With Falco Feeds, Sysdig provides customers with the most up-to-date information on cyber threats. Cloud threats are kept at bay with a “constantly evolving and curated” set of Falco detections.
Founder and CTO at Sysdig Loris Degioanni describes Falco as a set of virtual security cameras. According to him, the platform offers an “unmatched” aggregation of threat detection, monitoring and observability across all cloud layers. Yet the manual work of writing rules against malicious behavior proves too much for users. That’s why Sysdig is jumping in with fully managed rules based on Sysdig’s Threat Research Team (TRT).
Focused on compliance
In total, Falco Feeds covers 95 percent of container threats within the MITRE ATT&CK framework, generally seen as the standard knowledge base for cyber attacks worldwide. Therefore, only the exceptions still need to be monitored by organizations, but the vast majority of cyberattacks take place in an automated fashion and thus will already occur in Sysdig’s TRT coverage.
Ultimately, Falco Feeds provides less maintenance work for often overburdened security teams within organizations (if there even is a security team). New rules are distributed automatically via Falcoctl, eliminating the need for manual updates.
“Companies that want the power of Falco without the manual work choose Sysdig,” Degioanni says. “But there will always be a portion of enterprises that build their infrastructure themselves. With Falco Feeds, we are giving those companies a leg up, with access to emerging threat intelligence so that they can retain their DIY nature without being blindsided by the latest attack evolution.”
Compliance help
For users, Falco Feeds not only eliminates this kind of drudgery but also focuses on compliance. In addition to detecting vulnerabilities such as Log4Shell, Sysdig says Falco ensures that companies comply with NIS2, DORA, and SOC2.
This is critical for organizations that need to legitimize their security posture. An organization being audited can point to Sysdig’s coverage of continuously tracked cloud threats. It should also help day to day by generating fewer false positives than if organizations make up and track their rules manually.
Also read: Sysdig launches AI cloud security analyst with Sage