Detect security threats in real time
Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.
Try FalcoThreat Detection
Detect malicious behavior in hosts and containers, no matter what scale, using the power of eBPF.
Regulatory Compliance
Stay compliant in cloud-native systems with Falco's intelligent monitoring and rule-based detection.
What makes Falco different?
Cloud Native
Falco detects threats across containers, Kubernetes, hosts and cloud services.
- Uses eBPF to monitor system activity for adverse behavior.
- Integrated with Kubernetes.
- Use plugins to monitor cloud services such as GitHub, Okta, or AWS Cloudtrail.
Real Time Detection
Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.
- Runtime detection is a fundamental layer of defense against security blind spots and zero-day bugs in your software supply chain.
- Streaming approach enables real-time response while minimizing storage costs and complexity.
- Ready out-of-the-box with rules, which you can customize for your environment.
Integration with 50+ Systems
Forward Falco alerts to any off-host SIEM and data lake system for analysis, storage, or reaction.
- Falco alerts can easily be forwarded to more than 50+ third parties.
- The JSON format for alerts allows for storing, analysis, or triggering reactions easily.
Open Source
A multi-vendor and widely adopted solution that you can rely on.
- Created cloud-native in the same community as Kubernetes, Prometheus, and OPA.
- Powered by eBPF technology.
- Runs on x64 & ARM CPUs.
- Deployable in Kubernetes with an official Helm chart.
- Run on many platforms like GKE, EKS, AKS, gVisor and others.
- Zero cost to start, and easy to audit, extend, and integrate.