Detect security threats in real time

Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.

Try Falco
plug
Threat Detection

Detect malicious behavior in hosts and containers, no matter what scale, using the power of eBPF.

Regulatory Compliance

Stay compliant in cloud-native systems with Falco's intelligent monitoring and rule-based detection.

What makes Falco different?

Cloud Native

Cloud Native

Falco detects threats across containers, Kubernetes, hosts and cloud services.

  • Uses eBPF to monitor system activity for adverse behavior.
  • Integrated with Kubernetes.
  • Use plugins to monitor cloud services such as GitHub, Okta, or AWS Cloudtrail.
Real Time Detection

Real Time Detection

Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.

  • Runtime detection is a fundamental layer of defense against security blind spots and zero-day bugs in your software supply chain.
  • Streaming approach enables real-time response while minimizing storage costs and complexity.
  • Ready out-of-the-box with rules, which you can customize for your environment.
Integration with 50+ Systems

Integration with 50+ Systems

Forward Falco alerts to any off-host SIEM and data lake system for analysis, storage, or reaction.

  • Falco alerts can easily be forwarded to more than 50+ third parties.
  • The JSON format for alerts allows for storing, analysis, or triggering reactions easily.
Open Source

Open Source

A multi-vendor and widely adopted solution that you can rely on.

  • Created cloud-native in the same community as Kubernetes, Prometheus, and OPA.
  • Powered by eBPF technology.
  • Runs on x64 & ARM CPUs.
  • Deployable in Kubernetes with an official Helm chart.
  • Run on many platforms like GKE, EKS, AKS, gVisor and others.
  • Zero cost to start, and easy to audit, extend, and integrate.
Created by
sysdig

Featured videos

Falco on YouTube
Sep 26, 2023
Falco 0.36.0
Falco 0.36.0

Sep 21, 2023
Introducing a framework for regression testing against Linux kernels
Introducing a framework for regression testing against Linux kernels

Events

Events

We are a CNCF incubated project

CNCF

Trusted by

Booz Allen Hamilton
Coveo
Frame.io
GitLab
KubeSphere
League
Preferral
Shopify
Sight Machine
Sky Scanner
Vinted