Sold by: SysdigÂ
Deployed on AWS
Falco acts as a security camera detecting abnormal behavior, intrusions, and data theft in real time.
Overview
Falco is a cloud native runtime security tool for Linux operating systems. It is designed to detect and alert on abnormal behavior and potential security threats in real-time. At its core, Falco is a kernel monitoring and detection agent that observes events, such as syscalls, based on custom rules. Falco can enhance these events by integrating metadata from the container runtime and Kubernetes. The collected events can be analyzed off-host in SIEM or data lake systems.
Highlights
- Falco, originally created by Sysdig, is a graduated project under the Cloud Native Computing Foundation (CNCF) used in production by various organisations. For detailed technical information and insights into the cyber threats that Falco can detect, visit the official Falco website.
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
EKS add-on
Latest version
Operating system
Linux
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Not applicable.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
EKS add-on
Supported services: Learn moreÂ
- Amazon EKS
EKS add-on
An add-on is software that provides supporting operational capabilities to Kubernetes applications but isn't specific to the application. This includes software like observability agents or Kubernetes drivers that allow the cluster to interact with underlying AWS resources for networking, compute, and storage. Add-on software is typically built and maintained by the Kubernetes community, cloud providers like AWS, or third-party vendors. Amazon EKS add-ons provide installation and management of a curated set of add-ons for Amazon EKS clusters. All Amazon EKS add-ons include the latest security patches and bug fixes, and are validated by AWS to work with Amazon EKS. Amazon EKS add-ons allow you to consistently ensure that your Amazon EKS clusters are secure and stable and reduce the amount of work that you need to do to install, configure, and update add-ons.
Version release notes
Released on 2025-05-29.
For more details, review the following repository: https://github.com/falcosecurity/falco/releases/tag/0.41.0Â
Additional details
Usage instructions
This EKS add-on doesn't require further configuration for a default configuration.
Support
Vendor support
Please see Falco.org or github.com/falcosecuirty/falco for docs and best practices.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
In the cloud, every second counts. Sysdig's cloud-native application protection platform (CNAPP) stops cloud threats in real time and prioritizes the risks that matter most. Our CNAPP correlates signals across cloud workloads, identities, and services to uncover hidden attack paths.
Sysdig secures your AWS cloud and workload with top-rated support for services including Amazon ECS, Amazon EKS, and AWS Fargate, and integrations with AWS security solutions including AWS Security Hub, Amazon GuardDuty, and Amazon Security Lake.
amazon-eks-node-1.22-fcg-pci-v2.5-20230308
By Automated Cloud Technologies
amazon-eks-node-1.25 with FCG PCI auditing/compliance reporting and Falco Container Security
Hardened SOC2 Compliant eks-node with FCG Shield
By Automated Cloud Technologies
Amazon EKS Node - EKS v1.24
This product has charges associated with it for use of FCG Shield.
This product extends the functionality of AWS EKS and without it, this product provides the same fully configured and enabled cloudwatch agent with eBPF monitoring using falco, logging to cloudwatch . Please note that AWS EKS might require its own license for full functionality with this listing.
FCG Shield v3.0.2
SOC2
PCI
Container Security via Falco EBPF
Cloudwatch Configured for All monitoring of node
Hardened SOC2 eks-al2023-node-1.29-v20240814 FCG Shield by AutoCloudTek
By Automated Cloud Technologies
This product has charges associated with it for use of FCG Shield configuration by AutoCloudTek
Hardened SOC2 eks-al2023-node-1.29-v20240814 FCG Shield by AutoCloudTek
Amazon EKS Node - eks-al2023-node-1.29-v20240814
FCG Shield v3.0.2 by AutoCloudTek
Drop in replacement for amazon-eks-node
No additional configuration required
SOC2
PCI
Container Security via opensource Falco EBPF
Cloudwatch Configured for All monitoring of node
Customer reviews
0 ratings
0 AWS reviews
|
3 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Bikash s.
Enhancing Kubernetes Security with Falco: A Comprehensive Review
Reviewed on Oct 28, 2024
Review provided by G2
What do you like best about the product?
Ease of Integration: Falco integrates seamlessly with Kubernetes and container environments. Makes it easy to deploy as a DaemonSet across the cluster.
Customizable Rules: The ability to customize search rules helps teams tailor security reviews to their specific needs. Helps reduce false positives At the same time it guarantees that important events are recorded.
Detailed notifications: When Falco detects an issue, it provides a detailed notification with context about the event. Help security teams quickly understand and respond to potential threats.
