Sysdig, a leader in real-time cloud security, has announced substantial upgrades to its open source threat investigation suite, Falco, utilised by over 60% of the Fortune 500 companies. These enhancements signify a significant leap towards an integrated cloud security workload founded entirely on open source.
The flagship open source tool, Falco, celebrated for runtime cloud threat detection, has graduated as a project under the Cloud Native Computing Foundation (CNCF) and achieved over 175 million downloads. With the recent update, Falco now supports system capture (SCAP) file recordings triggered by specific security rules. This allows seamless integration with Stratoshark, commonly referred to as "Wireshark for the cloud". Users can transition smoothly from real-time detection to thorough post-event analysis, thanks to this cohesive integration.
Further enhancements to Falco's plugins, including k8saudit and gcpaudit, empower Stratoshark to contextualise key source events, translating raw security data into actionable insights. These upgrades combine swift threat detection with precise forensic analysis, simplifying processes for cloud security teams.
Modern cloud environments are inherently complex and rapidly evolving, necessitating a platform-based approach to security. With the combined efforts of Falco and Stratoshark, teams can not only detect in real-time but also delve deeply into captured data for thorough investigation, ensuring quick and confident responses.
Benefits of the New Capabilities Include:
- Unified workflows: Transition seamlessly from detection in Falco to detailed investigation using Stratoshark, enabling comprehensive response strategies.
- Community-driven innovation: The open-source community thrives on transparency and collective insights, continuously adapting to meet emerging threats.
- Democratised security: Advanced features formerly exclusive to commercial platforms are now accessible via open-source channels, empowering a broader community.
Gerald Combs, Director of Open Source Projects at Sysdig, highlights that with Falco's new SCAP files and enriched cloud log metadata, the boundaries between detection and detailed forensics are blurred. This evolution heralds a future where security is intertwined with open-source methodologies.
Beyond tools, Sysdig's launch of the Open Source Community this year has fortified the global network of security professionals, developers, analysts, and students. By fostering collaborative efforts and knowledge sharing, the initiative aims to unite and strengthen diverse user communities.
