
• Fortinet
• Microsoft
• Mitiga
• Miggo
• Oligo
• Security
• Orca
• Security
• Palo
• Alto
• Networks
• Qualys
• Raven
• Stream
• Security
• Sysdig
• Sweet
• Security
• Sentinel
• One Tenable
• Uptycs
• Wiz

驱动程式

• 云端服务的快速普及正在推动对强大的云端威胁管理的需求。
• 云端基础的网路攻击和软体供应链风险的增加促使公司优先考虑云端原生安全。
• SecOps 团队正在采用 CDR、ADR 和 CNADR 解决方案，因为现有的安全工具无法应对云端原生威胁管理的挑战。
• 提高 SOC 效率和减少警报疲劳的需求正在推动向运行时保护和即时威胁响应的转变。
• 云端运算成熟度的提高和 DevSecOps 实践的采用正在推动对整体安全方法的需求，这种方法不仅限于左移，还包括运行时和威胁管理。

成长限制因素

• 由于许多组织陷入左移思维模式，对价值提案缺乏认识和困惑阻碍了其采用。
• 整合挑战、高营运成本以及缺乏专门预算或所有权阻碍了投资。
• 对部署运行时代理程式（尤其是 ADR）的担忧正在减缓运行时安全工具的采用。
• 缺乏标准以及对与现有工具链重复的担忧阻碍了对新技术的投资。

目录

范围和细分

成长环境：全球云端/应用程式运行时安全市场的转型

• 为什么成长变得越来越困难
• 策略要务
• 三大策略要务对汽车市场的影响

全球汽车市场生态系统

• 云端保全行动挑战
• 目前运行时安全解决方案的局限性
• CDR 和 ADR 如何应对挑战
• 需要整合式云端/应用程式运行时安全解决方案
• 市场定义 - CNADR
• 市场定义 – CDR 和 ADR
• 市场定义 – CWPP 与 EDR
• 市场定义－CNADR 的主要特点
• 市场定义 - CNADR 优势
• 市场定义 - CNADR 工作流程
• 市场定义 - CNADR 与 CNAPP
• CNAPP 与 CNADR
• 实现统一 CNADR 的挑战
• 调查方法
• 供应商包含和排除
• 汽车市场的整个产业采用
• 整体汽车市场 - 技术趋势
• 汽车市场整体－市场趋势
• 主要用例和功能 - CDR
• 主要用例和功能 - ADR
• 主要用例和功能 - CNADR

成长环境：C2A、全球CARS市场

• 成长环境
• 主要竞争对手

全球汽车市场成长动力

• 成长指标
• 成长动力
• 驱动因素分析
• 成长抑制因素
• 生长抑制分析
• 预测考虑因素
• 收益预测
• 各部门销售额预测
• 收益预测分析
• 价格趋势及预测分析
• 供应商收益
• 供应商收益分析

首席资讯安全长的见解

• 云端运行时安全的未来
• 新类别的可能性
• 建议
• 建议 1：了解你的目的和用例
• 建议 2：选择提供全面功能的解决方案，包括左移安全性
• 建议 3：优先考虑支援与现有 SOC 工具链无缝整合的解决方案
• 建议 4：选择降低噪音并增强自动回覆功能的解决方案
• 建议 5：优先考虑为分析师提供简化且可操作的见解的解决方案

成长机会

• 成长机会1：对运行时安全性和即时威胁管理的要求不断提高
• 成长机会二：託管云端威胁管理服务需求不断成长
• 成长机会3：需要将 CARS 纳入更广泛的 CNAPP 与检测与回应平台

附录与后续步骤

CDR and ADR are Experiencing Transformational Growth

SecOps and SOC teams focus on core threat management tasks, including threat monitoring, incident response, threat intelligence analysis, and security vulnerability management. Traditionally, these teams relied on tools such as SIEM, UEBA, and XDR to manage threats in on-premises environments.

However, the rapid adoption of cloud and cloud-native application services has rendered conventional threat management strategies inadequate. The dynamic, distributed, and ephemeral nature of cloud environments-particularly with containers and serverless functions-has created a constantly shifting attack surface. These resources spin up and down rapidly, making it difficult for SecOps teams to maintain real-time visibility and respond effectively to threats.

The multi-layered architecture of cloud-native applications-including containers, microservices, and cloud infrastructure-further complicates detection and response. Attacks often traverse layers, beginning with an exploited API or unknown vulnerability at the application level, then moving laterally through containers and into infrastructure. To manage these threats, SecOps teams must correlate events across layers, which requires unified visibility and advanced data correlation capabilities.

