Open Source Insider

Sysdig widens open source vision for cloud security 

Adrian Bridgwater
Adrian Bridgwater

Real-time cloud security company has come forward with new features that aim to unite detection, investigation and response across Falco and Stratoshark.

The company used its appearance at KubeCon + CloudNativeCon North America 2025, Atlanta, to explain how its new open source threat investigation and analysis capabilities for Falco work.

NOTE: Falco is the standard for runtime cloud threat detection used by more than 60% of the Fortune 500. 

Falco became a Cloud Native Computing Foundation (CNCF) graduated project in February 2024 and has exceeded 175 million downloads; it can now record system capture (SCAP) files when specific rules are triggered. 

These files are readily consumable by Stratoshark, dubbed “Wireshark for the cloud” due to its roots in the popular open-source packet analysis tool. This integration lets users move seamlessly from real-time threat detection into post-event analysis.

Sysdig also announced enhancements to several Falco plug-ins, including k8saudit and gcpaudit, which enable Stratoshark to uncover and highlight key context in source events and help teams turn raw security data into actionable intelligence. Together, these features combine fast and precise threat detection and forensics into a single, streamlined process for cloud security teams.

“Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry’s tool of choice for deep cloud system analysis,” said Loris Degioanni, founder and CTO of Sysdig, creator of Falco. “Enhancing the integration between these powerful tools brings the open source community closer to a unified, platform-like experience for complete life-cycle detection and response in the cloud.

Because modern cloud environments are distributed and complex (with threats that are increasingly fast and sophisticated) Sysdig says that it has developed its technology to show that open source security is quickly evolving beyond individual point tools toward fully integrated systems. 

Integrated Falco + Stratoshark 

To stay ahead of threats, Degioanni suggests that teams need tools that work together across the entire security life cycle. The enhanced integration of Falco with Stratoshark means that not only can users detect an attack in real time, but also drill into captured data with precision so that they can respond with speed.

With these new capabilities, users gain:

  • Unified workflows: teams can detect threats in real time with Falco, capture in-depth incident details from the moment Falco flags suspicious behaviour and investigate with precision in Stratoshark. This workflow equips teams to respond with complete context, all in one seamless, platform-like ecosystem.
  • Community-driven innovation: open source security is strengthened by shared progress, transparency and collective insight. Falco and Stratoshark are built on open standards and constantly evolving to meet the changing threat landscape.
  • Democratised cloud security: teams can zoom in and out of system activity, moving from high-level context to raw metadata. This kind of extensibility, once reserved for commercial cloud security platforms, is now open source and freely available.

Security is not an asymmetrical battle

The spirit of open source, which is rooted in transparency and collaboration, extends beyond tools. Security shouldn’t be an asymmetrical battle. Earlier this year, Sysdig launched the Sysdig Open Source Community to unify and support the worldwide ecosystem of security professionals, developers, engineers, analysts and students using Falco, Wireshark, Stratoshark and sysdig OSS. 

“With Falco now producing Stratoshark-consumable SCAP files and enriched cloud log metadata, we’re bridging the open source gap between real-time threat detection and granular forensics,” said Gerald Combs, director of open source projects at Sysdig, creator of Wireshark. “The future of security is built on open source and the future of open source is built on a platform approach that enables security teams to work faster and more efficiently.”

The goal for Sysdig is to foster deeper collaboration, knowledge sharing and a stronger sense of connection across the once-disparate community of users.