CDR and ADR are Experiencing Transformational Growth
SecOps and SOC teams focus on core threat management tasks, including threat monitoring, incident response, threat intelligence analysis, and security vulnerability management. Traditionally, these teams relied on tools such as SIEM, UEBA, and XDR to manage threats in on-premises environments.
However, the rapid adoption of cloud and cloud-native application services has rendered conventional threat management strategies inadequate. The dynamic, distributed, and ephemeral nature of cloud environments-particularly with containers and serverless functions-has created a constantly shifting attack surface. These resources spin up and down rapidly, making it difficult for SecOps teams to maintain real-time visibility and respond effectively to threats.
The multi-layered architecture of cloud-native applications-including containers, microservices, and cloud infrastructure-further complicates detection and response. Attacks often traverse layers, beginning with an exploited API or unknown vulnerability at the application level, then moving laterally through containers and into infrastructure. To manage these threats, SecOps teams must correlate events across layers, which requires unified visibility and advanced data correlation capabilities.
While CNAPP and AppSec testing tools provide significant value for risk and compliance management, they are primarily geared toward shift-left security. CNAPPs-especially agentless platforms-focus on identifying vulnerabilities and misconfigurations to harden environments. These tools benefit cloud engineers, DevOps, and developers more than SecOps teams, as they emphasize pre-deployment risk mitigation over real-time protection.
To close these gaps, organizations must invest in modern runtime security approaches. CDR and ADR solutions offer a powerful complement to CNAPPs, AppSec tools, and legacy runtime defenses such as WAF, RASP, runtime reachability, and EDR. These tools provide SecOps teams with real-time visibility, threat detection, and response capabilities across the full cloud stack-enabling them to address active threats that shift-left tools cannot detect or contain.
Revenue Forecast
The revenue estimate for the base year (2024) is $528.3 million, with a CAGR of 58.2% for the study period.
The Impact of the Top 3 Strategic Imperatives on the CARS Market
Transformative Megatrends
Why: The rapid adoption of cloud-native technologies is reshaping application runtime environments, driven by the demand for agility, scalability, and innovation in digital transformation initiatives.
Frost Perspective: Traditional methods-such as perimeter security and legacy detection tools-are being replaced by advanced, real-time detection and response solutions designed specifically for cloud-native runtimes. Industry adoption will accelerate this shift globally over the next 5 years.
Competitive Intensity
Why: Economic uncertainty, budget constraints, and geopolitical tensions are prompting organizations to optimize security spending, driving demand for runtime security solutions that are both effective and affordable. CNADR, CDR, and ADR vendors must offer competitive pricing, lower total cost of ownership (TCO), and demonstrable security outcomes to meet evolving customer expectations.
Frost Perspective: As organizations continue turning to the cloud to reduce capital expenditures and improve operational efficiency, market competition will push them toward CNADR, CDR, and ADR tools that deliver greater value at lower cost. Reduced pricing and improved accessibility will accelerate adoption of CNADR, CDR, and ADR tools over the next 3 to 5 years.
Disruptive Technologies
Why: The shift to microservices, containers, serverless functions, and K8s has fundamentally reshaped the runtime security landscape, underscoring the need for specialized threat detection and response mechanisms. These new technologies demand security approaches designed for real-time detection and response, tailored specifically to dynamic and ephemeral cloud-native application workloads.
Frost Perspective: Demand for loosely coupled runtime security strategies and microsegmentation principles will rise significantly, making legacy solutions increasingly obsolete. Organizations will prioritize real-time threat detection, automated response, and granular visibility to secure complex and ephemeral runtime environments. As a result, security investments will continue shifting away from traditional approaches toward specialized cloud and application runtime security tools designed for real-time protection of cloud-native applications.
Scope of Analysis
This report provides an assessment of the cloud and application runtime security (CARS) market, focusing on CDR, ADR, and the potential emergence of a new cloud security category-CNADR.
Technology vendors covered in this study include CNAPP-first CDR, standalone CDR, ADR vendors, and start-ups offering a converged CNADR platform.
While the study centers on CNADR, CDR, and ADR, it also includes insights into adjacent tools such as CWPP, API security, cloud-focused EDR, and the broader CNAPP ecosystem.
The study provides insights into the global market landscape and adoption trends within the cloud and application runtime security market, with a focus on CDR, ADR, and CNADR, as well as the future trajectory of these technologies. Given that CDR, ADR, and CNADR are still emerging, estimating precise revenue figures remains challenging-particularly for CNAPP-first vendors such as Palo Alto Networks, Wiz, CrowdStrike, Orca, and Microsoft. As a result, the report will provide only high-level estimates for:
Total company revenue for newer start-ups, including ARMO, Oligo, Upwind, Sweet Security, Stream Security, Mitiga, Raven, Miggo, and among others.
