Falco: Open Source Security Tool for containers, Kubernetes and Cloud

Sysdig Secure extends and scales Falco by adding out-of-the-box workflows for security and compliance.

Start Free

Watch On Demand! FIND, FOCUS, and FIX the Cloud Threats that Matter with Accenture, AWS, Expel, Snyk, Sysdig and SANS

Open Source Falco

What is Falco?

Falco is the open source standard tool for continuous risk and threat detection across Kubernetes, containers and cloud. Falco acts as your security camera, continuously detecting unexpected behavior, configuration changes, intrusions, and data theft in real time.

It was created by Sysdig and contributed to the Cloud Native Computing Foundation® (CNCF®). Falco has been downloaded over 30 million times and has a strong, rapidly-increasing community of contributors and adopters.

What Is Falco Used For?

Check Mark

Runtime security for container and Kubernetes

Detect intrusions and anomalous activity based on syscalls and Kubernetes audit logs using community-driven policies (i.e., MITRE, FIM, cryptomining, etc.).

Check Mark

Real time cloud risk detection

Continuously detect unexpected behavior, configuration changes, intrusions, and data theft based on cloud logs and get alerted immediately.

Check Mark

Open source security software

Gain transparency with an open codebase. Maximize coverage with community-sourced detection rules that are easily customizable.

How Sysdig Secure Extends Falco

Sysdig Secure leverages the Falco security project under the hood to continuously detect configuration changes, threats and anomalous behavior across containers, Kubernetes and cloud.

Sysdig Secure’s SaaS-first cloud and container security tool allows organizations to scale Falco rule management, data collection, and performance as their environment grows. Machine learning-based algorithms automatically tune rules to minimize alert fatigue and reduce false positives.

Sysdig Secure extends and scales Falco security for containers, Kubernetes, and cloud by providing a comprehensive security workflow across the application lifecycle. Secure the build, detect and respond to threats and continuously validate cloud configurations and compliance.

Regulatory Compliance Coverage

Validate compliance using out of the box checks and runtime policies that map to compliance standards like NIST, SOC2 or PCI.

Detect policy violations using community-sourced detections of malicious activity and CVE exploits.

Falco Open Source Security and Sysdig Secure: Feature Comparison

 
Falco
Sysdig Secure
Open Source Based Agent
Yes
Yes
Runtime Security
Threat Detection Policies (via Linux syscalls, Kubernetes audit logs and cloud activity logs)
Yes
Yes
Alert Outputs
Yes
(via Sidekick)
Yes
(Event forwarding)
Customizable Policies Based Cloud/K8s Context
Yes
Yes
Automated Policy Tuning
No
Yes
ML-based Image Profiling
No
Yes
Network Security
No
Yes
Additional Capabilities
Out-of-the-box Compliance Policies
No
Yes
Vulnerability Management (Image & Host scanning)
No
Yes
Cloud Security Posture Management
No
Yes
Infrastructure as Code Security
No
Yes
Incident Response
No
Yes
Enterprise Grade Support and Scalability (centralized rule management, simple policy editor, professional services)
No
Yes

How Sysdig Contributes to the Open Source Security Community

Sysdig has donated the sysdig kernel module, eBPF probe, and libraries to the Cloud Native Computing Foundation (CNCF). Sysdig’s open source engineering team not only contributes to Falco but to other projects as well. You can find the source code of these components in the Falco organization, hosted in the falcosecurity github repository.

Falco open source security

Read more about our contribution to the CNCF

Get Started with Falco Today

Find out more about Falco

Sysdig Monitor

Contribute

Jump over to the project GitHub repository to contribute to Falco.

Sysdig Monitor

Project website

Learn more at the project's website

Sysdig Monitor

Documentation

Start reading about how Sysdig extends Falco.

Featured Falco Users

Booz Allen Hamilton Falco Customer

Frame.io Falco Customer

GitLab Falco Customer

Shopify Falco Customer

Skyscanner Falco Customer