Kubesentry gives mid-size SaaS teams running Kubernetes the runtime threat detection that enterprise security organizations have had for years but that smaller teams have been unable to afford or deploy. We instrument the kernel, not the application. We baseline workload behavior, not static rules. And we ship every alert with MITRE ATT&CK context so your on-call engineer can triage in minutes, not hours. Our mission is to make production-grade Kubernetes runtime security accessible to every team with an EKS cluster, not just the ones with a dedicated security engineering function.
Iris Van Leeuwen spent five years managing Kubernetes security and incident response inside a 120-engineer SaaS organization. The team had cloud-provider security scores, a CSPM tool, and Falco generating alerts no one had time to tune. They had no visibility into what was actually running inside their containers at the runtime syscall layer. Container escapes, service account abuse, and cryptomining workloads all live in that layer, not in configuration logs. After the third incident that started with a behavioral anomaly invisible to their existing tooling, she decided the problem was structural. The tooling for runtime Kubernetes detection existed at large-team deployments, with dedicated threat analysts and full-time security engineers maintaining detection pipelines. For mid-size SaaS teams running Kubernetes with one or two people owning security outcomes, that tooling did not exist in a form that could be deployed and operated without significant security engineering headcount. That gap is why Kubesentry exists. Iris co-founded the company with Tomasz Krupa and Anand Rajan specifically to build the runtime detection layer that mid-size teams have been missing for years.
Give mid-size Kubernetes teams the runtime visibility that only well-staffed enterprise security organizations have been able to afford. We believe a two-person DevSecOps team at a 60-engineer SaaS company deserves the same quality of runtime threat detection as a team with a dedicated SIEM engineer, a threat intelligence analyst, and a container security specialist. Kubesentry is how we close that gap: eBPF-native instrumentation, per-workload behavioral baselining, MITRE ATT&CK classification at alert time, and a deployment process measured in hours rather than months. We succeed when your on-call engineer can triage a runtime threat event in under five minutes, not after escalating to a vendor support queue.
Kubesentry is a seed-stage company headquartered in Seattle, Washington. We are building for the mid-market: SaaS teams with ten to two hundred engineers running managed Kubernetes on EKS, GKE, or AKS. Our current product is in closed beta with design partners drawn from Series A and Series B SaaS companies in the fintech, healthtech, and infrastructure tooling verticals. We are not building for large enterprise security organizations with dedicated threat detection teams; those teams already have Falco, Sysdig, or Aqua Security deployed and tuned. We are building for the team that cannot afford to staff those tools properly and needs runtime security that runs itself.
Five principles guide every product decision we make. We are eBPF-native, not sidecar-bolted: the kernel is the right place to collect runtime telemetry and we do not compromise on that. We are operational in hours, not months: if a security tool takes longer to deploy than a sprint cycle, mid-size teams will not finish the deployment. Every alert earns its pager: we would rather suppress a borderline event than train your on-call team to ignore alerts. MITRE context ships with every event: triage without attack chain context is guesswork. And DevSecOps owns the deployment: we write documentation for engineers who manage infrastructure, not for procurement teams evaluating vendor decks.
Iris Van Leeuwen (CEO & Co-Founder) brings five years of Kubernetes security and incident response experience from a 120-engineer SaaS organization. She co-founded Kubesentry with Tomasz Krupa, who spent four years with Sysdig building eBPF-based threat detection for enterprise Kubernetes customers, and Anand Rajan, a PhD computer scientist and ex-CrowdStrike Falcon container-security engineer with five years of kernel-level telemetry work. Fatima Osei (ex-Wiz cloud security research) and Ben Calloway (ex-Datadog infrastructure engineering) round out the founding team with deep expertise in cloud runtime posture and Kubernetes-native observability.
Kubesentry is headquartered at 701 5th Avenue, Suite 5200, Seattle, WA 98104. Reach us at [email protected] or +1 (206) 555-0292.