Runtime defense is the set of features that provide both predictive and threat based active protection for running containers.
For example, predictive protection includes capabilities like determining when a container runs a process not included in the origin image or creates an unexpected network socket.
Threat based protection includes capabilities like detecting when malware is added to a container or when a container connects to a botnet.