Sysdig Makes Container Security Case for Falco
Sysdig is doubling down on its efforts to make its open source Falco project the de facto means for pulling security metrics for runtime security and intrusion detection. The company has already contributed Falco to the Cloud Native Computing Foundation (CNCF) and has hired Kris Nova, a CNCF ambassador who worked for Heptio (now part of VMware) and Deis (now part of Microsoft). Nova is also credited with developing kubicorn, an infrastructure management tool for Kubernetes.
Now that most of the core foundation of Kubernetes has been set, Nova says the next frontier for the container community is cybersecurity. To that end, Nova plans to focus on driving further adoption of Falco as the de facto alternative to the multiple proprietary technologies that now dominate the container security landscape. Falco should be perceived as an open source engine that other cybersecurity technologies can leverage, she says.
Falco is an open source intrusion and abnormality detection tool that became a sandbox project within the CNCF last October. Sysdig claims adoption of Falco has increased 240% in the last nine months. The Falco team has already created Falco Operator, which can be used to automate cybersecurity workflows in Kubernetes environments, and has integrated Falco with the Kubernetes Audit Policy to provide an additional source of data to monitor.
Sysdig last month also released Falco rules library, which makes it easier for enterprise IT organizations to repurpose cybersecurity rules created by open source community members.
The Falco team is working on implementing Prow, a widely employed open source project designed to make it easy to add continuous integration capabilities to any tool. The goal, according to Sysdig, is to reduce reliance on a graphical user interface to manage Falco.
It’s not clear to what degree open source projects will reduce the cost of container security. Vendors will benefit by sharing engineering resources, but most organizations don’t tend to consume raw open source code. They prefer to wait for vendors to curate those projects in a way that ensures what gets employed is stable enough to run in production environments. The cost benefits of joint research might not be transferred directly to end customers unless competition between cybersecurity vendors remains fierce.
In the meantime, there is a wave of merger and acquisition activity occurring as incumbent cybersecurity vendors move to acquire startups focused on container security. The one thing that is for certain is open source projects tend to accelerate the rate at which innovation is achieved, as engineers from different vendors collaborate to solve issues. In fact, vendors are now devoting more resources than ever to open source projects—Sysdig reports it is now devoting close to 30% of its engineering resources to various open source projects.
As for cybersecurity, additional innovations can’t come too soon. The primary inhibitor of adoption of container platforms remains cybersecurity. Those platforms, of course, already may be more secure than legacy platforms, but when it comes to IT, perception is as much reality as it is in any other walk of life.