Sysdig

Threat Detection Built on Falco

At Sysdig we believe the future of security is open. It’s how we got started, and with Falco, it’s at the heart of our platform.

Our Vision


The cloud brings flexibility and dynamism to modern application development; but it poses new challenges for security. That's why we created Falco, the open source solution for threat detection in hosts, containers, and the cloud.

Years before anyone learned how to pronounce Kubernetes, we set the course for container and cloud threat detection, and ensured it was built on an open source platform.

We built on a heritage of detection and forensics. Twenty years ago, we created Wireshark, now an indispensable part of every network engineer's toolkit. Ten years ago, we saw the coming change in computing architectures, and how a similar approach was essential for observing what was happening in hosts and containers.

Falco is based on a unique technical vision, informed by deep experience, and now underpins everything we do. Our products have Falco at their core, delivering detection and runtime insights that power a suite of security solutions.

Open Source


Why did we choose to open source our platform? To be effective, the capability to observe workloads needs to be everywhere. We started with the tool that named our company, sysdig, and grew it into a mature solution for threat detection, Falco, now homed at the Cloud Native Computing Foundation (CNCF). As a CNCF graduated project, Falco sits at the same level as Kubernetes, a hallmark of broad adoption and dependability.

Modern platforms are built on an open source stack, and we knew that delivering effective security requires an open source solution. Runtime security must be broadly available in order to meet the challenges of modern infrastructure and threat vectors, and that happens best when it’s an integrated part of the stack: from hosts, to containers and Kubernetes.

Read more about Falco's graduation within the CNCF

It's Not Just Us


Falco is used for threat detection by big tech and startups alike, across every major cloud platform, and in large on-premise installations.

Falco is an industry supported solution, delivering on a visionary approach of real time streaming detection. Battle-tested on Linux and Kubernetes, it’s also at the cutting edge of cloud security use cases, able to extend detection to platforms and services such as AWS CloudTrail or GitHub. And, thanks to the CNCF’s stewardship, Falco is a long-term dependable choice—supported not just by us, but by contributors from companies such as IBM, Red Hat, and Apple.

Security is a broad and ever-changing problem: open source allows the industry to pool its collective expertise to meet the growing threats.

Falco is the de facto security solution. By using Falco, we knew we were adopting a standard for cloud and container runtime security. Being able to tap into the Falco open source community, and documentation was extremely helpful.
Security Architect, Beekeeper
Practical Cloud Native Security with Falco

Practical Cloud Native Security with Falco

Risk and Threat Detection for Containers, Kubernetes, and Cloud

Download Now

Get Started with Falco Today

Falco is a community, not just technology. You can find out more about joining the flock through the links below.