Containers broke the old security model in a specific way: a container can start, do its job, and disappear in seconds, and a Kubernetes cluster might run thousands of them. You can't protect that the way you protected a long-lived server. The workload won't sit still long enough to be inspected the traditional way.
Two granted patents show how security adapted. Check Point's US11966466B2, "Unified workload runtime protection" (issued April 23, 2024; CPC G06F 21/54 — protecting against unauthorized activity), describes protecting workloads as they run. Beijing Volcano Engine's US12437088B2, "Container operation control method and apparatus" (issued October 7, 2025; CPC G06F 21/604), describes controlling what operations a container is permitted to perform. Read them at US11966466B2 and US12437088B2.
The way this actually works is shift from scanning to runtime control. You still scan container images for known vulnerabilities before deployment — but that's not enough, because a clean image can still be exploited at runtime. So container security adds a live layer: watch what each container actually does (the Check Point grant's runtime protection) and constrain what it's allowed to do (the Volcano Engine grant's operation control). Because containers are uniform and policy-defined, you can enforce tight rules — this container should only ever talk to that service, write to this path — and flag anything outside the box.
One analogy, then I'll drop it: protecting a traditional server was like guarding a house. Protecting containers is like securing a fleet of food trucks that appear, serve, and drive off all day — you can't bolt a fence around them, so instead you give each one a strict route and watch for any that go off it.
Why this is a markets story: container and cloud-native security — often sold as part of a cloud-native application protection platform, or CNAPP — is one of the highest-growth corners of the security industry precisely because cloud-native adoption created a protection gap that legacy tools couldn't fill. New architecture, new attack surface, new spend. The breadth of assignees here — an established security vendor and a cloud-platform provider — signals that both pure-plays and the cloud platforms themselves see runtime workload protection as ground worth claiming.
The grounded takeaway: container security is image scanning plus runtime control of ephemeral, orchestrated workloads. When a vendor pitches "Kubernetes security," the question that matters is what it does at runtime — what it watches and what it can stop — because that's the layer images alone can't cover. These two grants name that runtime layer directly.