Sysdig announced the launch of Falco Feeds by Sysdig, a continuously evolving and curated set of Falco detections. With over 130 million downloads, open source Falco has set the standard for runtime threat detection in the cloud, and Falco Feeds extends its power and utility. Backed by the Sysdig Threat Research Team (TRT), a dedicated group of threat researchers on the leading edge of emerging cloud risks and vulnerabilities, Falco Feeds gives open source-focused companies access to expert-written rules that continue to be updated as new threats are discovered.
Cyber Technology Insights: OCSF Joins Linux Foundation to Enhance Security Data
“Falco, similar to a network of security cameras, provides unmatched real-time threat detection, monitoring, and observability across cloud infrastructures,” said Loris Degioanni, Founder and CTO of Sysdig, Co-Creator of Falco. “However, open source software involves an inherently self-managed process. The average company doesn’t have the resources to constantly add new rules, nor do they have a threat research team on the cutting edge of the ever-evolving threat landscape.”
Scaling Open Source Security and Compliance with Falco Feeds by Sysdig
- Fully managed rules informed by cutting-edge threat research: The Sysdig TRT, the world-renowned group behind cloud-native threat operation discoveries such as LLMjacking and SCARLETEEL, provides timely and effective detection updates for critical common vulnerabilities and exposures (CVEs) like the infamous Log4j vulnerability, as well as evolving attacker behaviors and sophisticated techniques that can exploit even minor vulnerabilities in new ways. By receiving these updates directly into the Falco rules feed, organizations can maintain a strong security posture without having to stay current on every emerging threat.
- Extensive coverage and reinforced security posture: Each Falco rule is classified with tags for regulatory and security compliance frameworks, such as NIST, NIS2, DORA, SOC2, HIPAA, and FedRAMP. Additionally, Falco Feeds leverages Sysdig Secure’s rule set, currently providing 95% coverage of the MITRE ATT&CK® Framework for containers and 89% coverage for Linux. With Falco Feeds, it’s easier than ever for organizations to meet evolving regulatory requirements, streamline audits, and maintain a high standard of security across their cloud environments.
- Reduced maintenance, greater return on investment: Falco Feeds reduces the maintenance burden for organizations that rely on open source security. Automated rule distribution is managed through Falcoctl, eliminating the need for manual updates or custom rule deployment across individual Falco endpoints. Since Falco Feeds is tested and tuned to mitigate challenges like false positives, organizations can swiftly adopt it without disrupting production and equip users to enhance security without extensive maintenance or downtime.
“Companies that want the power of Falco without the manual work choose Sysdig,” Degioanni continued. “But there will always be a portion of enterprises that build their infrastructure themselves. With Falco Feeds, we are giving those companies a leg up, with access to emerging threat intelligence so that they can retain their DIY nature without being blindsided by the latest attack evolution.”
Cyber Technology Insights: Dell Boosts AI Innovation, Cybersecurity for Microsoft
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com