Cloud native applications built on Kubernetes, containers, and microservices demand a new security posture. Runtime security tools like Sysdig Secure and Falco monitor container behavior and enforce policies across all clusters. Kubernetes admission controllers, backed by OPA and Kyverno, prevent insecure deployments before they run. Service meshes such as Istio or Linkerd encrypt traffic between services with mutual TLS and enforce fine‑grained access control at the API layer. API gateways with rate limiting, authentication, and schema validation protect modern application surfaces from abuse and injection attacks. Continuous supply‑chain security using tools like Sigstore and Chainguard ensures that images and packages are signed and verified. When combined with cloud‑native observability stacks, these practices create a defense‑in‑depth model tailored for modern platform‑based architectures.