CIO Influence
CIO Influence News Cloud Security

Falco Open Source Adds AWS Cloud Security Monitoring

Falco Open Source Adds AWS Cloud Security Monitoring
New Plug-in Capability Extends Open Source Threat Detection to Cloud

Sysdig announced the addition of cloud security monitoring functionality to the Falco open source software project. The new Amazon Web Services (AWS) CloudTrail plug-in provides real-time detection of unexpected behavior and configuration changes, intrusions, and data theft in AWS cloud services using Falco rules. The Falco community developed this extension with Sysdig based on a new plug-in framework that allows anyone to extend Falco to capture data from additional sources beyond Linux system calls and Kubernetes audit logs. As organizations manage critical data across multiple clouds, they need consistent threat detection across their distributed environments. Additional plug-ins will allow organizations to use a consistent threat detection language and close security gaps by using consistent policies for workloads and infrastructure. In addition, more than twenty new out-of-the-box policies supporting compliance frameworks were released.

Top iTechnology Cloud News: Latest Enhancements to Nintex Workflow Cloud Drive Digital Business Initiatives

“Now Falco can detect threats across containers and AWS cloud services using a streaming approach,” said Loris Degioanni, Founder and Chief Technology Officer, Sysdig, “Users can immediately alert on indications of lateral movement without the cost and complexity of copying logs.”

Falco Community Blog: Falco Plugins Early Access

Falco, a cloud-native runtime security project, is the de facto detection engine for containers and Kubernetes with over thirty million downloads. Created by Sysdig and contributed to the CNCF, Falco is an Incubation-level hosted project. The new plug-in capability and framework have been contributed by the Falco community and Sysdig to the project over the last few months. As of today, the AWS CloudTrail plug-in is available for use in preview mode and contributors can build new plug-ins on the framework.

Real-time detection of cloud configuration risk and threats

Today, security teams are forced to export AWS CloudTrail logs into a data lake or security information and event management (SIEM) for processing, and then search for threats and changes to configurations that can indicate a risk. This approach adds delay in identifying risks, as well as cost and complexity.

Falco inspects cloud logs using a streaming approach, applying the rules to the logs in real time and immediately alerting on issues, without the need to make an additional copy of the data. This approach complements static cloud security posture management by continually checking for unexpected changes to configurations and permissions that can increase risk. In addition, it acts as a modern intrusion detection system (IDS), detecting threats based on unusual behavior that can indicate a threat.

Top iTechnology Netwroking News: OpsCruise Receives Patent on Machine Learning Based Observability for Better Visibility, Monitoring and Management of Cloud-Native Applications

Consistent tool for threat detection across containers and cloud

Cloud and security teams struggle with an ever-growing list of tools to master and manage. Falco provides a single tool for threat detection across container and cloud environments, reducing complexity by reducing the number of tools in the stack. Users can use the same rule language to create consistent policies for workloads and infrastructure, removing security gaps. Because there is a shortage of talent in both cybersecurity and DevOps, reducing the learning curve by using consistent tools for threat detection is critical.

Users can get started immediately using out-of-the-box rules contributed by the community that map to compliance frameworks and best practices. They can also create custom rules to meet their specific needs using standard YAML code.

The plug-in capability for Falco creates the foundation for contributions that will extend support to other cloud environments and operating systems. The AWS CloudTrail plug-in and additional out-of-the-box rules are immediately available to try in preview form on the Falco GitHub site. Falco users and contributors can access pre-release documentation now. The official release is planned in the upcoming months.

Top iTechnology Netwroking News: Vaultree Introduces Encryption-as-a-Service Solution for the Global Market

What the Community is Saying

“The Falco plug-in capability gives DevOps and security teams a single threat detection tool with a single rules language across container and cloud environments. This allows users to create consistent policies for workloads and infrastructure and close security gaps,” said Chris Aniszczyk, CTO of Cloud Native Computing Foundation. “The basis is now in place for rapid innovation by the community to extend Falco to additional cloud environments.”

“Now Falco can detect threats across containers and AWS cloud services using a streaming approach,” said Loris Degioanni, Founder and Chief Technology Officer, Sysdig, “Users can immediately alert on indications of lateral movement without the cost and complexity of copying logs.”

Top Cybersecurity News: New AT&T Cybersecurity Managed XDR Solution Helps Organizations to Deliver on Digital Transformation Initiatives while Protecting Against Emerging Threats

[To share your insights with us, please write to]

Related posts and Virtuozzo Partner to Deliver Best-in-class Alternative Cloud Infrastructure and Platform Services Worldwide

CIO Influence News Desk

New Cloud Security Alliance Survey Finds Uneven Adoption of Emerging Technologies

CIO Influence News Desk

RiverMeadow Software Earns Microsoft Azure VMware Solution Specialization, Showcasing Expertise in Migrating workloads to VMware on Azure

PR Newswire

Leave a Comment