▲ 5 r/MSSP

Cloud security for MSSPs: what are customers actually paying for?

Hello,

I've been spending a lot of time looking at how MSSPs approach cloud security, and one thing I've noticed is that there's no shortage of tools. The harder part seems to be turning those tools into services customers actually value.

I'm building a cloud security platform for MSSPs, and I'm trying to make sure I understand the operational challenges rather than just adding another list of features.

For those of you managing AWS, Azure, or GCP environments:

What has been the biggest challenge in delivering cloud security as a service?

Is it customer demand, operational overhead, alert fatigue, reporting, remediation, or something else entirely?

reddit.com
u/kloudnative — 11 days ago
▲ 3 r/u_kloudnative+2 crossposts

Implement Real-time Application Threat Detection & Response using Open Source software

Architecture for Real-Time Application Threat Detection and Response using Open Source (Falco)

This architecture demonstrates how real-time threat detection and automated response can be implemented using the Falco ecosystem.

How it works:

  1. Falco continuously monitors system calls across the environment where applications run — operating systems, virtual machines, containers, and Kubernetes workloads.

  2. Falco rules evaluate this activity in real time to detect suspicious or malicious behavior and generate security events.

  3. Falcosidekick consumes these events and forwards them to Falco Talon, the open-source response engine for Falco.

  4. Falco Talon correlates incoming events with predefined response actions and executes automated remediation in the appropriate environment.

Example flow:
a. A suspicious action occurs within a Kubernetes pod
b. Falco detects the behavior and emits a security event
c. Falcosidekick forwards the event to Falco Talon
d. Falco Talon matches the event to a configured response
e. The Talon actionner executes the response — for example, deleting the affected pod in the Kubernetes cluster

This approach enables real-time detection paired with automated, context-aware response using entirely open-source tooling.

u/kloudnative — 21 days ago