New features unite detection, investigation, and response across Falco and Stratoshark, creating a seamless workflow for a global community of users

ATLANTA: KubeCon + CloudNativeCon North America 2025 – Sysdig, the leader in real-time cloud security, today announced new open source threat investigation and analysis capabilities for Falco, the standard for runtime cloud threat detection used by more than 60% of the Fortune 500. These updates deepen Falco’s ability to integrate with Stratoshark, creating a unified, end-to-end cloud security workload built entirely on open source.

Falco, which became a Cloud Native Computing Foundation (CNCF) graduated project in February 2024 and has exceeded 175 million downloads, can now record system capture (SCAP) files when specific rules are triggered. These files are readily consumable by Stratoshark, dubbed “Wireshark for the cloud” due to its roots in the popular open-source packet analysis tool. This integration lets users move seamlessly from real-time threat detection into post-event analysis.

Sysdig also announced enhancements to several Falco plug-ins, including k8saudit and gcpaudit, which enable Stratoshark to uncover and highlight key context in source events and help teams turn raw security data into actionable intelligence. Together, these features combine fast and precise threat detection and forensics into a single, streamlined process for cloud security teams.

“Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry’s tool of choice for deep cloud system analysis,” said Loris Degioanni, founder and CTO of Sysdig, creator of Falco. “Enhancing the integration between these powerful tools brings the open source community closer to a unified, platform-like experience for complete life-cycle detection and response in the cloud.”

The Power of a Platform Approach for Open Source Security

Modern cloud environments are distributed and complex, with threats that are increasingly fast and sophisticated. In response, open source security is quickly evolving beyond individual point tools toward fully integrated systems. To stay ahead of threats, teams need tools that work together across the entire security life cycle. The enhanced integration of Falco with Stratoshark means that not only can users detect an attack in real time, but also drill into captured data with precision so that they can respond with speed and confidence.

With these new capabilities, users gain:

• Unified workflows: Teams can detect threats in real time with Falco, capture in-depth incident details from the moment Falco flags suspicious behavior, and investigate with precision in Stratoshark. This workflow equips teams to respond with complete context, all in one seamless, platform-like ecosystem.
• Community-driven innovation: Open source security is strengthened by shared progress, transparency, and collective insight. Falco and Stratoshark are built on open standards and constantly evolving to meet the changing threat landscape.
• Democratized cloud security: Teams can easily zoom in and out of system activity, moving seamlessly from high-level context to raw metadata. This kind of power and extensibility, once reserved for commercial cloud security platforms, is now open source and freely available.

“With Falco now producing Stratoshark-consumable SCAP files and enriched cloud log metadata, we’re bridging the open source gap between real-time threat detection and granular forensics,” said Gerald Combs, Director of Open Source Projects at Sysdig, creator of Wireshark. “The future of security is built on open source, and the future of open source is built on a platform approach that enables security teams to work faster and more efficiently.”

Building a Stronger Open Source Community

The spirit of open source, which is rooted in transparency and collaboration, extends beyond tools. Security shouldn’t be an asymmetrical battle. Earlier this year, Sysdig launched the Sysdig Open Source Community to unify and support the worldwide ecosystem of security professionals, developers, engineers, analysts, and students using Falco, Wireshark, Stratoshark, and sysdig OSS. The goal is to foster deeper collaboration, knowledge sharing, and a stronger sense of connection across the once-disparate community of users.

Sysdig and Falco will be at KubeCon + CloudNativeCon North America in Atlanta, Georgia, Nov. 10-13, 2025. Visit Sysdig at Booth No. 910 and attend these presentations to learn more:

• “Project Lightning Talk: When Falco Spots Trouble, The Shark Swims In” with Gerald Combs and Leonardo Grasso, Open Source Engineering Lead at Sysdig, on Monday, Nov. 10, 2025, at 11:41 a.m. Eastern time in Building C, Level 3, Georgia Ballroom 2.
• “Hands-On Cloud Native Security Workshop” with Loris Degioanni and Madeline Preston, Customer Reliability Escalation Engineer at Sysdig, on Monday, Nov. 10, 2025, at 2 p.m. Eastern time at the Omni Atlanta Hotel. Please note that this event is currently wait-listed, as sign-ups have already reached maximum capacity.
• “Beyond the Cloud(s): Falco’s Ascent in Performance and Deep Visibility” with Leonardo Grasso and Leonardo Di Giovanna, Open Source Engineer at Sysdig, on Tuesday, Nov. 11, 2025, at 3:15 p.m. Eastern time in Building C, Level 3, Georgia Ballroom 3.

Resources

• Read “How Falco and Stratoshark close the gap between open source runtime detection and deep forensic analysis.”
• See Stratoshark in action.
• Explore Falco Feeds by Sysdig.

About Sysdig

Sysdig delivers cloud security the right way with open innovation, agentic AI, and the uncompromising truth of runtime. In a world of black boxes and blind spots, Sysdig helps security and development teams prevent, detect, and respond to threats in the moment.

AI is only as powerful as the signals it receives, and Sysdig Sage™ – the first agentic AI analyst for cloud security – is fueled by the deepest runtime intelligence in the industry. It doesn’t just observe. It reasons and acts with the context, speed, and precision that modern teams need to build and defend innovation in real time. Founded by the creators of Falco and Wireshark, Sysdig is trusted by more than 60% of the Fortune 500 and is built for those who refuse to compromise on security.

Fonte: Business Wire