Cloud-native threat detection with Falco
I speak with Thomas Labarussias of @sysdig about Falco, a cloud-native security tool designed for Linux systems.
Falco uses custom rules on kernel events, enriched with container and Kubernetes metadata, to provide real-time alerts and help you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.
We talk a little Falco history, the project’s recent CNCF graduation, and new developments in the project to make the tool even more useful.
Disclaimer: We had some technical issues. Hopefully, I polished things just enough.
00:00 Intro music
00:02 Intro
00:15 Disclaimer
01:12 Intro to Thomas
01:55 What is Falco?
03:01 Graduating in the CNCF
04:16 Falco history
06:30 Falco demo begins
07:34 Falco sidekick
14:44 Falco tunnel
20:50 Falco Talon
31:51 Outro
32:18 Outro music
by Chris Chinchilla
linux foundation