Falco: Open Source Security Tool for containers, Kubernetes and Cloud
Sysdig Secure extends and scales Falco by adding out-of-the-box workflows for security and compliance.
What is Falco?
Falco is the open source standard tool for continuous risk and threat detection across Kubernetes, containers and cloud. Falco acts as your security camera, continuously detecting unexpected behavior, configuration changes, intrusions, and data theft in real time.
It was created by Sysdig and contributed to the Cloud Native Computing Foundation® (CNCF®). Falco has been downloaded over 30 million times and has a strong, rapidly-increasing community of contributors and adopters.
What Is Falco Used For?
Runtime security for container and Kubernetes
Detect intrusions and anomalous activity based on syscalls and Kubernetes audit logs using community-driven policies (i.e., MITRE, FIM, cryptomining, etc.).
Real time cloud risk detection - Coming soon!
Continuously detect unexpected behavior, configuration changes, intrusions, and data theft based on cloud logs and get alerted immediately.
Open source security software
Gain transparency with an open codebase. Maximize coverage with community-sourced detection rules that are easily customizable.
How Sysdig Secure Extends Falco
Sysdig Secure leverages the Falco security project under the hood to continuously detect configuration changes, threats and anomalous behavior across containers, Kubernetes and cloud.
Sysdig Secure’s SaaS-first cloud and container security tool allows organizations to scale Falco rule management, data collection, and performance as their environment grows. Machine learning-based algorithms automatically tune rules to minimize alert fatigue and reduce false positives.
Sysdig Secure extends and scales Falco security for containers, Kubernetes, and cloud by providing a comprehensive security workflow across the application lifecycle. Secure the build, detect and respond to threats and continuously validate cloud configurations and compliance.
Falco Open Source Security and Sysdig Secure: Feature Comparison
How Sysdig Contributes to the Open Source Security Community
Sysdig has donated the sysdig kernel module, eBPF probe, and libraries to the Cloud Native Computing Foundation (CNCF). Sysdig’s open source engineering team not only contributes to Falco but to other projects as well. You can find the source code of these components in the Falco organization, hosted in the falcosecurity github repository.
Read more about our contribution to the CNCF
Get Started with Falco Today
Find out more about Falco
Jump over to the project GitHub repository to contribute to Falco.
Learn more at the project's website
Start reading about how Sysdig extends Falco.
Featured Falco Users