What do you think of Falco? Is detection enough?

The Falco video finally comes!

Thanks for the video! I totally agree, Falco drives me crazy. I hate the number of warnings you get with Falco, having to fine tune the rules and all the ceremonies that come with it, even if there are no competitors at the moment. Plus I still haven't found a customer that uses it yet! But you can't prevent without observing things so I guess we need to stick with Falco for now

Key thing is ensuring image immutability at runtime for any workloads, be it VM, K8s, Containers [Docker/Podman etc.] or Serverless. Look at Aqua security CWPP, it not only detects but also has the ability to block it.

Very nice! I've been looking for something like this for my Homelab. Will definitely check this out...

Next, would you like to share your insights on Tetragon?

Thank you for the video. Not sure if it's intentional or not, but the link for the gist is not a link :)

It would be interesting to talk about gVisor after this video

Are there tools that do prevention on top of falco ?

I am a much bigger fan of kubearmor and find falco WAY TOO COMPLEX!!!!!