# Falco Reviews **Vendor:** Sysdig **Category:** [Container Security Tools](https://www.g2.com/categories/container-security-tools) **Average Rating:** 4.0/5.0 **Total Reviews:** 3 ## About Falco Define what activity is considered normal for your containerized applications & be notified when an application deviates. ## Falco Pros & Cons **What users like:** - Users value the **detailed notifications** from Falco, enabling quick understanding and response to potential security threats. (1 reviews) - Users value the **customizable rules** in Falco that enhance security reviews and minimize false positives. (1 reviews) - Users value the **seamless integrations** of Falco with Kubernetes, simplifying deployment and enhancing security monitoring. (1 reviews) - Users value the **seamless integration** of Falco with Kubernetes, enhancing deployment and security monitoring across clusters. (1 reviews) - Users value the **comprehensive security coverage** Falco offers, enhancing their protection across the Kubernetes ecosystem. (1 reviews) **What users dislike:** - Users often find **configuration complexity** in Falco, making initial setup overwhelming for new users and specialized needs. (1 reviews) - Users find the **configuration complex** , often feeling overwhelmed by the initial setup and customization of Falco. (1 reviews) - Users report that **Falco's high resource usage** can adversely affect performance in resource-limited environments, especially large clusters. (1 reviews) ## Falco Reviews ### 1. Enhancing Kubernetes Security with Falco: A Comprehensive Review **Rating:** 4.0/5.0 stars **Reviewed by:** Bikash s. | DevOps Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** October 28, 2024 **What do you like best about Falco?** Ease of Integration: Falco integrates seamlessly with Kubernetes and container environments. Makes it easy to deploy as a DaemonSet across the cluster. Customizable Rules: The ability to customize search rules helps teams tailor security reviews to their specific needs. Helps reduce false positives At the same time it guarantees that important events are recorded. Detailed notifications: When Falco detects an issue, it provides a detailed notification with context about the event. Help security teams quickly understand and respond to potential threats. Community Support: As an open source project, Falco benefits from a lively community that actively contributes to its development. It provides a wealth of resources, plugins, and shared experiences… Extensive coverage: Review various aspects of the Kubernetes ecosystem, including network activity. File access and configuration changes Provides a holistic view of security within a cluster **What do you dislike about Falco?** Configuration Complexity: Although Falco provides customizable rules, setting up and fine-tuning these rules can be complex, especially for organizations with specific or intricate security requirements. New users might find the initial configuration overwhelming. Resource Consumption: As a DaemonSet running on each node, Falco can consume a noticeable amount of system resources, which might impact performance, especially in resource-constrained environments. This can be a concern for large clusters with many nodes. **What problems is Falco solving and how is that benefiting you?** Runtime Threat Detection: Problem: Traditional security measures often focus on vulnerabilities and compliance during development but may overlook runtime security issues. Benefit: Falco continuously monitors the behavior of running containers, detecting anomalies or suspicious activities as they occur. This proactive approach allows for immediate response to potential threats, significantly reducing the risk of breaches. Visibility into Container Behavior: Problem: Containers are often treated as black boxes, making it challenging to understand what they are doing in real-time. Benefit: Falco provides visibility into system calls and actions performed by containers, enabling security teams to identify unusual patterns and respond to potential risks. This enhanced visibility leads to better security management and oversight. Alerting and Incident Response: Problem: Many organizations struggle with timely detection and alerting of security incidents, leading to delayed responses. Benefit: Falco generates real-time alerts for suspicious activities, allowing security teams to take swift action. This rapid response capability minimizes the potential impact of security incidents and improves overall incident management. ### 2. A Good security toolfor linux systems **Rating:** 4.0/5.0 stars **Reviewed by:** Anussha H. | Cyber Security Analyst, Small-Business (50 or fewer emp.) **Reviewed Date:** September 21, 2023 **What do you like best about Falco?** It is really good for linux systems and is a cloud native security tool so it is quite good at the scalability front. It is very good looking when it comes to UI and does house a lot of securty tools within it. **What do you dislike about Falco?** The only issue I faced was to the integration of Falco using API. It is much difficult as it isn't REST API. Hence, there is a learning curve involved when it comes to using this tool. **What problems is Falco solving and how is that benefiting you?** With the need for securing systems becoming more vitals, having a scalable and reliable solution when it comes to security is much need. This tool was perfect for my use case and it was easy to scale. ### 3. Falco - Deep visibility **Rating:** 4.0/5.0 stars **Reviewed by:** Mansi S. | Software Engineer TDP-ll, Mid-Market (51-1000 emp.) **Reviewed Date:** September 25, 2023 **What do you like best about Falco?** As a security analyst. I like its powerful intrusion detection feature that detects suspicious activities. Also, its container and Kubernetes are a big support for organizations operating in cloud infrastructure. It is open-source so can be used for free. **What do you dislike about Falco?** Falcon sometimes releases unnecessary alerts due to its default settings. Also, people with little knowledge in security field will find it hard to operate. **What problems is Falco solving and how is that benefiting you?** It helps you to customize rules so that you can create rules for the threats that are relevant to your organization's environment. Most of the security tools are expensive, so it's a good support for smaller organisation as it is free. - [View Falco pricing details and edition comparison](https://www.g2.com/products/falco/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-13+08%3A28%3A25+-0500&secure%5Bsession_id%5D=ed0ce25f-63bc-4a79-a299-fa5e73e62d07&secure%5Btoken%5D=d558db0399b1eae418f257bc12ca2e81ce0c4d3989d35ef826b86bf9b134b308&format=llm_user) ## Falco Features **Administration** - Risk Scoring - Secrets Management - Security Auditing - Configuration Management **Generative AI** - AI Text Summarization **Threat Detection & Response - Runtime Application Self-Protection (RASP)** - Threat Remediation - Threat Detection - Application Behavior Monitoring - Intelligence and Reporting **Monitoring** - Continuous Image Assurance - Behavior Monitoring - Observability **Protection** - Dynamic Image Scanning - Runtime Protection - Workload Protection - Network Segmentation ## Top Falco Alternatives - [Dynatrace](https://www.g2.com/products/dynatrace/reviews) - 4.5/5.0 (1,231 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (773 reviews) - [FortiCNAPP](https://www.g2.com/products/forticnapp/reviews) - 4.4/5.0 (383 reviews)