Falco Runtime Security
ToolCloud-native runtime security tool that detects unexpected behavior in your Linux cloud instances. Falco uses eBPF to monitor system calls and flag anomalous activity indicative of supply chain compromise.
Key Features
Resources
Videos
Falco for Kubernetes Runtime Security (eBPF, Rules, Tuning & Alerts)
Sysdig's recent nine-minute tutorial covers Falco's eBPF-powered runtime detection for Kubernetes across seven chapters, including rule configuration, tuning to reduce noise, and alert setup. It's the cloud-native security equivalent of installing motion sensors in every container: you'll know the moment something moves that shouldn't, and you'll know exactly which rule caught it.
Kubernetes Runtime Security with Falco and Sysdig
This CNCF webinar spends 36 minutes exploring the philosophical and practical sides of Kubernetes runtime security: why prevention alone isn't enough, how Falco and Sysdig complement each other, and real-world implementation patterns. With 27 chapters, it's thorough enough to serve as a team training session and practical enough to inform your next architecture decision.
More in Linux Cloud
- CIS Hardened Images
- Falco Runtime Security
- Cloud Linux Hardening Service
- Cloud Linux Supply Chain Guide