.jpg)
Runtime is where the real security work happens.
Production risk rarely looks like a single bug in isolation. It looks like behavior: an invariant drifting, permissions changing unexpectedly, approvals appearing where they should not, or an economic pattern that precedes loss. Teams can see the alert, and still lose the window to contain if the path from detection to action is unclear.
Cantina is working with Guardrail to bring protocol-aware runtime monitoring into Cantina's Managed Detection & Response (MDR).
Why runtime coverage matters
For protocols handling material TVL or institutional flows, post-deployment security is continuous. The threat surface includes more than contracts: governance, operational permissions, transaction patterns, and economic conditions that evolve over time.
Institutions are especially sensitive to this category of risk because it is operational. They look for evidence that a system can detect meaningful deviations, route them to the right owner, and execute containment with traceability.
What Guardrail adds
Guardrail provides continuous onchain monitoring with sub-second detection across 28+ chains, including recently added Solana support. Our 285+ pre-built guards cover common attack vectors like oracle manipulation, flash loan exploits, reentrancy, governance attacks while custom guards are built for protocol-specific risks like invariant drift and permission boundaries.
When threats are detected, Guardrail can automatically pause contracts, adjust parameters, or trigger escalation workflows. Guardrail integrates directly with PagerDuty, Slack, Telegram, and webhook-based workflows, so alerts route to where teams already operate.
Guardrail currently secures $5B+ in TVL across 30+ protocols including Euler, EigenLayer, BadgerDAO, Scroll, and Story Protocol.
What Cantina MDR adds
Cantina MDR provides the operating model that turns detection into controlled action:
- Surface: threat modeling, dependency mapping, critical asset identification, risk heat maps
- Structure: playbooks across technical, legal, and governance tracks, aligned escalation paths and access control
- Stress: tabletop simulations and drills to pressure-test pause decisions, phishing response, multisig failure, and contagion scenarios
- Signal: 24/7 monitoring with a sub-15 minute SLA for mission-critical events, with actions logged for audit and board reporting
- Shield: containment, timeline reconstruction, root cause analysis, attacker profiling, and recovery recommendations
The consistent value MDR provides is decision discipline: clear ownership, preapproved criteria, and a response path that works under off-hours conditions.
Next step
If you want to discuss what an organized runtime response path looks like for your protocol, talk to us about integrating Managed Detection and Response into your current pipeline.
About Guardrail
Guardrail is a continuous monitoring, detection, and response platform built for DeFi. With sub-second detection across 28+ chains, 285+ pre-built security guards, and automated response capabilities, Guardrail secures $5B+ in TVL for leading protocols including Euler, EigenLayer, BadgerDAO, and Scroll. Backed by Haun Ventures, Coinbase Ventures, and other leading Web3 investors. Learn more at guardrail.ai