Total CNAPP revenue for established vendors such as CrowdStrike, Microsoft, Palo Alto Networks, and Wiz.
As customers adopt hybrid and multicloud strategies, a cloud and application runtime security solution must be capable of supporting both environments. This study includes only those vendors that offer dedicated, cloud-agnostic solutions designed for hybrid and multicloud deployments.
The study draws on Frost & Sullivan's secondary research, along with input from vendors, channel partners, and other industry stakeholders. All revenue estimates and forecasts reflect Frost & Sullivan's independent analysis and modeling.
Key Competitors
Aqua
Security
ARMO
Contrast
Security
Crowd
Strike
Datadog
Kodem
Fortinet
Microsoft
Mitiga
Miggo
Oligo
Security
Orca
Security
Palo
Alto
Networks
Qualys
Raven
Stream
Security
Sysdig
Sweet
Security
Sentinel
One Tenable
Uptycs
Wiz
Growth Drivers
The rapid and widespread adoption of cloud services is driving demand for robust cloud threat management.
The rise in cloud-based cyberattacks and software supply chain risks is pushing organizations to prioritize cloud-native security.
The inability of existing security tools to address cloud-native threat management challenges is prompting SecOps teams to adopt CDR, ADR, and CNADR solutions.
The need to improve SOC efficiency and reduce alert fatigue is accelerating the shift toward runtime protection and real-time threat response.
Growing cloud maturity and the adoption of DevSecOps practices are fueling demand for a holistic security approach that extends beyond shift-left to include runtime and threat management.
Growth Restraints
Low awareness and confusion about the value proposition hinder adoption, as many organizations remain committed to a shift-left mindset.
Integration challenges, high operational costs, and lack of dedicated budget or ownership create investment hesitancy.
Concerns around deploying runtime agents-especially with ADR-slow adoption of runtime security tools.
Lack of standards and the concerns over the overlaps with existing toolchains causes the hesitance in investment in new technologies.
Table of Contents
Scope and Segmentation
List of Abbreviations
Scope of Analysis
Growth Environment: Transformation in the Global Cloud/App Runtime Security Market
Why is it Increasingly Difficult to Grow?
The Strategic Imperative 8™
The Impact of the Top 3 Strategic Imperatives on the CARS Market
Ecosystem in the Global CARS Market
Cloud Security Operation Challenges
Limitations of Current Runtime Security Solutions
How CDR and ADR Address the Challenges
The Need for Unified Cloud/App Runtime Security Solution
Market Definition-CNADR
Market Definition-CDR and ADR
Market Definition-CWPP and EDR
Market Definition-CNADR's Key Functionalities
Market Definition-Benefits of CNADR
Market Definition-CNADR Workflows
Market Definition-CNADR vs. CNAPP
CNAPP vs. CNADR
Challenges in Achieving Unified CNADR
Research Methodology
Vendor Inclusion and Exclusion
Total CARS Market-Industry Adoption
Total CARS Market-Technology Trends
Total CARS Market-Market Developments
Top Use Cases and Features-CDR
Top Use Cases and Features-ADR
Top Use Cases and Features-CNADR
Growth Environment: C2A, Global CARS Market
Growth Environment
Key Competitors
Growth Generator in the Global CARS Market
Growth Metrics
Growth Drivers
Growth Driver Analysis
Growth Restraints
Growth Restraint Analysis
Forecast Considerations
Revenue Forecast
Revenue Forecast by Segment
Revenue Forecast Analysis
Pricing Trends and Forecast Analysis
Revenue by Vendor
Revenue Analysis by Vendor
Insights for CISOs
Future of Cloud Runtime Security
The Possibility of a New Category
Recommendations
Recommendation 1: Understand Your Objectives and Use Cases
Recommendation 2: Choose Solutions That Offer Comprehensive Capabilities, Including Shift-left Security
Recommendation 3: Prioritize Solutions That Support Seamless Integration with Existing SOC Toolchains
Recommendation 4: Choose Solutions That Helps Reduce Noise and Enhance Automated Response Capabilities
Recommendation 5: Prioritize Solutions That Offer Simplified and Actionable Insights for Analysts
Growth Opportunity Universe
Growth Opportunity 1: Increasing Requirements for Runtime Security and Real-time Threat Management
