SELinux, Seccomp, Falco, and You: A Technical Discussion

1021

One of the questions we often get when we talk about Sysdig Falco is “How does it compare to other tools like SELinux, AppArmor, Auditd, etc. that also have security policies?” To help answer some of those questions, we thought we’d present a summary of other related security products and how they compare to Sysdig Falco.

Specifically, we’ll look at the following tools:

  • Basic sandboxing: seccomp
  • Sandboxing with policies: seccomp-bpf
  • Mandatory access control systems: SELinux, AppArmor
  • System auditing: Auditd
  • Behavioral monitoring: Falco

Read more at Sysdig