Falco Support on AWS Fargate

A partnership between Amazon and Sysdig has been announced, enabling the popular runtime security tool, Falco, to operate on AWS Fargate, a serverless computing service. This collaboration marks a significant milestone, as it introduces deep instrumentation capabilities to Fargate, enhancing workload security, reliability, and efficiency. Deep instrumentation, which allows detailed observation of running processes, is crucial for security and stability tools such as runtime workload protection and root cause investigation. Previously, Fargate's architecture limited deep instrumentation methods, but with Amazon's support for ptrace, a system call for process control, Falco can now fully support Fargate, offering accurate monitoring with minimal overhead. The new feature, part of Fargate platform version 1.4, promises to enable more tools to become available on Fargate, and Sysdig has optimized Falco to use ptrace efficiently, ensuring performance akin to kernel-based methods.