全球雲端/應用程式運行時安全（CARS）市場（2025-2029）

CDR 和 ADR 經歷變革性成長。

SecOps 和 SOC 團隊致力於核心威脅管理業務，例如威脅監控、事件回應、威脅情報分析和安全漏洞管理。傳統上，這些團隊依靠 SIEM、UEBA 和 XDR 等工具來管理本地環境中的威脅。

然而，雲端和雲端原生應用服務的快速普及使得傳統的威脅管理策略顯得力不從心。雲端環境（尤其是容器和無伺服器功能）的動態性、分散式和短暫性，使得攻擊面瞬息萬變。這些資源快速切換，使得 SecOps 團隊難以保持即時可見度並有效應對威脅。

雲端原生應用的多層架構（包括容器、微服務和雲端基礎架構）進一步增加了偵測和回應的複雜性。攻擊通常始於應用程式層，利用被利用的API 或未知漏洞，並透過容器和基礎設施跨層傳播。為了管理這些威脅，SecOps 團隊必須跨層關聯事件，這需要整合的可視性和進階資料關聯功能。

雖然 CNAPP 和 AppSec 測試工具在風險與合規性管理方面具有重要價值，但它們主要著重於安全左移。 CNAPP（尤其是無代理平台）致力於識別漏洞和錯誤配置並強化環境。這些工具著重於部署前風險緩解，而非即時防護，因此它們對雲端工程師、DevOps 和開發人員的益處大於對 SecOps 團隊的益處。

為了彌補這些差距，組織必須投資現代運行時安全方法。 CDR 和 ADR 解決方案是 CNAPP、AppSec 工具以及 WAF、RASP、運行時可及性和 EDR 等傳統運行時防禦措施的有力補充。這些工具為 SecOps 團隊提供了跨雲端堆疊的即時可見性、威脅偵測和回應功能，使他們能夠應對左移工具無法偵測或遏制的主動威脅。

收益及預測

基準估計（2024年）收入為 5.283億美元，研究期間的年複合成長率為 58.2%。

對汽車市場的三大策略影響

變革大趨勢

• 原因：雲端原生技術的快速採用重塑應用程式執行環境。
• 觀點：諸如邊界安全和舊式偵測工具等傳統方法被專為雲端原生運行時設計的先進即時偵測和回應解決方案所取代。預計未來五年，產業應用將加速全球範圍內的這一轉變。

競爭加劇

• 原因：經濟不確定性、預算限制和地緣政治緊張局勢迫使企業最佳化安全支出，推動了對高效且經濟實惠的運行時安全解決方案的需求。 CNADR、CDR 和 ADR 供應商必須提供具有競爭力的價格、更低的總擁有成本（TCO）以及可驗證的安全成果，以滿足不斷變化的客戶期望。
• 觀點：隨著企業紛紛轉向雲端以降低資本支出並提高業務效率，市場競爭將推動企業轉向以更低成本提供更高價值的CNADR、CDR 和 ADR 工具。更低的價格和更高的可近性將在未來三到五年內加速 CNADR、CDR 和 ADR 工具的普及。

顛覆性技術

• 原因：向微服務、容器、無伺服器函數和 K8s 的遷移從根本上改變運行時安全格局，並凸顯了對專門威脅偵測和回應機制的需求。這些新技術需要一種即時偵測和回應的安全方法，並針對雲端原生應用程式的動態、短暫工作負載進行量身定做。
• 觀點：對鬆散耦合的運行時安全策略和微分段原則的需求將顯著成長，傳統解決方案將逐漸淘汰。企業將優先考慮即時威脅偵測、自動回應和精細可見性，以保護複雜且短暫的執行環境。因此，安全投資將繼續從傳統方法轉向致力於即時保護雲端原生應用程式的雲端和應用程式運行時安全工具。

分析範圍

• 本報告評估了雲端和應用程式運行時安全（CARS）市場，重點關注 CDR、ADR 以及新雲端安全類別（CNADR）的潛在出現。
• 這項研究涵蓋的技術供應商包括 CNAPP-first CDR、獨立 CDR、ADR 供應商以及提供整合 CNADR 平台的新興企業。
• 這項研究的重點是 CNADR、CDR 和 ADR，但也包括對相鄰工具的見解，例如 CWPP、API 安全性、特定於雲端的EDR 以及更廣泛的CNAPP 生態系統。
• 本研究深入分析了雲端和應用程式運行時安全市場的全球市場格局和採用趨勢，重點關注 CDR、ADR 和 CNADR，以及這些技術的未來趨勢。由於 CDR、ADR 和 CNADR 仍屬於新興技術，因此難以估算準確的收入數字，尤其是對於 Palo Alto Networks、Wiz、CrowdStrike、Orca 和 Microsoft 等以 CNAPP 為先的供應商。因此，本報告僅提供大致的估計值，包括：
• 新興供應商的總合收益，包括 ARMO、Oligo、Upwind、Sweet Security、Stream Security、Mitiga、Raven 和 Miggo。
• CNAPP 現有供應商（例如 CrowdStrike、Microsoft、Palo Alto Networks 和 Wiz）的總收入。
• 隨著客戶採用混合雲和多重雲端策略，雲端和應用程式運行時安全解決方案必須能夠支援這兩種環境。本研究僅涵蓋提供專為混合雲和多重雲端部署而設計的專用雲中立解決方案的供應商。
• 本研究基於 Frost & Sullivan 的二手資料研究，以及供應商、通路夥伴和其他產業相關人員的意見。所有收益估算和預測均反映 Frost & Sullivan 的專有分析和模型。

