Detect security threats in real time
Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.Try Falco
What makes Falco different?
Falco detects threats across containers, Kubernetes, hosts and cloud services.
- Uses eBPF to monitor system activity for adverse behavior.
- Integrated with Kubernetes.
- Use plugins to monitor cloud services such as GitHub, Okta, or AWS Cloudtrail.
Real Time Detection
Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.
- Runtime detection is a fundamental layer of defense against security blind spots and zero-day bugs in your software supply chain.
- Streaming approach enables real-time response while minimizing storage costs and complexity.
- Ready out-of-the-box with rules, which you can customize for your environment.
Integration with 50+ Systems
Forward Falco alerts to any off-host SIEM and data lake system for analysis, storage, or reaction.
- Falco alerts can easily be forwarded to more than 50+ third parties.
- The JSON format for alerts allows for storing, analysis, or triggering reactions easily.
A multi-vendor and widely adopted solution that you can rely on.
- Created cloud-native in the same community as Kubernetes, Prometheus, and OPA.
- Powered by eBPF technology.
- Runs on x64 & ARM CPUs.
- Deployable in Kubernetes with an official Helm chart.
- Run on many platforms like GKE, EKS, AKS, gVisor and others.
- Zero cost to start, and easy to audit, extend, and integrate.
Stories From Our Users
"Falco's threat detection and real-time alerting capabilities, together with Phoenix's mitigation features help effectively address security issues that might evade other security offerings"
"At Trendyol, we leverage Falco to develop a threat detection system using Kubernetes audit logs and kernel events to monitor user behavior in production clusters. This lets us detect operational anti-patterns, enhance visibility, and identify malicious actors."