Nov 2019

With increased adoption of Kubernetes as container orchestrator, the security toolset around containers and Kubernetes is evolving rapidly. Falco is one such container-native tool aimed at addressing runtime security. Falco leverages Sysdig's Linux kernel instrumentation and system call profiling and lets us gain deep insights into system behavior and helps us detect abnormal activities in applications, containers, underlying host or Kubernetes orchestrator itself. We like Falco's capability to detect threats without injecting third-party code or sidecar containers.