Detect security threats in real time

Falco is a cloud native security tool that provides runtime security across hosts, containers, Kubernetes, and cloud environments. It leverages custom rules on Linux kernel events and other data sources through plugins, enriching event data with contextual metadata to deliver real-time alerts. Falco enables the detection of abnormal behavior, potential security threats, and compliance violations.

Try Falco
plug
Threat Detection

Detect malicious behavior in hosts and containers, no matter what scale, using the power of eBPF.

Regulatory Compliance

Stay compliant in cloud-native systems with Falco's intelligent monitoring and rule-based detection.

What makes Falco different?

Cloud Native
Cloud Native

Falco detects threats across containers, Kubernetes, hosts and cloud services.

  • Uses eBPF to monitor system activity for adverse behavior.
  • Integrated with Kubernetes.
  • Use plugins to monitor cloud services such as GitHub, Okta, or AWS Cloudtrail.
Real Time Detection
Real Time Detection

Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.

  • Runtime detection is a fundamental layer of defense against security blind spots and zero-day bugs in your software supply chain.
  • Streaming approach enables real-time response while minimizing storage costs and complexity.
  • Ready out-of-the-box with rules, which you can customize for your environment.
Integration with 50+ Systems
Integration with 50+ Systems

Forward Falco alerts to any off-host SIEM and data lake system for analysis, storage, or reaction.

  • Falco alerts can easily be forwarded to more than 50+ third parties.
  • The JSON format for alerts allows for storing, analysis, or triggering reactions easily.
Open Source
Open Source

A multi-vendor and widely adopted solution that you can rely on.

  • Created cloud native in the same community as Kubernetes, Prometheus, and OPA.
  • Powered by eBPF technology.
  • Runs on x64 & ARM CPUs.
  • Deployable in Kubernetes with an official Helm chart.
  • Run on many platforms like GKE, EKS, AKS, gVisor and others.
  • Zero cost to start, and easy to audit, extend, and integrate.
Created by
sysdig

Featured videos

Falco on YouTube
Oct 14, 2024
How to Deploy Falco with k8s-metacollector + k8smeta Plugin
How to Deploy Falco with k8s-metacollector + k8smeta Plugin

Oct 09, 2024
Introducing Falco 0.39.1
Introducing Falco 0.39.1

Events

Events

We are a CNCF graduated project

CNCF

Trusted by

Booz Allen Hamilton
Control Plane
Frame.io
GitLab
KubeSphere
League
Preferral
Shopify
Sight Machine
Sky Scanner
stack.io
Vinted