With over 100 million downloads and contributions from companies like IBM, Apple, and Booz Allen Hamilton, Falco is the threat detection engine of choice
Sysdig, the leader in cloud security powered by runtime insights, today celebrates Falco becoming a graduated project within the Cloud Native Computing Foundation (CNCF). Falco’s graduation caps years of its growth as a leading open source cloud-native threat detection engine and emphasizes the importance of runtime security as organizations adopt cloud-first practices. In light of the updated SEC cybersecurity incident disclosure guidelines, Falco’s graduation comes at a time when companies are rethinking security strategies and pursuing comprehensive incident visibility to determine materiality. Immediately knowing when someone is inside an environment and shutting them down in seconds dramatically decreases the attack surface and impact.
Falco has surpassed the 100 million download mark and gained hundreds of active code contributors since moving to the previous phase, “Incubation,” within the CNCF in 2020. Companies publicly building on Falco include Shopify, GitLab, Skyscanner, Frame.io, and Booz Allen Hamilton; project maintainers include developers from Sysdig, IBM, Apple, and Red Hat.
The Power of Runtime
Security is an ever-evolving battle against threats. Bad actors have adapted their tactics to the cloud and initiate attacks within seconds of entering an environment. In on-premises environments, attacks can take weeks; in the cloud, it can take fewer than 10 minutes from initiation to completion. Real-time visibility across cloud environments, workloads, and user activity is critical to quickly coordinate the correct response and minimize the impact of possible breaches.
Falco is like a network of real-time security cameras for the cloud. Falco continuously collects data through rule violations and will immediately notify users of anomalous runtime activity, offering precise insights into an incident’s nature and severity. An early pioneer of eBPF, Falco monitors kernel-level events and enriches them with insights from the broader cloud-native ecosystem. Through plug-ins, Falco boasts extensibility to cloud services and platforms, such as Okta and Github, providing one tool with the ability to make connections across environments.
Cloud Security Needs Open Source
The future of security is open: This belief motivated the team at Sysdig to contribute Falco to the CNCF in 2018. Open source is the only approach with the agility and broad reach to solve modern security concerns across the cloud’s rapidly expanding attack surface. The collaboration within the open source community leverages expertise and scrutiny with a broader range of use cases, ultimately driving more secure software.
Open source Falco is the core engine providing unique runtime insights to the Sysdig platform, empowering organizations to both shift left and shield right. For prevention, runtime insights help customers connect the dots across environments and prioritize their most critical security risks. Falco rule libraries provide a deep understanding of what’s happening at runtime and prioritize in-use vulnerabilities. For detection and response, runtime insights power the ability to combat the most advanced threats through adherence to Falco rule sets. Ultimately, runtime insights provide end-to-end security – from prevention to defense – for the software development life cycle.
What the Community Has to Say
Loris Degioanni, CTO and Founder of Sysdig
“Falco was developed as an open source answer for those in search of a widely accessible and seamlessly integrated runtime security solution for cloud-native infrastructures. The attack surface is ever-expanding, from host systems to the device in your pocket, and Falco has become the gold standard for runtime security. Hitting 100 million downloads and graduating within the CNCF gives companies confidence in the project’s maturity and underscores that prevention is not enough in the cloud.”
Chris Aniszczyk, CTO of CNCF
“Since joining the CNCF, Falco has been an early pioneer of the application of eBPF to security and has undoubtedly contributed to the momentum we’re seeing within the open source runtime security space. With users at many of today’s largest-scale organizations and 50-plus integrations, we’re excited to continue cultivating the Falco community as a newly graduated project.”
Edgaras Apšega, Site Reliability Engineer at Vinted
“Falco not only detects threats, but it promptly notifies our Security Engineering team via integration with the security incident management platform. This integration creates a dynamic and efficient feedback loop, ensuring that the security team is aware of potential threats and equipped to respond swiftly and effectively. Falco’s simplicity around rules helps us fine-tune it according to our needs and detect even very sophisticated attacks.”
Michal Pazucha, Security Architect at Beekeeper
“Falco is the de facto security solution. By using Falco, we knew we were adopting a standard for cloud and container runtime security. Being able to tap into the Falco open source community and documentation was extremely helpful.”
Falco was initially developed by Sysdig in 2016 and contributed to the CNCF as a Sandbox Project in 2018. With its graduation, Falco joins a distinguished list of fundamental security tools – such as Kubernetes, Prometheus, and Envoy – all celebrated for their well-established development practices and widespread support within the cloud-native community.