Continuous Runtime Security Validation:
prove your runtime security still works after production changes.
Annual penetration tests are useful, but they age quickly. By the time a report reaches the board, code may have shipped, cloud infrastructure may have changed and AI features may have entered production. Continuous Runtime Security Validation gives regulated and fast-scaling teams an assurance loop: observe the runtime, detect risk, validate controls, remediate findings, retest and evidence closure.
Runtime operators and offensive security practitioners, working together.
Critical Cloud
Critical Cloud delivers Managed Runtime Assurance for AI-era software. We operate, secure and govern the cloud, observability and AI runtime layer behind mission-critical products, powered by Datadog where appropriate, so teams can ship fast while production stays reliable, secure, cost-controlled and evidence-ready.
Tarian Labs
Tarian Labs provides practitioner-led penetration testing and security assessments for businesses that refuse to be easy targets. Their offensive security capability is shaped by experience across UK defence, government and Critical National Infrastructure environments.
Critical Cloud operates, observes, secures and improves the runtime layer. Tarian Labs independently challenges that runtime through practitioner-led offensive security testing. Findings move into remediation, retesting and evidence of closure.
The evidence gap grows every time production changes.
A point-in-time security test gives you a snapshot. Production does not stand still. New services appear, permissions change, releases go live, infrastructure evolves and detection coverage drifts. The result is stale evidence at the exact moment boards, auditors, regulators and enterprise customers are asking harder questions.
Reports age quickly
Security evidence can be out of date before the next board pack or customer review.
Findings stall
Pen test findings often sit outside the operational backlog, making remediation slower than it should be.
Detection needs validation
Monitoring and security tooling only matter if the controls work against realistic attack paths.
Closure needs proof
Teams need retesting and evidence that fixes were implemented and risk was reduced.
Observe. Detect. Validate.
Three capabilities. Two specialist companies. One closed assurance loop.
Observe
Critical Cloud keeps the production runtime observable, monitored and operationally governed across cloud, observability and AI runtime environments. Where Datadog is already in place, we use it as the operating substrate. Where it is not, we work with the available AWS or Azure-native signals and agree the right route during scoping.
Detect
Detection uses the best-fit tooling for the customer's environment. That may include Datadog Cloud Security, Cloud SIEM, CSPM or other Datadog security modules where already adopted or appropriate. For AWS and Azure environments without Datadog, the service can work with native cloud security telemetry and controls.
Validate
Tarian Labs independently challenges the runtime through practitioner-led offensive security testing. This can include cloud and infrastructure assessment, penetration testing, web application testing, API testing, attack-path validation and retesting.
From finding to fix. From fix to proof.
Every engagement follows the same structured loop, from authorisation to evidenced closure.
Scope and authorise
Written customer authorisation, agreed scope, rules of engagement and controlled evidence handling.
Establish runtime context
Critical Cloud aligns the operating context, available telemetry, cloud environment, Datadog or native tooling, and remediation ownership. Critical Cloud
Validate like an attacker
Tarian Labs tests the agreed environment using practitioner-led offensive security methods. Tarian Labs
Prioritise findings
Findings are written so engineering teams can act, with severity, evidence and practical remediation context.
Remediate with operational support
Critical Cloud supports the path from finding to operational change where authorised and contracted. Critical Cloud
Retest independently
Tarian Labs retests to confirm whether fixes hold. Tarian Labs
Evidence closure
The customer receives a clear view of what was tested, what was found, what was fixed and what was confirmed.
Neither party marks its own homework.
Built for your environment, not just one tool stack.
Already using Datadog Cloud Security
Use your existing security investment as the foundation for validation. We help confirm whether runtime controls, detection coverage and operational workflows hold up against real attack paths.
Using Datadog without security tooling
Start from the observability layer you already have. We can validate current runtime visibility and, where appropriate, identify the Datadog security capabilities that would strengthen the assurance loop.
AWS or Azure without Datadog
Datadog is not a requirement. For cloud environments without Datadog, the service can use native AWS or Azure security signals, cloud controls and practitioner-led assessment to create a practical validation path.
Hybrid, non-cloud or complex environments
Where the environment falls outside the standard cloud pattern, we scope a bespoke validation route. Book a scoping call to talk through your environment.
