Sysdig Advances Its Vision for an Open Source Cloud Security Platform

Sysdig, the leader in real-time cloud security, announced new open source threat investigation and analysis capabilities for Falco, the standard for runtime cloud threat detection used by more than 60% of the Fortune 500. These updates deepen Falco’s ability to integrate with Stratoshark, creating a unified, end-to-end cloud security workload built entirely on open source.

Falco, which became a Cloud Native Computing Foundation (CNCF) graduated project in February 2024 and has exceeded 175 million downloads, can now record system capture (SCAP) files when specific rules are triggered. These files are readily consumable by Stratoshark, dubbed “Wireshark for the cloud” due to its roots in the popular open-source packet analysis tool. This integration lets users move seamlessly from real-time threat detection into post-event analysis.

Cyber Technology Insights : Rubrik Enters Strategic Collaboration with AWS to Strengthen Cyber Resilience

Sysdig also announced enhancements to several Falco plug-ins, including k8saudit and gcpaudit, which enable Stratoshark to uncover and highlight key context in source events and help teams turn raw security data into actionable intelligence. Together, these features combine fast and precise threat detection and forensics into a single, streamlined process for cloud security teams.

“Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry’s tool of choice for deep cloud system analysis,” said Loris Degioanni, founder and CTO of Sysdig, creator of Falco. “Enhancing the integration between these powerful tools brings the open source community closer to a unified, platform-like experience for complete life-cycle detection and response in the cloud.”

The Power of a Platform Approach for Open Source Security

Modern cloud environments are distributed and complex, with threats that are increasingly fast and sophisticated. In response, open source security is quickly evolving beyond individual point tools toward fully integrated systems. To stay ahead of threats, teams need tools that work together across the entire security life cycle. The enhanced integration of Falco with Stratoshark means that not only can users detect an attack in real time, but also drill into captured data with precision so that they can respond with speed and confidence.

Cyber Technology Insights : CrowdStrike Recognized as Overall Leader in 2025 KuppingerCole ITDR Leadership Compass

With these new capabilities, users gain:

Unified workflows: Teams can detect threats in real time with Falco, capture in-depth incident details from the moment Falco flags suspicious behavior, and investigate with precision in Stratoshark. This workflow equips teams to respond with complete context, all in one seamless, platform-like ecosystem.
Community-driven innovation: Open source security is strengthened by shared progress, transparency, and collective insight. Falco and Stratoshark are built on open standards and constantly evolving to meet the changing threat landscape.
Democratized cloud security: Teams can easily zoom in and out of system activity, moving seamlessly from high-level context to raw metadata. This kind of power and extensibility, once reserved for commercial cloud security platforms, is now open source and freely available.

“With Falco now producing Stratoshark-consumable SCAP files and enriched cloud log metadata, we’re bridging the open source gap between real-time threat detection and granular forensics,” said Gerald Combs, Director of Open Source Projects at Sysdig, creator of Wireshark. “The future of security is built on open source, and the future of open source is built on a platform approach that enables security teams to work faster and more efficiently.”

Cyber Technology Insights : RSM Expands Cyber Defense Capabilities Through SailPoint Identity Integration

Source: businesswire

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com

Tags: cloud security, Open Source Cloud Security, security data, security teams, Sysdig

CyberTech Media Room

Share With

AMI Achieves Industry First with Successful Implementation of Post-Quantum Cryptography

Bruce Schneier and Brian LaMacchia Join American Binary’s Advisory Board

NSS Labs Selects ectacom GmbH to Expand Cybersecurity Representation in Central Europe

ThreatDown Launches Nexus Partner Program, Strengthening its Channel-First Commitment

Contact Us

Quick Links

Insights

Get in touch

Follow Us

Our Other Brands