Falco provides real-time detection capabilities for environments from individual containers, hosts, Kubernetes and the cloud. It is able to detect and alert on abnormal behavior and potential security threats in real-time, such as crypto nining, file exfiltration, privilege escalation in applications, rootkit installs among many others. These malicious sehaviors are detected via user-defined Falco rules that classify events of application activity as malicious or suspicious.
