Threat Detection Built on Falco
At Sysdig we believe the future of security is open. It’s how we got started, and with Falco, it’s at the heart of our platform.
Our Vision
The cloud brings flexibility and dynamism to modern application development; but it poses new challenges for security. That's why we created Falco, the open source solution for threat detection in hosts, containers, and the cloud.
Years before anyone learned how to pronounce Kubernetes, we set the course for container and cloud threat detection, and ensured it was built on an open source platform.
We built on a heritage of detection and forensics. Twenty years ago, we created Wireshark, now an indispensable part of every network engineer's toolkit. Ten years ago, we saw the coming change in computing architectures, and how a similar approach was essential for observing what was happening in hosts and containers.
Falco is based on a unique technical vision, informed by deep experience, and now underpins everything we do. Our products have Falco at their core, delivering detection and runtime insights that power a suite of security solutions.
Open Source
Why did we choose to open source our platform? To be effective, the capability to observe workloads needs to be everywhere. We started with the tool that named our company, sysdig, and grew it into a mature solution for threat detection, Falco, now homed at the Cloud Native Computing Foundation (CNCF). As a CNCF graduated project, Falco sits at the same level as Kubernetes, a hallmark of broad adoption and dependability.
Modern platforms are built on an open source stack, and we knew that delivering effective security requires an open source solution. Runtime security must be broadly available in order to meet the challenges of modern infrastructure and threat vectors, and that happens best when it’s an integrated part of the stack: from hosts, to containers and Kubernetes.
Read more about Falco's graduation within the CNCFFalco Feeds
by Sysdig
Falco is the standard for runtime threat detection in the cloud. But default Falco rules must be tuned and validated to accurately detect insecure behavior and evolving security threats. Falco Feeds by Sysdig extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered. Backed by the Sysdig Threat Research Team (TRT), a dedicated group of threat researchers on the leading edge of emerging cloud risks and vulnerabilities, Falco Feeds by Sysdig ensures you always have the latest defenses in place.
GET OPEN SOURCE SECURITY AT ENTERPRISE SCALEIt's Not Just Us
Falco is used for threat detection by big tech and startups alike, across every major cloud platform, and in large on-premise installations.
Falco is an industry supported solution, delivering on a visionary approach of real time streaming detection. Battle-tested on Linux and Kubernetes, it’s also at the cutting edge of cloud security use cases, able to extend detection to platforms and services such as AWS CloudTrail or GitHub. And, thanks to the CNCF’s stewardship, Falco is a long-term dependable choice—supported not just by us, but by contributors from companies such as IBM, Red Hat, and Apple.
Security is a broad and ever-changing problem: open source allows the industry to pool its collective expertise to meet the growing threats.
Get Started with Falco Today
Falco is a community, not just technology. You can find out more about joining the flock through the links below.