Falco Feeds by Sysdig Empowers Companies to Harness Open Source Security at Enterprise Scale

With detections backed by the elite Sysdig Threat Research Team, Falco Feeds equips organizations to easily scale Falco and stay ahead of cloud threats

“Falco, similar to a network of security cameras, provides unmatched real-time threat detection, monitoring, and observability across cloud infrastructures,” said Loris Degioanni, Founder and CTO of Sysdig, Co-Creator of Falco. “However, open source software involves an inherently self-managed process. The average company doesn’t have the resources to constantly add new rules, nor do they have a threat research team on the cutting edge of the ever-evolving threat landscape.”

Scaling Open Source Security and Compliance with Falco Feeds by Sysdig

• Fully managed rules informed by cutting-edge threat research: The Sysdig TRT, the world-renowned group behind cloud-native threat operation discoveries such as LLMjacking and SCARLETEEL, provides timely and effective detection updates for critical common vulnerabilities and exposures (CVEs) like the infamous Log4j vulnerability, as well as evolving attacker behaviors and sophisticated techniques that can exploit even minor vulnerabilities in new ways. By receiving these updates directly into the Falco rules feed, organizations can maintain a strong security posture without having to stay current on every emerging threat.

• Extensive coverage and reinforced security posture: Each Falco rule is classified with tags for regulatory and security compliance frameworks, such as NIST, NIS2, DORA, SOC2, HIPAA, and FedRAMP. Additionally, Falco Feeds leverages Sysdig Secure’s rule set, currently providing 95% coverage of the MITRE ATT&CK® Framework for containers and 89% coverage for Linux. With Falco Feeds, it’s easier than ever for organizations to meet evolving regulatory requirements, streamline audits, and maintain a high standard of security across their cloud environments.

• Reduced maintenance, greater return on investment: Falco Feeds reduces the maintenance burden for organizations that rely on open source security. Automated rule distribution is managed through Falcoctl, eliminating the need for manual updates or custom rule deployment across individual Falco endpoints. Since Falco Feeds is tested and tuned to mitigate challenges like false positives, organizations can swiftly adopt it without disrupting production and equip users to enhance security without extensive maintenance or downtime.

“Companies that want the power of Falco without the manual work choose Sysdig,” Degioanni continued. “But there will always be a portion of enterprises that build their infrastructure themselves. With Falco Feeds, we are giving those companies a leg up, with access to emerging threat intelligence so that they can retain their DIY nature without being blindsided by the latest attack evolution.”

Learn more about Falco Feeds by Sysdig.

Resources

• Watch “Falco Feeds by Sysdig.”
• Read “Why Falco works the best in distributed architectures.”
• Explore the Sysdig TRT’s latest threat report.

Media Contact

Damon Weinhold
[email protected]
+1 (415) 873-4772