Detect security threats in real time
Falco is a cloud native security tool that provides runtime security across hosts, containers, Kubernetes, and cloud environments. It leverages custom rules on Linux kernel events and other data sources through plugins, enriching event data with contextual metadata to deliver real-time alerts. Falco enables the detection of abnormal behavior, potential security threats, and compliance violations.
Try FalcoThreat Detection
Detect malicious behavior in hosts and containers, no matter what scale, using the power of eBPF.
Regulatory Compliance
Stay compliant in cloud-native systems with Falco's intelligent monitoring and rule-based detection.
What makes Falco different?
Falco detects threats across containers, Kubernetes, hosts and cloud services.
- Uses eBPF to monitor system activity for adverse behavior.
- Integrated with Kubernetes.
- Use plugins to monitor cloud services such as GitHub, Okta, or AWS Cloudtrail.
Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.
- Runtime detection is a fundamental layer of defense against security blind spots and zero-day bugs in your software supply chain.
- Streaming approach enables real-time response while minimizing storage costs and complexity.
- Ready out-of-the-box with rules, which you can customize for your environment.
Forward Falco alerts to any off-host SIEM and data lake system for analysis, storage, or reaction.
- Falco alerts can easily be forwarded to more than 50+ third parties.
- The JSON format for alerts allows for storing, analysis, or triggering reactions easily.
A multi-vendor and widely adopted solution that you can rely on.
- Created cloud native in the same community as Kubernetes, Prometheus, and OPA.
- Powered by eBPF technology.
- Runs on x64 & ARM CPUs.
- Deployable in Kubernetes with an official Helm chart.
- Run on many platforms like GKE, EKS, AKS, gVisor and others.
- Zero cost to start, and easy to audit, extend, and integrate.