While CNAPP and AppSec testing tools provide significant value for risk and compliance management, they are primarily geared toward shift-left security. CNAPPs-especially agentless platforms-focus on identifying vulnerabilities and misconfigurations to harden environments. These tools benefit cloud engineers, DevOps, and developers more than SecOps teams, as they emphasize pre-deployment risk mitigation over real-time protection.

To close these gaps, organizations must invest in modern runtime security approaches. CDR and ADR solutions offer a powerful complement to CNAPPs, AppSec tools, and legacy runtime defenses such as WAF, RASP, runtime reachability, and EDR. These tools provide SecOps teams with real-time visibility, threat detection, and response capabilities across the full cloud stack-enabling them to address active threats that shift-left tools cannot detect or contain.

Revenue Forecast

The revenue estimate for the base year (2024) is $528.3 million, with a CAGR of 58.2% for the study period.

The Impact of the Top 3 Strategic Imperatives on the CARS Market

Transformative Megatrends

• Why: The rapid adoption of cloud-native technologies is reshaping application runtime environments, driven by the demand for agility, scalability, and innovation in digital transformation initiatives.
• Frost Perspective: Traditional methods-such as perimeter security and legacy detection tools-are being replaced by advanced, real-time detection and response solutions designed specifically for cloud-native runtimes. Industry adoption will accelerate this shift globally over the next 5 years.

Competitive Intensity

• Why: Economic uncertainty, budget constraints, and geopolitical tensions are prompting organizations to optimize security spending, driving demand for runtime security solutions that are both effective and affordable. CNADR, CDR, and ADR vendors must offer competitive pricing, lower total cost of ownership (TCO), and demonstrable security outcomes to meet evolving customer expectations.
• Frost Perspective: As organizations continue turning to the cloud to reduce capital expenditures and improve operational efficiency, market competition will push them toward CNADR, CDR, and ADR tools that deliver greater value at lower cost. Reduced pricing and improved accessibility will accelerate adoption of CNADR, CDR, and ADR tools over the next 3 to 5 years.

Disruptive Technologies

• Why: The shift to microservices, containers, serverless functions, and K8s has fundamentally reshaped the runtime security landscape, underscoring the need for specialized threat detection and response mechanisms. These new technologies demand security approaches designed for real-time detection and response, tailored specifically to dynamic and ephemeral cloud-native application workloads.
• Frost Perspective: Demand for loosely coupled runtime security strategies and microsegmentation principles will rise significantly, making legacy solutions increasingly obsolete. Organizations will prioritize real-time threat detection, automated response, and granular visibility to secure complex and ephemeral runtime environments. As a result, security investments will continue shifting away from traditional approaches toward specialized cloud and application runtime security tools designed for real-time protection of cloud-native applications.

Scope of Analysis

• This report provides an assessment of the cloud and application runtime security (CARS) market, focusing on CDR, ADR, and the potential emergence of a new cloud security category-CNADR.
• Technology vendors covered in this study include CNAPP-first CDR, standalone CDR, ADR vendors, and start-ups offering a converged CNADR platform.
• While the study centers on CNADR, CDR, and ADR, it also includes insights into adjacent tools such as CWPP, API security, cloud-focused EDR, and the broader CNAPP ecosystem.
• The study provides insights into the global market landscape and adoption trends within the cloud and application runtime security market, with a focus on CDR, ADR, and CNADR, as well as the future trajectory of these technologies. Given that CDR, ADR, and CNADR are still emerging, estimating precise revenue figures remains challenging-particularly for CNAPP-first vendors such as Palo Alto Networks, Wiz, CrowdStrike, Orca, and Microsoft. As a result, the report will provide only high-level estimates for:
• Total company revenue for newer start-ups, including ARMO, Oligo, Upwind, Sweet Security, Stream Security, Mitiga, Raven, Miggo, and among others.
• Total CNAPP revenue for established vendors such as CrowdStrike, Microsoft, Palo Alto Networks, and Wiz.
• As customers adopt hybrid and multicloud strategies, a cloud and application runtime security solution must be capable of supporting both environments. This study includes only those vendors that offer dedicated, cloud-agnostic solutions designed for hybrid and multicloud deployments.
• The study draws on Frost & Sullivan's secondary research, along with input from vendors, channel partners, and other industry stakeholders. All revenue estimates and forecasts reflect Frost & Sullivan's independent analysis and modeling.

