Sysdig Simplifies Log Management For Falco Users with AWS FireLens Integration.

OCTOBER 30, 2019


As a launch partner, new integration with Fluent Bit enables open source users to secure all clusters from the centralized log stream

SAN FRANCISCO — Oct. 30, 2019 — Sysdig, Inc., the secure DevOps leader, today announced the availability of a Falco integration with Fluent Bit. This integration enables Amazon Web Services (AWS) users to stream Falco security data into AWS FireLens for a simplified log management experience. Falco is the open source Kubernetes runtime security project started by Sysdig and donated to the CNCF®. AWS asked Sysdig to write the Falco integration and to join the FireLens preview program. AWS announced the general availability of FireLens today, which collects logs across all AWS container services — Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), and self-managed Kubernetes on Amazon Elastic Compute Cloud (EC2) — and consolidates them into a single log stream for unified management. Together with Falco, FireLens facilitates the centralization of all security events, which enables cluster operations, incident response, DevOps, and security teams to spend less time wading through data, enabling them to draw conclusions about security risks faster.

Blog: Multi-cluster security with Falco and AWS Firelens on Elastic Kubernetes Service (EKS) & Elastic Container Service (ECS)

Falco, the open source project, is the defacto Kubernetes runtime security tool. Falco detects abnormal application behavior and alerts on intrusions for containers and cloud-native applications. In the event of abnormal behavior, Falco will generate security events defined by a customizable set of rules. Falco was created by Sysdig in 2016, and the project joined the CNCF as a Sandbox project in October 2018. Over the last year, Falco adoption has increased by more than 240 percent.

The FireLens integration with Falco is made possible using Fluent Bit, an open source log processor, which is also a CNCF project. With Fluent Bit, FireLens is able to automatically collect Falco event logs from any cluster and route them to Amazon CloudWatch, the monitoring and observability service for AWS environments. CloudWatch takes the collected data and consolidates everything to provide one centralized log stream to track the security of all clusters from.

Key benefits

  • Simplified log management: The Falco integration with FireLens enables DevOps teams to easily set up security event consolidation across all container services. By using two open source tools — Falco and Fluent Bit — the barrier to entry for adopting log management is lowered.
  • Accelerated incident response: By consolidating all logs into one feed, security teams are able to set alert policies based on importance to reduce alert fatigue. By alerting to only the most important abnormalities, DevOps teams are able to evaluate risk posture faster and expedite incident response.
  • Compliance records: CloudWatch consolidates all container security events, including Falco alerts, in one place for log retention over time for compliance and audit purposes.
“We are in the final frontier when it comes to Kubernetes innovation. Security is the last area that still requires work from the community. Falco is leading the charge in standardizing Kubernetes security,” said Kris Nova, Chief Open Source Advocate at Sysdig. “AWS asked Sysdig to join the FireLens preview program because AWS values Falco’s ability to secure cloud-native environments. By integrating with FireLens, we hope to make it easier for all organizations to develop in the cloud, secure in the cloud, audit in the cloud, no matter their approach.”

Sysdig is committed to open source and ensuring all Kubernetes environments are able to securely run in production. Sysdig has created four open source tools, including Falco. Falco is the engine that powers Sysdig Secure, which embeds security and compliance in the build, run, and respond stages of the Kubernetes lifecycle. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand.

AWS re:Invent 2019, Dec. 2-6, 2019 

Visit Sysdig at Booth 3813

BrightTALK @ AWS Re:Invent 2019 Live
Topic: Cloud and Container Security at AWS
Who: Pawan Shankar, Sysdig Senior Product Marketing Manager
Michael Ewald, Contino Director of Engineering
When: Dec. 5, 10:30AM PT
Where: Register now for the live webinar!

Media Contact

Amanda McKinney, 280blue, Inc.
[email protected]

Sysdig Logo

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated #1 for CSPM in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.