Community Support: As an open source project, Falco benefits from a lively community that actively contributes to its development. It provides a wealth of resources, plugins, and shared experiences…
Extensive coverage: Review various aspects of the Kubernetes ecosystem, including network activity. File access and configuration changes Provides a holistic view of security within a cluster
Customizable Rules: The ability to customize search rules helps teams tailor security reviews to their specific needs. Helps reduce false positives At the same time it guarantees that important events are recorded.
Detailed notifications: When Falco detects an issue, it provides a detailed notification with context about the event. Help security teams quickly understand and respond to potential threats.
Community Support: As an open source project, Falco benefits from a lively community that actively contributes to its development. It provides a wealth of resources, plugins, and shared experiences…
Extensive coverage: Review various aspects of the Kubernetes ecosystem, including network activity. File access and configuration changes Provides a holistic view of security within a cluster
What do you dislike about the product?
Configuration Complexity: Although Falco provides customizable rules, setting up and fine-tuning these rules can be complex, especially for organizations with specific or intricate security requirements. New users might find the initial configuration overwhelming.
Resource Consumption: As a DaemonSet running on each node, Falco can consume a noticeable amount of system resources, which might impact performance, especially in resource-constrained environments. This can be a concern for large clusters with many nodes.
Resource Consumption: As a DaemonSet running on each node, Falco can consume a noticeable amount of system resources, which might impact performance, especially in resource-constrained environments. This can be a concern for large clusters with many nodes.
What problems is the product solving and how is that benefiting you?
Runtime Threat Detection:
Problem: Traditional security measures often focus on vulnerabilities and compliance during development but may overlook runtime security issues.
Benefit: Falco continuously monitors the behavior of running containers, detecting anomalies or suspicious activities as they occur. This proactive approach allows for immediate response to potential threats, significantly reducing the risk of breaches.
Visibility into Container Behavior:
Problem: Containers are often treated as black boxes, making it challenging to understand what they are doing in real-time.
Benefit: Falco provides visibility into system calls and actions performed by containers, enabling security teams to identify unusual patterns and respond to potential risks. This enhanced visibility leads to better security management and oversight.
Alerting and Incident Response:
Problem: Many organizations struggle with timely detection and alerting of security incidents, leading to delayed responses.
Benefit: Falco generates real-time alerts for suspicious activities, allowing security teams to take swift action. This rapid response capability minimizes the potential impact of security incidents and improves overall incident management.
Problem: Traditional security measures often focus on vulnerabilities and compliance during development but may overlook runtime security issues.
Benefit: Falco continuously monitors the behavior of running containers, detecting anomalies or suspicious activities as they occur. This proactive approach allows for immediate response to potential threats, significantly reducing the risk of breaches.
Visibility into Container Behavior:
Problem: Containers are often treated as black boxes, making it challenging to understand what they are doing in real-time.
Benefit: Falco provides visibility into system calls and actions performed by containers, enabling security teams to identify unusual patterns and respond to potential risks. This enhanced visibility leads to better security management and oversight.
Alerting and Incident Response:
Problem: Many organizations struggle with timely detection and alerting of security incidents, leading to delayed responses.
Benefit: Falco generates real-time alerts for suspicious activities, allowing security teams to take swift action. This rapid response capability minimizes the potential impact of security incidents and improves overall incident management.
Mansi S.
Falco - Deep visibility
Reviewed on Sep 25, 2023
Review provided by G2
What do you like best about the product?
As a security analyst. I like its powerful intrusion detection feature that detects suspicious activities.
Also, its container and Kubernetes are a big support for organizations operating in cloud infrastructure.
It is open-source so can be used for free.
Also, its container and Kubernetes are a big support for organizations operating in cloud infrastructure.
It is open-source so can be used for free.
What do you dislike about the product?
Falcon sometimes releases unnecessary alerts due to its default settings.
Also, people with little knowledge in security field will find it hard to operate.
Also, people with little knowledge in security field will find it hard to operate.
What problems is the product solving and how is that benefiting you?
It helps you to customize rules so that you can create rules for the threats that are relevant to your organization's environment.
Most of the security tools are expensive, so it's a good support for smaller organisation as it is free.
Most of the security tools are expensive, so it's a good support for smaller organisation as it is free.
Anussha H.
A Good security toolfor linux systems
Reviewed on Sep 21, 2023
Review provided by G2
What do you like best about the product?
It is really good for linux systems and is a cloud native security tool so it is quite good at the scalability front. It is very good looking when it comes to UI and does house a lot of securty tools within it.
What do you dislike about the product?
The only issue I faced was to the integration of Falco using API. It is much difficult as it isn't REST API. Hence, there is a learning curve involved when it comes to using this tool.
What problems is the product solving and how is that benefiting you?
With the need for securing systems becoming more vitals, having a scalable and reliable solution when it comes to security is much need. This tool was perfect for my use case and it was easy to scale.