Adding Runtime Threat Detection To Google Kubernetes Engine With Falco
One of the big advantages of running your workloads on a managed Kubernetes service like Google Kubernetes Engine (GKE) is that Google ensures your clusters are being deployed and managed following industry best practices.Â
While GKE clusters are incredibly secure and reliable, there is always room for improvement.Â
In this blog, we’re going to describe how you can enhance GKE’s already great security by adding runtime threat detection with Falco.Â
What Is Falco?
Falco is a Cloud Native Computing Foundation project that provides runtime threat detection. Out of the box, Falco examines syscalls to alert you to any suspicious activity. And, since containers share the same kernel as their host, Falco can monitor not only activity on the host but also all the containers running on that host. Moreover, Falco pulls data from both Kubernetes and the container runtime to add additional context to its alerts.Â