Sysdig Adds AWS Cloud Security Monitoring to Falco Open Source
October 18, 2021

Sysdig announced the addition of cloud security monitoring functionality to the Falco open source software project.

The new Amazon Web Services (AWS) CloudTrail plug-in provides real-time detection of unexpected behavior and configuration changes, intrusions, and data theft in AWS cloud services using Falco rules. The Falco community developed this extension with Sysdig based on a new plug-in framework that allows anyone to extend Falco to capture data from additional sources beyond Linux system calls and Kubernetes audit logs. As organizations manage critical data across multiple clouds, they need consistent threat detection across their distributed environments. Additional plug-ins will allow organizations to use a consistent threat detection language and close security gaps by using consistent policies for workloads and infrastructure. In addition, more than twenty new out-of-the-box policies supporting compliance frameworks were released.

Falco, a cloud-native runtime security project, is the de facto detection engine for containers and Kubernetes with over thirty million downloads. Created by Sysdig and contributed to the CNCF, Falco is an Incubation-level hosted project. The new plug-in capability and framework have been contributed by the Falco community and Sysdig to the project over the last few months. As of today, the AWS CloudTrail plug-in is available for use in preview mode and contributors can build new plug-ins on the framework.

Today, security teams are forced to export AWS CloudTrail logs into a data lake or security information and event management (SIEM) for processing, and then search for threats and changes to configurations that can indicate a risk. This approach adds delay in identifying risks, as well as cost and complexity.

Falco inspects cloud logs using a streaming approach, applying the rules to the logs in real time and immediately alerting on issues, without the need to make an additional copy of the data. This approach complements static cloud security posture management by continually checking for unexpected changes to configurations and permissions that can increase risk. In addition, it acts as a modern intrusion detection system (IDS), detecting threats based on unusual behavior that can indicate a threat.

Cloud and security teams struggle with an ever-growing list of tools to master and manage. Falco provides a single tool for threat detection across container and cloud environments, reducing complexity by reducing the number of tools in the stack. Users can use the same rule language to create consistent policies for workloads and infrastructure, removing security gaps. Because there is a shortage of talent in both cybersecurity and DevOps, reducing the learning curve by using consistent tools for threat detection is critical.

Users can get started immediately using out-of-the-box rules contributed by the community that map to compliance frameworks and best practices. They can also create custom rules to meet their specific needs using standard YAML code.

The plug-in capability for Falco creates the foundation for contributions that will extend support to other cloud environments and operating systems. The AWS CloudTrail plug-in and additional out-of-the-box rules are immediately available to try in preview form on the Falco GitHub site. Falco users and contributors can access pre-release documentation now. The official release is planned in the upcoming months.

“Now Falco can detect threats across containers and AWS cloud services using a streaming approach,'' said Loris Degioanni, Founder and CTO, Sysdig, “Users can immediately alert on indications of lateral movement without the cost and complexity of copying logs.”

Share this

Industry News

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.

May 11, 2022

Red Hat announced new advancements within its Red Hat Cloud Services portfolio, delivering a fully-managed and streamlined user experience as organizations build, deploy, manage and scale cloud-native applications across hybrid environments.

May 11, 2022

JFrog introduced a new Docker Desktop Extension for JFrog Xray that allows organizations to automatically scan Docker Containers for vulnerabilities and violations early in the development process.

May 11, 2022

Progress announced a series of updates in Progress Telerik and Progress Kendo UI.

May 11, 2022

Vultr announces that Vultr Kubernetes Engine (VKE) is generally available.

May 10, 2022

Docker announced new features and partnerships to increase developer productivity. Specifically, the company announced Docker Extensions which allow developers to discover and add complementary development tools to Docker Desktop.

May 10, 2022

Red Hat announced the general availability of Red Hat Ansible Automation Platform on Microsoft Azure, pairing hybrid cloud automation with the convenience and support of a managed offering.

May 10, 2022

The Fedora Project, a community-driven open source collaboration sponsored by Red Hat, announced the general availability of Fedora Linux 36, the latest version of the fully open source Fedora operating system.

May 10, 2022

Progress announced the release of Progress Chef Cloud Security, extending DevSecOps with compliance support for native cloud assets and enabling end-to-end management of all on premise, cloud and native cloud resources.

This new offering is complemented with new capabilities across the Chef portfolio targeting DevOps success in the most demanding and complex enterprise deployments.

May 10, 2022

Platform9 announced new platform capabilities in Platform9 5.5 that make it easier for cloud-native development and operations teams to build, scale, and operate apps and Kubernetes clusters in the cloud, on-premises, and at the edge.

May 09, 2022

Red Hat and Accenture have expanded their nearly 12 year strategic partnership to further power open hybrid cloud innovation for enterprises worldwide.

May 09, 2022

Opsera has partnered with Mindtree.

May 09, 2022

Mendix announced that Mendix Workflow for process automation is now generally available.