Glossary / Cloud Detection and Response (CDR)

Cloud Detection and Response (CDR)

Cloud Detection and Response, or CDR, is a runtime-focused security capability that ingests telemetry from cloud control planes (CloudTrail, Azure Activity, GCP Audit Logs), workload runtime (often via eBPF or agents), identity behavior, and network flows to detect active threats such as compromised credentials, lateral movement, cryptomining, data exfiltration, and unauthorized API calls. Unlike posture management, CDR is reactive and behavior-based, designed to catch the techniques cataloged in MITRE ATT&CK for Cloud rather than configuration drift, and it is increasingly delivered as the runtime layer of a unified CNAPP — critical given that 80% of cloud breaches involve identity compromise that posture tools alone cannot stop.

Learn more: The Complete Cloud Detection and Response (CDR) guide

Cloud Detection and Response (CDR)
Cloud Detection and Response (CDR)

CDR resources

Solution
Cloud Anomaly Detection and Response

CDR products

Tenable Cloud
Security (CNAPP)

Close cloud exposure with the actionable cloud security platform.

Request a demo
Data sheet

Tenable Cloud Infrastructure Entitlement Management (CIEM)

Secure your cloud from attackers exploiting identities, overly-permissive access, and excessive permissions.

Request a demo
Data sheet

Tenable One Exposure Management Platform

Improve attack prevention with less effort.

Request a demo
Data sheet