Falco
falco.orgDetect security threats in real time across cloud native environments
Securityruntime-securitycloud-nativekubernetesebpfopen-sourcethreat-detectioncontainers
About
Falco is an open-source, cloud-native runtime security tool that monitors hosts, containers, Kubernetes, and cloud environments for security threats. It uses eBPF to tap into Linux kernel events and a flexible rules engine to detect abnormal behavior, configuration changes, and compliance violations in real time. Alerts can be forwarded to over 50 third-party SIEM and data lake systems for analysis and response.
Problem
Organizations running containers and Kubernetes lack real-time visibility into abnormal or malicious behavior at the system level.
For
DevOps engineers, platform engineers, and security teams running cloud-native or containerized workloads
How it works
Falco uses eBPF to monitor Linux kernel events and applies customizable rules to detect suspicious activity, enriching events with contextual metadata and streaming alerts to downstream systems.
Business model
open-source
Status
launched
Company
CNCF (Cloud Native Computing Foundation)