Falco
Detect security threats in real time across cloud native environments

Falco is an open-source, cloud-native runtime security tool that monitors hosts, containers, Kubernetes, and cloud environments for security threats. It uses eBPF to tap into Linux kernel events and a flexible rules engine to detect abnormal behavior, configuration changes, and compliance violations in real time. Alerts can be forwarded to over 50 third-party SIEM and data lake systems for analysis and response.
Falco uses eBPF to monitor Linux kernel events and applies customizable rules to detect suspicious activity, enriching events with contextual metadata and streaming alerts to downstream systems.
DevOps engineers, platform engineers, and security teams running cloud-native or containerized workloads
Background.
- Status
- launched
- Business model
- open-source
- Company
- CNCF (Cloud Native Computing Foundation)
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.