Discover Configuration Defects
Falco continuously scans your devices looking for hard to catch misconfigurations. When a defect is found you'll be notified quickly.
Continuous auditing for Palo Alto Networks.
Falco continuously audits firewall and Panorama configurations, scores risky security rules, flags drift, and gives your team clear remediation guidance.
Combine the automated insights from Falco with expert guidance from our team to improve your security posture and reduce risk across your Palo Alto fleet.
Remediate with Context
Once you've identified the misconfiguration, you can rely on our guidance and links to relevant documentation to quickly address the issue.
Manage at Scale
Go beyond configuration health and manage backups, licenses, and check for outstanding vulnerabilities across your entire fleet.
Built For Network Engineers
We built Falco to solve the problems we faced as network engineers managing lots of Palo Alto Networks firewalls. Staying on top of configuration drift, misconfigurations, and vulnerabilities across your fleet is hard, especially for smaller teams.
Our customers asked for a solution that would continuously audit their devices and alert them to issues as they arise, so we built Falco to do just that. We also know that finding configuration defects is only half the battle, so we built in detailed remediation guidance and links to relevant documentation for every issue we surface.
Keep Up With EDLs
Falco gives your team access to hundreds of curated External Dynamic Lists that help keep your policy current for cloud platforms, SaaS services, and vendor infrastructure that frequently changes IPs or URLs.
Instead of manually maintaining whitelists for Microsoft 365, cloud providers, and other moving dependencies, your engineers can work from a large catalog that is ready to operationalize in your Palo Alto environments.
Run Commands Across Devices
The Command Center helps your team execute operational commands across multiple firewalls from one place, which is especially useful when you need quick answers during troubleshooting or validation work.
That means less repetitive clicking across device UIs and more consistent execution when your engineers need to gather state, confirm changes, or support incident response at speed.
Plans
Choose the Right Tier for Your Team
Lite
Our introductory tier available for free to everyone.
- Full report with monthly updates
- Panorama support
- PAN-OS vulnerability scanning
Most Popular
Standard
Continuous auditing, alerting, config backups, and access to our support team.
- Everything in Lite
- Continuous configuration auditing
- Config regression notifications
- Configuration backups
- Re-run checks on-demand
- Open tickets with our Support Team
Enterprise
Unlock advanced features and work closely with our expert engineers.
- Everything in Standard
- Rule Analysis workspace
- 400+ common External Dynamic Lists (EDLs)
- Run commands on multiple devices at once
- Guided TLS decryption setup
- Customized Digital Scepter involvement
| Feature | Lite | Standard | Enterprise |
|---|---|---|---|
| Automated PAN Configuration Audits | Yes | Yes | Yes |
| Panorama Support | Yes | Yes | Yes |
| PAN-OS Vulnerability Scanning | Yes | Yes | Yes |
| Config Scan Interval | Weekly | Hourly | Hourly |
| Config Regression Alerts | No | Yes | Yes |
| Per-VSYS Reports | No | Yes | Yes |
| Access to our Support Team | No | Yes | Yes |
| Hourly Config Backups | No | Yes | Yes |
| Rule Analysis Workspace | No | No | Yes |
| Access to 400+ EDLs | No | No | Yes |
| Run commands on multiple devices at once (Command Center) | No | No | Yes |
| TLS Decryption Setup | No | No | Yes |
| Response Times | Lite | Standard | Enterprise |
|---|---|---|---|
| Critical | N/A | < 8 hours | < 8 hours |
| High | N/A | < 2 days | < 2 days |
| Normal | N/A | < 4 days | < 4 days |
Ready to improve your firewall security posture?