Detect and respond to threats in real time
Falco is the open source standard for runtime security for hosts, containers, Kubernetes and the cloud. Get real-time visibility into unexpected behaviors, config changes, intrusions, and data theft.Try Falco
Secure containerized applications, no matter what scale, using the power of eBPF.
Protect your applications in real time wherever they run, whether bare metal or VMs.
Falco is Kubernetes-compatible, helping you instantly detect suspicious activity across the control plane.
Detect intrusions in real time across your cloud, from AWS, GCP or Azure, to Okta, Github and beyond.
What makes Falco different?
Falco detects threats across containers, Kubernetes, hosts and cloud services.
- Uses eBPF to monitor system activity for adverse behavior.
- Integrated with Kubernetes, so you can protect your infrastructure at scale.
- Use plugins to monitor cloud services such as GitHub, Okta, or AWS Cloudtrail.
Real Time Protection
Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.
- Runtime detection is a fundamental layer of defense against security blind spots and zero-day bugs in your software supply chain.
- Streaming approach enables real-time response while minimizing storage costs and complexity.
- Ready out-of-the-box with rules, which you can customize for your environment.
A multi-vendor and broadly supported standard that you can rely on.
- Created cloud-native in the same community as Kubernetes, Prometheus, and OPA.
- Powered by eBPF technology.
- Runs on x64 & ARM CPUs.
- Deployable in Kubernetes with an official Helm chart.
- Run on many platforms like GKE, EKS, AKS, gVisor and others.
- Zero cost to start, and easy to audit, extend, and integrate.