Runtime encompasses the behavior of containers after their parent pods have been created in Kubernetes. Runtime security analysis is concerned with finding the indicators of compromise in this behavior.A Kubernetes focused runtime security strategy should be a combination of what to look for and in what context; who to notify and how that information should be used; and how to identify root cause and use that information to build better policy for defense.