Pre-Runtime vs. Runtime Protection: Which is better for your IaaS Security?

Traditional security solutions for endpoints and servers do not work well in cloud environments which require speed, scale and container awareness. Agent-based runtime protection solutions have been known to diminish performance. This is why security teams often choose to conduct only pre-runtime vulnerability scans instead of implementing runtime protection. For all of their strengths, pre-runtime vulnerability scans cover only one attack vector and leave organizations blind in runtime. Runtime protection, on the other hand, detects actual breaches without a limit to a single attack vector. This poses the question: Pre-runtime vs. runtime protection, which is better for your IaaS security?