Runtime Security for Containers, Cloud and Kubernetes
Secure containers, CaaS (AWS Fargate), Kubernetes, hosts and cloud infrastructure with out-of-the-box policies based on open source Falco.
Prevent and Detect Threats Based on Falco
Container and CaaS runtime security
Detect threats across containers and Fargate tasks. Automate policies via ML-based image profiling. Automatically remediate with response actions.
Cloud threat detection
Alert on changing permissions of IAM users and resources, storage buckets, access keys, etc. by analyzing cloud activity audit logs (AWS CloudTrail, GCP audit logs) with Falco.
Host and VM security
Detect anomalous activity inside hosts and VMs using Falco policies for runtime security.
Falco Runtime Security: Open-source, Community Driven and Flexible Policy Engine
With Falco, you can create detection rules to define unexpected application behavior or suspicious cloud activity. These rules can be enriched via context from the cloud provider and Kubernetes environments. Detect policy violations using community-sourced detections, and tune them further to reduce noise.
Sysdig Secure extends the open-source Falco runtime security engine, and saves time creating and maintaining runtime policies.
“We use Sysdig Secure for runtime security to improve our signals that go into the SOC and speed detection and audit workflows in containers.”Large US Bank Sysdig Customer