主要競爭對手

• Aqua
• Security
• ARMO
• Contrast
• Security
• Crowd
• Strike
• Datadog
• Kodem
• Fortinet
• Microsoft
• Mitiga
• Miggo
• Oligo
• Security
• Orca
• Security
• Palo
• Alto
• Networks
• Qualys
• Raven
• Stream
• Security
• Sysdig
• Sweet
• Security
• Sentinel
• One Tenable
• Uptycs
• Wiz

促進因素

• 雲端服務的快速普及推動對強大的雲端威脅管理的需求。
• 雲端基礎的網路攻擊和軟體供應鏈風險的增加促使公司優先考慮雲端原生安全。
• SecOps 團隊採用 CDR、ADR 和 CNADR 解決方案，因為現有的安全工具無法應對雲端原生威脅管理的挑戰。
• 提高 SOC 效率和減少警報疲勞的需求推動向運行時保護和即時威脅回應的轉變。
• 雲端運算成熟度的提高和 DevSecOps 實踐的採用推動對整體安全方法的需求，這種方法不僅限於左移，還包括運行時和威脅管理。

成長限制因素

• 由於許多組織陷入左移思維模式，對價值提案缺乏認知和困惑阻礙了其採用。
• 整合挑戰、高營運成本以及缺乏專門預算或所有權阻礙了投資。
• 對部署運行時代理程式（尤其是 ADR）的擔憂減緩運行時安全工具的採用。
• 缺乏標準以及對與現有工具鏈重複的擔憂阻礙了對新技術的投資。

目錄

範圍和細分

成長環境：全球雲端/應用程式運行時安全市場的轉型

• 為什麼成長變得越來越困難
• 策略要務
• 三大策略要務對汽車市場的影響

全球汽車市場生態系統

• 雲端保全行動挑戰
• 目前運行時安全解決方案的局限性
• CDR 和 ADR 如何應對挑戰
• 需要整合式雲端/應用程式運行時安全解決方案
• 市場定義 - CNADR
• 市場定義 – CDR 和 ADR
• 市場定義 – CWPP 與 EDR
• 市場定義 - CNADR 的主要特點
• 市場定義 - CNADR 優勢
• 市場定義 - CNADR 工作流程
• 市場定義 - CNADR 與 CNAPP
• CNAPP 與 CNADR
• 實現統一 CNADR 的挑戰
• 調查方法
• 供應商包含和排除
• 汽車市場的整個產業採用
• 整體汽車市場 - 技術趨勢
• 汽車市場整體 - 市場趨勢
• 主要用例和功能 - CDR
• 主要用例和功能 - ADR
• 主要用例和功能 - CNADR

成長環境：C2A、全球CARS市場

• 成長環境
• 主要競爭對手

全球汽車市場成長動力

• 成長指標
• 成長動力
• 促進因素分析
• 成長抑制因素
• 生長抑制分析
• 預測考慮因素
• 收益預測
• 各部門銷售額預測
• 收益預測分析
• 價格趨勢及預測分析
• 供應商收益
• 供應商收益分析

首席資訊安全長的見解

• 雲端運行時安全的未來
• 新類別的可能性
• 建議
• 建議 1：了解你的目的和用例
• 建議 2：選擇提供全面功能的解決方案，包括左移安全性
• 建議 3：優先考慮支援與現有 SOC 工具鏈無縫整合的解決方案
• 建議 4：選擇降低噪音並增強自動回覆功能的解決方案
• 建議 5：優先考慮為分析師提供簡化且可操作的見解的解決方案

成長機會

• 成長機會1：對運行時安全性和即時威脅管理的要求不斷提高
• 成長機會2：託管雲端威脅管理服務需求不斷成長
• 成長機會3：需要將 CARS 納入更廣泛的CNAPP 與檢測與回應平台

附錄與後續步驟

CDR and ADR are Experiencing Transformational Growth

SecOps and SOC teams focus on core threat management tasks, including threat monitoring, incident response, threat intelligence analysis, and security vulnerability management. Traditionally, these teams relied on tools such as SIEM, UEBA, and XDR to manage threats in on-premises environments.

