Falco: Open Source Security Tool for containers, Kubernetes and Cloud

Sysdig Secure extends and scales Falco by adding out-of-the-box workflows for security and compliance.

Oct 20 SANS Webinar! Solutions Forum 2022: Is Your SecOps Ready for Cloud and Containers?

What is Falco?

Falco is the open source standard tool for continuous risk and threat detection across Kubernetes, containers and cloud. Falco acts as your security camera, continuously detecting unexpected behavior, configuration changes, intrusions, and data theft in real time.

It was created by Sysdig and contributed to the Cloud Native Computing Foundation® (CNCF®). Falco has been downloaded over 30 million times and has a strong, rapidly-increasing community of contributors and adopters.

What Is Falco Used For?

Runtime security for container and Kubernetes

Detect intrusions and anomalous activity based on syscalls and Kubernetes audit logs using community-driven policies (i.e., MITRE, FIM, cryptomining, etc.).

Real time cloud risk detection

Continuously detect unexpected behavior, configuration changes, intrusions, and data theft based on cloud logs and get alerted immediately.

Open source security software

Gain transparency with an open codebase. Maximize coverage with community-sourced detection rules that are easily customizable.

How Sysdig Secure Extends Falco

Sysdig Secure leverages the Falco security project under the hood to continuously detect configuration changes, threats and anomalous behavior across containers, Kubernetes and cloud.

Sysdig Secure’s SaaS-first cloud and container security tool allows organizations to scale Falco rule management, data collection, and performance as their environment grows. Machine learning-based algorithms automatically tune rules to minimize alert fatigue and reduce false positives.

Sysdig Secure extends and scales Falco security for containers, Kubernetes, and cloud by providing a comprehensive security workflow across the application lifecycle. Secure the build, detect and respond to threats and continuously validate cloud configurations and compliance.

Regulatory Compliance Coverage

Validate compliance using out of the box checks and runtime policies that map to compliance standards like NIST, SOC2 or PCI.

Detect policy violations using community-sourced detections of malicious activity and CVE exploits.

Falco Open Source Security and Sysdig Secure: Feature Comparison

Falco

Sysdig Secure

Open Source Based Agent

Runtime Security

Threat Detection Policies (via Linux syscalls, Kubernetes audit logs and cloud activity logs)

Alert Outputs

(via Sidekick)

(Event forwarding)

Customizable Policies Based Cloud/K8s Context

Automated Policy Tuning

ML-based Image Profiling

Network Security

Additional Capabilities

Out-of-the-box Compliance Policies

Vulnerability Management (Image & Host scanning)

Cloud Security Posture Management

Infrastructure as Code Security

Incident Response

Enterprise Grade Support and Scalability (centralized rule management, simple policy editor, professional services)

Start Free

Get Demo

How Sysdig Contributes to the Open Source Security Community

Sysdig has donated the sysdig kernel module, eBPF probe, and libraries to the Cloud Native Computing Foundation (CNCF). Sysdig’s open source engineering team not only contributes to Falco but to other projects as well. You can find the source code of these components in the Falco organization, hosted in the falcosecurity github repository.