Detect and respond to threats in real time

Falco is the open source standard for runtime security for hosts, containers, Kubernetes and the cloud. Get real-time visibility into unexpected behaviors, config changes, intrusions, and data theft.

Try Falco
Container Security

Secure containerized applications, no matter what scale, using the power of eBPF.

Host Security

Protect your applications in real time wherever they run, whether bare metal or VMs.

Kubernetes Security

Falco is Kubernetes-compatible, helping you instantly detect suspicious activity across the control plane.

Cloud Security

Detect intrusions in real time across your cloud, from AWS, GCP or Azure, to Okta, Github and beyond.

What makes Falco different?

Cloud Native

Cloud Native

Falco detects threats across containers, Kubernetes, hosts and cloud services.

  • Uses eBPF to monitor system activity for adverse behavior.
  • Integrated with Kubernetes, so you can protect your infrastructure at scale.
  • Use plugins to monitor cloud services such as GitHub, Okta, or AWS Cloudtrail.
Real Time Protection

Real Time Protection

Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.

  • Runtime detection is a fundamental layer of defense against security blind spots and zero-day bugs in your software supply chain.
  • Streaming approach enables real-time response while minimizing storage costs and complexity.
  • Ready out-of-the-box with rules, which you can customize for your environment.
Open source

Open source

A multi-vendor and broadly supported standard that you can rely on.

  • Created cloud-native in the same community as Kubernetes, Prometheus, and OPA.
  • Powered by eBPF technology.
  • Runs on x64 & ARM CPUs.
  • Deployable in Kubernetes with an official Helm chart.
  • Run on many platforms like GKE, EKS, AKS, gVisor and others.
  • Zero cost to start, and easy to audit, extend, and integrate.
Created by

Featured videos

Falco on YouTube
May 30, 2023
Monitoring your EKS clusters audit logs
Monitoring your EKS clusters audit logs

May 12, 2023
GitOps your Falco Rules
Delivering Falco rules from the source to the node becomes easier with OCI artifacts.



We are a CNCF incubated project


Trusted by

Booz Allen Hamilton
Sight Machine
Sky Scanner