However, the rapid adoption of cloud and cloud-native application services has rendered conventional threat management strategies inadequate. The dynamic, distributed, and ephemeral nature of cloud environments-particularly with containers and serverless functions-has created a constantly shifting attack surface. These resources spin up and down rapidly, making it difficult for SecOps teams to maintain real-time visibility and respond effectively to threats.

The multi-layered architecture of cloud-native applications-including containers, microservices, and cloud infrastructure-further complicates detection and response. Attacks often traverse layers, beginning with an exploited API or unknown vulnerability at the application level, then moving laterally through containers and into infrastructure. To manage these threats, SecOps teams must correlate events across layers, which requires unified visibility and advanced data correlation capabilities.

While CNAPP and AppSec testing tools provide significant value for risk and compliance management, they are primarily geared toward shift-left security. CNAPPs-especially agentless platforms-focus on identifying vulnerabilities and misconfigurations to harden environments. These tools benefit cloud engineers, DevOps, and developers more than SecOps teams, as they emphasize pre-deployment risk mitigation over real-time protection.

To close these gaps, organizations must invest in modern runtime security approaches. CDR and ADR solutions offer a powerful complement to CNAPPs, AppSec tools, and legacy runtime defenses such as WAF, RASP, runtime reachability, and EDR. These tools provide SecOps teams with real-time visibility, threat detection, and response capabilities across the full cloud stack-enabling them to address active threats that shift-left tools cannot detect or contain.

Revenue Forecast

The revenue estimate for the base year (2024) is $528.3 million, with a CAGR of 58.2% for the study period.

The Impact of the Top 3 Strategic Imperatives on the CARS Market

Transformative Megatrends

• Why: The rapid adoption of cloud-native technologies is reshaping application runtime environments, driven by the demand for agility, scalability, and innovation in digital transformation initiatives.
• Frost Perspective: Traditional methods-such as perimeter security and legacy detection tools-are being replaced by advanced, real-time detection and response solutions designed specifically for cloud-native runtimes. Industry adoption will accelerate this shift globally over the next 5 years.

Competitive Intensity

• Why: Economic uncertainty, budget constraints, and geopolitical tensions are prompting organizations to optimize security spending, driving demand for runtime security solutions that are both effective and affordable. CNADR, CDR, and ADR vendors must offer competitive pricing, lower total cost of ownership (TCO), and demonstrable security outcomes to meet evolving customer expectations.
• Frost Perspective: As organizations continue turning to the cloud to reduce capital expenditures and improve operational efficiency, market competition will push them toward CNADR, CDR, and ADR tools that deliver greater value at lower cost. Reduced pricing and improved accessibility will accelerate adoption of CNADR, CDR, and ADR tools over the next 3 to 5 years.

Disruptive Technologies

• Why: The shift to microservices, containers, serverless functions, and K8s has fundamentally reshaped the runtime security landscape, underscoring the need for specialized threat detection and response mechanisms. These new technologies demand security approaches designed for real-time detection and response, tailored specifically to dynamic and ephemeral cloud-native application workloads.
• Frost Perspective: Demand for loosely coupled runtime security strategies and microsegmentation principles will rise significantly, making legacy solutions increasingly obsolete. Organizations will prioritize real-time threat detection, automated response, and granular visibility to secure complex and ephemeral runtime environments. As a result, security investments will continue shifting away from traditional approaches toward specialized cloud and application runtime security tools designed for real-time protection of cloud-native applications.

Scope of Analysis

• This report provides an assessment of the cloud and application runtime security (CARS) market, focusing on CDR, ADR, and the potential emergence of a new cloud security category-CNADR.
• Technology vendors covered in this study include CNAPP-first CDR, standalone CDR, ADR vendors, and start-ups offering a converged CNADR platform.
• While the study centers on CNADR, CDR, and ADR, it also includes insights into adjacent tools such as CWPP, API security, cloud-focused EDR, and the broader CNAPP ecosystem.
• The study provides insights into the global market landscape and adoption trends within the cloud and application runtime security market, with a focus on CDR, ADR, and CNADR, as well as the future trajectory of these technologies. Given that CDR, ADR, and CNADR are still emerging, estimating precise revenue figures remains challenging-particularly for CNAPP-first vendors such as Palo Alto Networks, Wiz, CrowdStrike, Orca, and Microsoft. As a result, the report will provide only high-level estimates for:
• Total company revenue for newer start-ups, including ARMO, Oligo, Upwind, Sweet Security, Stream Security, Mitiga, Raven, Miggo, and among others.
• Total CNAPP revenue for established vendors such as CrowdStrike, Microsoft, Palo Alto Networks, and Wiz.
• As customers adopt hybrid and multicloud strategies, a cloud and application runtime security solution must be capable of supporting both environments. This study includes only those vendors that offer dedicated, cloud-agnostic solutions designed for hybrid and multicloud deployments.
• The study draws on Frost & Sullivan's secondary research, along with input from vendors, channel partners, and other industry stakeholders. All revenue estimates and forecasts reflect Frost & Sullivan's independent analysis and modeling.

