Kubernetes is now the platform of choice for many companies to manage their applications both on-premises and in the cloud. Its emergence a few years ago drastically changed the way we work. The flexibility of this platform has allowed us to increase the productivity of the engineering teams, thus requiring new working methods more adapted to this dynamic environment.
Kubernetes requested an adaptation of the security control processes to ensure the continuity of the reliability of this system. Falco is a tool that fits into this ecosystem.
What Is Falco?
Falco is an open source tool, created by Sysdig, to continuously detect risks and threats on Kubernetes platforms, containers, on-premise systems and even Cloud activity. Falco can be seen as an agent deployed on each node (master and worker) to observe and alert in real time unexpected behaviors such as configuration changes, intrusions or data theft.
Falco is now supported by the Cloud Native Computing Foundation (CNCF) and a huge community that continues to improve and maintain the project.
Falco is mainly used by security engineers (CISO, SRE, Security analyst, etc) to detect and alert as soon as possible any deviant behavior on any system and potentially automate playbooks to fix any issue detected.