Key Competitors

• Aqua
• Security
• ARMO
• Contrast
• Security
• Crowd
• Strike
• Datadog
• Kodem
• Fortinet
• Microsoft
• Mitiga
• Miggo
• Oligo
• Security
• Orca
• Security
• Palo
• Alto
• Networks
• Qualys
• Raven
• Stream
• Security
• Sysdig
• Sweet
• Security
• Sentinel
• One Tenable
• Uptycs
• Wiz

Growth Drivers

• The rapid and widespread adoption of cloud services is driving demand for robust cloud threat management.
• The rise in cloud-based cyberattacks and software supply chain risks is pushing organizations to prioritize cloud-native security.
• The inability of existing security tools to address cloud-native threat management challenges is prompting SecOps teams to adopt CDR, ADR, and CNADR solutions.
• The need to improve SOC efficiency and reduce alert fatigue is accelerating the shift toward runtime protection and real-time threat response.
• Growing cloud maturity and the adoption of DevSecOps practices are fueling demand for a holistic security approach that extends beyond shift-left to include runtime and threat management.

Growth Restraints

• Low awareness and confusion about the value proposition hinder adoption, as many organizations remain committed to a shift-left mindset.
• Integration challenges, high operational costs, and lack of dedicated budget or ownership create investment hesitancy.
• Concerns around deploying runtime agents-especially with ADR-slow adoption of runtime security tools.
• Lack of standards and the concerns over the overlaps with existing toolchains causes the hesitance in investment in new technologies.

Table of Contents

Scope and Segmentation

• List of Abbreviations
• Scope of Analysis

Growth Environment: Transformation in the Global Cloud/App Runtime Security Market

• Why is it Increasingly Difficult to Grow?
• The Strategic Imperative 8™
• The Impact of the Top 3 Strategic Imperatives on the CARS Market

Ecosystem in the Global CARS Market

• Cloud Security Operation Challenges
• Limitations of Current Runtime Security Solutions
• How CDR and ADR Address the Challenges
• The Need for Unified Cloud/App Runtime Security Solution
• Market Definition-CNADR
• Market Definition-CDR and ADR
• Market Definition-CWPP and EDR
• Market Definition-CNADR's Key Functionalities
• Market Definition-Benefits of CNADR
• Market Definition-CNADR Workflows
• Market Definition-CNADR vs. CNAPP
• CNAPP vs. CNADR
• Challenges in Achieving Unified CNADR
• Research Methodology
• Vendor Inclusion and Exclusion
• Total CARS Market-Industry Adoption
• Total CARS Market-Technology Trends
• Total CARS Market-Market Developments
• Top Use Cases and Features-CDR
• Top Use Cases and Features-ADR
• Top Use Cases and Features-CNADR

Growth Environment: C2A, Global CARS Market

• Growth Environment
• Key Competitors

Growth Generator in the Global CARS Market

• Growth Metrics
• Growth Drivers
• Growth Driver Analysis
• Growth Restraints
• Growth Restraint Analysis
• Forecast Considerations
• Revenue Forecast
• Revenue Forecast by Segment
• Revenue Forecast Analysis
• Pricing Trends and Forecast Analysis
• Revenue by Vendor
• Revenue Analysis by Vendor

Insights for CISOs

• Future of Cloud Runtime Security
• The Possibility of a New Category
• Recommendations
• Recommendation 1: Understand Your Objectives and Use Cases
• Recommendation 2: Choose Solutions That Offer Comprehensive Capabilities, Including Shift-left Security
• Recommendation 3: Prioritize Solutions That Support Seamless Integration with Existing SOC Toolchains
• Recommendation 4: Choose Solutions That Helps Reduce Noise and Enhance Automated Response Capabilities
• Recommendation 5: Prioritize Solutions That Offer Simplified and Actionable Insights for Analysts

Growth Opportunity Universe

• Growth Opportunity 1: Increasing Requirements for Runtime Security and Real-time Threat Management
• Growth Opportunity 2: Rising Demand for Managed Cloud Threat Management Services
• Growth Opportunity 3: Requirements for CARS to be Incorporated in Broader CNAPP and Detection & Response Platform

Appendix and Next Steps

• Benefits and Impacts of Growth Opportunities
• Next Steps
• List of Exhibits
• Legal Disclaimer