Sysdig unveils a major open source milestone at KubeCon + CloudNativeCon North America 2025, integrating Falco and Stratoshark to create a unified, platform-like cloud security ecosystem.
Sysdig has widened its open source vision for cloud security with new capabilities that unite detection, investigation, and response across its flagship open source tools, Falco and Stratoshark. Announced at KubeCon + CloudNativeCon North America 2025 in Atlanta, the updates mark a significant step toward building an integrated, collaborative cloud security ecosystem.
Falco, a Cloud Native Computing Foundation (CNCF) graduated project since February 2024, now surpasses 175 million downloads and is relied upon by over 60% of the Fortune 500 for runtime cloud threat detection. With its latest update, Falco can record System Capture (SCAP) files when specific rules are triggered—files that are directly consumable by Stratoshark, dubbed “Wireshark for the cloud.” This seamless integration allows teams to move from real-time threat detection to deep forensic analysis within a unified workflow.
Sysdig has also enhanced several Falco plug-ins, including k8saudit and gcpaudit, enabling Stratoshark to extract richer event context and transform raw data into actionable insights.
“Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry’s tool of choice for deep cloud system analysis,” said Loris Degioanni, Founder and CTO of Sysdig. “Enhancing the integration between these powerful tools brings the open source community closer to a unified, platform-like experience for complete life-cycle detection and response in the cloud.”
By merging real-time detection with forensic precision, Sysdig demonstrates how open source innovation can deliver enterprise-grade, transparent, and democratised security for modern cloud environments.