Key Competitors

• Aqua
• Security
• ARMO
• Contrast
• Security
• Crowd
• Strike
• Datadog
• Kodem
• Fortinet
• Microsoft
• Mitiga
• Miggo
• Oligo
• Security
• Orca
• Security
• Palo
• Alto
• Networks
• Qualys
• Raven
• Stream
• Security
• Sysdig
• Sweet
• Security
• Sentinel
• One Tenable
• Uptycs
• Wiz

Growth Drivers

• The rapid and widespread adoption of cloud services is driving demand for robust cloud threat management.
• The rise in cloud-based cyberattacks and software supply chain risks is pushing organizations to prioritize cloud-native security.
• The inability of existing security tools to address cloud-native threat management challenges is prompting SecOps teams to adopt CDR, ADR, and CNADR solutions.
• The need to improve SOC efficiency and reduce alert fatigue is accelerating the shift toward runtime protection and real-time threat response.
• Growing cloud maturity and the adoption of DevSecOps practices are fueling demand for a holistic security approach that extends beyond shift-left to include runtime and threat management.

Growth Restraints

• Low awareness and confusion about the value proposition hinder adoption, as many organizations remain committed to a shift-left mindset.
• Integration challenges, high operational costs, and lack of dedicated budget or ownership create investment hesitancy.
• Concerns around deploying runtime agents-especially with ADR-slow adoption of runtime security tools.
• Lack of standards and the concerns over the overlaps with existing toolchains causes the hesitance in investment in new technologies.

Table of Contents

Scope and Segmentation

• List of Abbreviations
• Scope of Analysis

Growth Environment: Transformation in the Global Cloud/App Runtime Security Market

• Why is it Increasingly Difficult to Grow?
• The Strategic Imperative 8™
• The Impact of the Top 3 Strategic Imperatives on the CARS Market

Ecosystem in the Global CARS Market

• Cloud Security Operation Challenges
• Limitations of Current Runtime Security Solutions
• How CDR and ADR Address the Challenges
• The Need for Unified Cloud/App Runtime Security Solution
• Market Definition-CNADR
• Market Definition-CDR and ADR
• Market Definition-CWPP and EDR
• Market Definition-CNADR's Key Functionalities
• Market Definition-Benefits of CNADR
• Market Definition-CNADR Workflows
• Market Definition-CNADR vs. CNAPP
• CNAPP vs. CNADR
• Challenges in Achieving Unified CNADR
• Research Methodology
• Vendor Inclusion and Exclusion
• Total CARS Market-Industry Adoption
• Total CARS Market-Technology Trends
• Total CARS Market-Market Developments
• Top Use Cases and Features-CDR
• Top Use Cases and Features-ADR
• Top Use Cases and Features-CNADR

Growth Environment: C2A, Global CARS Market

• Growth Environment
• Key Competitors

Growth Generator in the Global CARS Market

• Growth Metrics
• Growth Drivers
• Growth Driver Analysis
• Growth Restraints
• Growth Restraint Analysis
• Forecast Considerations
• Revenue Forecast
• Revenue Forecast by Segment
• Revenue Forecast Analysis
• Pricing Trends and Forecast Analysis
• Revenue by Vendor
• Revenue Analysis by Vendor

Insights for CISOs

• Future of Cloud Runtime Security
• The Possibility of a New Category
• Recommendations
• Recommendation 1: Understand Your Objectives and Use Cases
• Recommendation 2: Choose Solutions That Offer Comprehensive Capabilities, Including Shift-left Security
• Recommendation 3: Prioritize Solutions That Support Seamless Integration with Existing SOC Toolchains
• Recommendation 4: Choose Solutions That Helps Reduce Noise and Enhance Automated Response Capabilities
• Recommendation 5: Prioritize Solutions That Offer Simplified and Actionable Insights for Analysts

Growth Opportunity Universe

• Growth Opportunity 1: Increasing Requirements for Runtime Security and Real-time Threat Management
• Growth Opportunity 2: Rising Demand for Managed Cloud Threat Management Services
• Growth Opportunity 3: Requirements for CARS to be Incorporated in Broader CNAPP and Detection & Response Platform

Appendix and Next Steps

• Benefits and Impacts of Growth Opportunities
• Next Steps
• List of Exhibits
• Legal Disclaimer