The Falco Project

Cloud-Native Runtime Security

Falco, the cloud-native runtime security project, is the de facto Kubernetes threat detection engine

Detects threats at runtime by observing the behavior of your applications and containers.

Extends threat detection across cloud environments with Falco Plugins.

Falco is the first runtime security project to join CNCF as an incubation-level project. Falco acts as a security camera detecting unexpected behavior, intrusions, and data theft in real time.

Why Falco?

Strengthen container security

The flexible rules engine allows you to describe any type of host or container behavior or activity.

Reduce risk via immediate alerts

You can immediately respond to policy violation alerts and integrate Falco within your response workflows.

Leverage most current detection rules

Falco out-of-the box rules alert on malicious activity and CVE exploits.

Featured Videos

End-Users

Booz Allen Hamilton

Coveo

Frame.io

GitLab

League

Preferral

Shopify

Sight Machine

Sky Scanner

Vendors

Logz.io

Rancher

Shujinko

Sumo Logic

Sysdig

Integrations

Helm

Kubernetes

Open Policy Agent1

Prometheus

Amazon Web Services

Azure

Datadog

Elastic Search

Google Cloud

IBM Cloud

InfluxDB

Grafana Loki

Opsgenie

Red Hat

Slack

StatsD

gVisor

We are a CNCF incubated Project