With Falco Feeds, Sysdig provides its customers with the latest information on cyber threats. Cloud threats are kept at bay with an “ever-evolving and curated” set of Falco detections.

Sysdig founder and CTO Loris Degioanni describes Falco as a set of virtual security cameras. He says the platform offers “unmatched” aggregation of threat detection, monitoring and observability across all layers of the cloud. Yet the manual work of writing rules against malicious behavior proves too difficult for users. That’s why Sysdig is launching with fully managed rules based on Sysdig’s Threat Research Team (TRT).

Focused on compliance

In total, Falco Feeds covers 95% of container-related threats in the MITER ATT&CK framework, generally considered the standard knowledge base for cyberattacks worldwide. Therefore, only exceptions still need to be monitored by organizations, but the vast majority of cyberattacks take place in an automated manner and will therefore already occur within Sysdig’s TRT coverage.

Ultimately, Falco Feeds provides less maintenance work for often overburdened security teams within organizations (even if there is a security team). New rules are distributed automatically through Falcoctl, eliminating the need for manual updates.

“Companies that want the power of Falco without the manual work choose Sysdig,” says Degioanni. “But there will always be a portion of companies that build their infrastructure themselves. With Falco Feeds, we’re giving these companies an edge, giving them access to information about emerging threats, so they can maintain their DIY nature without being blindsided by the latest developments in attacks.

Compliance Help

For users, Falco Feeds not only eliminates this type of chore but also focuses on compliance. In addition to detecting vulnerabilities such as Log4Shell, Sysdig says Falco ensures that companies comply with NIS2, DORA and SOC2 standards.

This is essential for organizations that need to legitimize their security posture. An audited organization can boast Sysdig’s coverage of continuously tracked cloud threats. This should also be useful on a daily basis by generating fewer false positives than if organizations developed and followed their rules manually.

Also read: Sysdig Launches AI Cloud Security Analyst with Sage