What you can do with Falco today

Falco shines at detecting threats, intrusions, and data theft in real time. It works well with legacy infrastructures, and excels at supporting containers, Kubernetes, and the cloud. Falco secures both workloads (processes, containers, services) and infrastructure (hosts, VMs, network, cloud infrastructure and services). It is designed to be lightweight, efficient, and scalable, and to be used in both development and production. Falco can detect many classes of threats out of the box, but should you need more, you can add custom detections. Falco is driven by a thriving open source community, bringing support and constant enhancement.

Secure your whole machine by instrumenting the operating system

One of the major benefits of Falco is its ability to provide host security. It achieves this by leveraging kernel-level eBPF instrumentation to capture low-level system events, such as file accesses, process creations, and network activity. This allows Falco to detect suspicious behavior, such as unauthorized access attempts, malware infections, or privilege escalations, that may indicate a security breach. Additionally, Falco's rules engine can be customized to detect specific types of attacks and enforce security policies tailored to your organization's needs.

Protect containers, Kubernetes and cloud native applications

Born "cloud-native", Falco is able to provide advanced container security. By tracking container behaviors and communications with the kernel, with an eBPF probe or a native kernel module, Falco can detect suspicious activities and threats in real-time. Falco can also enrich container events with metadata from the operating system, the container runtime and the Kubernetes API, providing users with more context about what's happening in their containers.

In addition to container security, Falco also provides robust Kubernetes security capabilities. It can ingest audit logs generated by the Kubernetes control plane to detect unauthorized or malicious requests to the API. Falco can also identify changes in Kubernetes resources and configurations, allowing users to detect unauthorized modifications that could compromise the security of their environments. With Falco, users can be confident that their Kubernetes clusters are secure and protected against potential attacks.

Detect and alert on suspicious behavior in your cloud environments

As more organizations migrate their applications to the cloud, the need for robust security measures becomes increasingly important. The nature of cloud-native environments can make it challenging to keep track of all the assets and configurations, which can expose infrastructure and applications to vulnerabilities.

Falco has powerful plugins that hook into the security event logs of your cloud provider of choice, and ensure that any unexpected or malicious behavior is detected and mitigated.

Protect your organization across the cloud

Falco offers a range of plugins that provide additional security benefits. These plugins integrate with various cloud services, such as GitHub and Okta, to enhance the security posture of your whole organization.

For example, the GitHub plugin for Falco can detect unauthorized access attempts and anomalous activity within your code repositories. With this plugin, you can monitor user activity and detect suspicious actions, such as attempts to download sensitive code or make unauthorized changes.

Similarly, the Okta plugin for Falco can provide enhanced identity and access management capabilities. This can be particularly useful in the event of a security incident, such as the FireEye outbreak, where rapid alerting and response are crucial for containing the damage and mitigating the threat.

Falco FAQs