Sold by: Sysdig
Deployed on AWS
AWS Free Tier
Get enterprise-grade runtime security for your EKS clusters-no complex setup required. Falco automatically detects container threats and streams findings directly into AWS Security Hub CSPM, giving you unified visibility across your entire AWS environment.
Overview
This AWS Marketplace solution delivers production-ready runtime security monitoring for EKS clusters by combining Falco OSS with native AWS Security Hub CSPM integration. Falco captures suspicious container, host, or cloud behavior-unauthorized access, credential theft, privilege escalation-in real-time as workloads execute.
The solution eliminates deployment complexity through automated CloudFormation templates for AWS services, Helm charts for cloud-native Falco deployment, and Lambda functions that normalize Falco findings into AWS Security Finding Format (ASFF).
Deploy in 10 minutes instead of weeks, with all alerts centralized in AWS Security Hub CSPM alongside your existing AWS security services.
This product requires an internet connection to deploy properly. The following package is downloaded on deployment:
- Helm chart from Falco OSS: https://falcosecurity.github.io/charts
Highlights
- - Real-time runtime threat detection - Open, extensible, and community-driven - Unified visibility of threats within AWS Security Hub CSPM
Details
Sold by
Categories
Delivery method
Delivery option
Single-cluster automation deployment
Latest version
Operating system
AmazonLinux 2023.9.20251208.0
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
This solution is provided free of charge. As there are no fees associated with this product, refunds are not applicable. For technical support or questions, please visit: https://github.com/falcosecurity/falco/issues
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Single-cluster automation deployment
This CloudFormation template provides a fully automated deployment of Falco runtime security monitoring integrated with AWS Security Hub CSPM for a single EKS cluster. The solution eliminates manual configuration by deploying all required AWS infrastructure and Kubernetes components in a single stack. What Gets Deployed:
• AWS Infrastructure: IAM roles and policies for Lambda execution and EC2 deployment, CloudWatch log groups for Falco alerts, EKS access entries for cluster authentication, and security groups for secure connectivity • Deployment Automation: A temporary EC2 instance with pre-configured scripts that automatically deploys the Lambda function, creates CloudWatch subscription filters, configures Kubernetes secrets for AWS credentials, and installs Falco via Helm charts on your specified EKS cluster
• Falco Components: Falco DaemonSet deployed across all nodes in your EKS cluster using eBPF probes for kernel-level monitoring and FalcoSidekick for alert forwarding to CloudWatch Logs.
• Processing Pipeline: Lambda function that transforms Falco alerts from CloudWatch into AWS Security Finding Format (ASFF) and publishes to Security Hub CSPM, providing unified visibility alongside other AWS security services
The deployment completes in less than 10 minutes Simply provide your EKS cluster name, VPC ID, and subnet-the CloudFormation template handles the rest.
Once deployed, Falco immediately begins monitoring runtime activity in your cluster and forwarding security findings to your Security Hub dashboard.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
First version of the product providing only single-cluster deployment within this solution.
Additional details
Usage instructions
Deploy the CloudFormation template by providing the Parameters for your EKSCluster, VPCid and SubnetID.
The VPCId and SubnetID provided must have access to the EKS cluster and Internet access as it is required by the EC2 instance deployed.
Note: Once the solution is deployed you are safe to stop (or even delete) the EC2 instance deployed related to the deployed stack as it is no longer needed. If you delete it, remember that in case you want to remove the CloudFormation stack it will not find this resource later and could be stuck in the "deletion" process.
This product requires an internet connection to deploy properly because of the EC2 bootstrap instance. The following package is downloaded on deployment:
- Helm chart from Falco OSS: https://falcosecurity.github.io/charts
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Serves as a channel for communication between Citrix Cloud and your resource locations, facilitating cloud management without requiring any complex networking or infrastructure configuration.
Callaba, an award-winning solution, provides high-level cloud-based NDI®, SRT, accessible from any location, enabling broadcasters to enhance content while reducing costs and environmental impact. Built for both cloud and hybrid setups, Callaba adapts smoothly to changing production demands.
Whether you're using it in the cloud or on-premises, Callaba allows you to leverage your best talent, integrate unlimited NDI® sources for interactive content, lower travel costs, and easily scale production capacity to meet short-term or long-term needs.
Get the best and most advanced technologies for cloud video production, online conferencing, content delivery, monetization, and video streaming API - all with just one subscription. A complete solution for live and on-demand video, Callaba offers a professional suite for online events and internet broadcasting through a simple UI.
Trend Cloud One™ has reached End of Life and is now fully transitioned to Trend Vision One™ - delivering the latest, most advanced AI cybersecurity tools and capabilities for comprehensive protection. Learn how to update here: https://www.trendmicro.com/en_us/business/campaigns/platform-update.html
Wiz provides an entirely new approach to cloud security that for the first time identifies the actual risks hidden in your cloud infrastructure.
Caylent is a cloud-native services company helping organizations bring the best out of their people and technology using AWS. Our mission from day one has been to help companies accelerate their cloud-native journey. We dream big alongside our customers and use our collective insight and experience to think about the possibilities and angles to build and create the best outcomes.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.