The Cloud Native Computing Foundation Accepts Sysdig’s Falco
Sysdig recently announced their open source runtime container security solution, Falco, will join the Cloud Native Computing Foundation (CNCF). They join as a Cloud Native Sandbox project and provide the first runtime security technology to enter this space. With CNCF accepting Falco, they promote runtime security and make it easier to build secure cloud-native apps.
Sysdig launched in 2013 with their flagship open source monitoring technology, Sysdig. From here, the company used this initial solution to build Falco.
“We’re proud to be able to contribute to the open source community in a larger way,” said Loris Degioanni, chief technology officer and founder of Sysdig. “Adding Falco to the Cloud Native Sandbox gives developers, operations, security, and other IT professionals access to our market-leading runtime security technology, which has more than 1.5 million downloads to date. Acceptance by the CNCF further reaffirms Falco’s approach to runtime container security.”
Benefits of Falco
Falco gives DevSecOps visibility into the behavior of containers and applications. Cloud native has become the standard for organizations around the world. Thus, developing proper security tools becomes essential for development and management. The complexities of cloud-native environments also introduce the need for immediate detection and protection of new containerized instances.
Falco shortens the security incident detection and response cycle by providing runtime security. Further, the software detects abnormal behavior at the application, file, system, and network level. It taps into the Linux kernel to create a stream of system call events. This allows Falco to apply rules and act if a rule violation occurs.
With CNCF’s wide range of projects, Falco thrives by increasing visibility into security events and acting on threats. More specifically, Falco kills harmful containers, notifies appropriate teams, and isolates Kubernetes nodes. Falco also provides metadata from sources like the Kubernetes API server to enhance data from the Linux kernel.