Falco Cloud Native Runtime Security

Falco Cloud Native Runtime Security

www.falco.org

2

About this website

Falco is a CNCF graduated open source cloud native runtime security project that provides real-time threat detection for containers, Kubernetes, and cloud infrastructure. Originally created by Sysdig in 2016 and contributed to the CNCF in 2018, Falco achieved graduated status in 2024, joining Kubernetes, Prometheus, Envoy, and Istio as one of the most mature projects in the cloud native ecosystem. The tool uses eBPF (extended Berkeley Packet Filter) technology to tap into Linux kernel system calls at runtime, enabling it to detect anomalous behavior, security threats, and policy violations without requiring application code changes or instrumentation. Falco ships with over 100 default detection rules covering common attack patterns including shell execution inside containers, unauthorized file access, network connections to suspicious destinations, privilege escalation attempts, and Kubernetes audit event anomalies. Custom rules can be written using a flexible YAML-based rule language that supports conditions on process names, user IDs, file paths, network connections, container metadata, and Kubernetes API events. Output can be sent to multiple channels including stdout, syslog, file, HTTP endpoints, Slack, NATS, and Kafka. Falco is trusted by organizations including Shopify, GitLab, Booz Allen Hamilton, Vinted, and Skyscanner for production runtime security monitoring.

Tags & Categories

Categories

Tags

Statistics

2
Views
0
Clicks
0
Like
0
Dislike

Comments

Log In to post a comment

No comments yet. Be the first!