What the engagement can include
Exact scope depends on your environment and goals, agreed during scoping. Depending on scope, an engagement can include:
- Joint scoping call with Critical Cloud and Tarian Labs
- Written authorisation and rules of engagement
- Runtime visibility and control review
- Cloud, infrastructure, web application or API validation depending on scope
- Practitioner-led offensive security testing
- Severity-ranked findings
- Executive and technical readout
- Remediation route and operational backlog support
- Independent retesting
- Evidence of closure
- Optional ongoing validation cadence
Coordinated delivery. Independent validation.
The model is designed to keep responsibilities clear. Operations and testing work best when they are coordinated, but assurance only has credibility when the tester remains independent.
Tarian Labs owns validation
Testing methodology, findings, severity ratings, evidence and retesting.
Critical Cloud owns runtime improvement
Operational remediation support, observability improvement, runtime security operations, runbooks, monitoring, evidence and cloud, Datadog or native tooling changes where authorised.
You stay in control
The customer owns the product, application, model, business logic, risk acceptance and release decisions.
We operate the stack. You own the product.
We operate, secure and govern the runtime layer behind your product. Tarian Labs independently tests it. You keep every decision over your application, your model and your business logic.
Designed for teams where runtime evidence matters.
FinTech and financial services
For teams facing board, customer, investor, audit or regulatory scrutiny.
SaaS and technology platforms
For fast-moving teams where release velocity can outpace runtime assurance.
Healthcare and MedTech
For businesses where security, resilience and evidence matter to trust.
AI-native and AI-adopting companies
For teams putting AI features, agents or model-backed workflows into production.
Regulated and audit-sensitive SMBs
For companies that need enterprise-grade assurance without building an enterprise-sized team.
What customers get
- Independent evidence that runtime controls have been tested
- A practical path from finding to remediation
- Retesting that confirms whether fixes hold
- Clear executive and technical reporting
- Better alignment between security testing and operational improvement
- Evidence that can support board, audit, regulator, investor or enterprise customer conversations
- A route to ongoing assurance as the environment changes
We operate and evidence the runtime controls that support your compliance obligations. We don't make compliance claims on your behalf: the obligation, and the risk decisions, stay with you.
Continuous Runtime Security Validation sits alongside our other Managed Runtime Assurance services.
Managed Runtime Assurance
The operating model this service sits within: observability, security, resilience, cost control and evidence for AI-era software.
Critical Support
Our flagship 24×7 incident management and improvement engineering service for AWS and Azure.
Managed Datadog
Ongoing platform operations for teams that want Datadog managed as the observability and security substrate.
FAQ
Is Datadog required?
No. Datadog is a strong operating substrate where it is already in place, or where the customer wants to extend into managed observability and security operations. For AWS and Azure environments without Datadog, the service can work with native cloud tooling and agreed evidence sources.
What if we already use Datadog Cloud Security?
The engagement can validate whether your existing controls, detections and workflows stand up to realistic attack paths. It is designed to help you turn existing tooling into stronger runtime assurance.
What if we use Datadog but not the security products?
We can start with the observability and operating context you already have, then identify whether Datadog security modules, native cloud controls or a different route is the best fit for your environment.
Is this just a penetration test?
No. Practitioner-led testing is a core part of the service, but the value is the full assurance loop: scope, validate, remediate, retest and evidence closure.
Who performs the testing?
Tarian Labs owns the independent testing methodology, findings, severity ratings and retesting.
Who handles remediation?
Critical Cloud supports runtime remediation and operational improvement where authorised and contracted. The customer remains in control of risk acceptance and product decisions.
Do you test your own work?
No. Independence is built into the model. Tarian Labs validates independently, Critical Cloud supports operational change, and Tarian Labs retests and confirms closure.
What about non-cloud or hybrid environments?
These are handled through a scoped engagement. Book a scoping call rather than looking for a fixed package: we'll agree the right route for your environment.
Is testing authorised?
Yes. Testing runs under written customer authorisation, agreed scope, rules of engagement and controlled evidence handling.
Ready to prove your runtime security still works?
Book a scoping call with Critical Cloud and Tarian Labs. We will confirm your environment, existing tooling, validation goals and the right route to evidence.