The state of Falco: A year of progress since CNCF graduation

Since Falco's graduation from the Cloud Native Computing Foundation (CNCF) in 2024, the open-source security project has experienced significant growth and innovation, as detailed by Loris Degioanni. Falco has achieved 150 million downloads and introduced new technologies like Stratoshark, which combines the capabilities of Falco and Wireshark to enhance system call analysis. Key developments include the creation of Falco Talon, a no-code response engine for Falco events, and the Sysdig Agent for Windows, which extends Falco's detection capabilities to the Windows environment. Falco's plugin ecosystem has grown by 40%, offering expanded integration with third-party services such as Microsoft Entra ID, thereby improving cloud security measures. The introduction of Falco Feeds by Sysdig provides enterprise-grade, expert-written rules, reducing the maintenance burden while maintaining flexibility. Looking forward, Falco aims to deepen Kubernetes integration, enhance automation in runtime security, and create a unified security framework with Stratoshark, setting the stage for a new Kubernetes Detection and Response (KDR) approach that integrates detection, investigation, and response in cloud-native environments.