Sysdig unveils Stratoshark for cloud network analysis

Sysdig has launched Stratoshark, an open source tool designed to extend the capabilities of Wireshark into cloud environments, thereby providing network professionals with enhanced visibility and cloud observability.

Wireshark has been a vital tool for network analysis since its creation, boasting over 160 million downloads in the past decade and more than 5 million daily users.

With the shift of many companies to cloud services, the requirement for similar visibility capabilities in cloud settings has grown. Stratoshark is tailored to meet this need by enabling detailed analysis and troubleshooting of cloud systems, akin to the functions traditionally offered by Wireshark on network traffic.

Gerald Combs, co-creator of Wireshark and Stratoshark and Sysdig Director of Open Source Projects, commented on the development, "Wireshark revolutionised network analysis by democratising packet captures, a concept that Sysdig brought to cloud-native workloads and Falco extended to cloud runtime security. Wireshark users live by the phrase 'pcap or it didn't happen,' but until now cloud packet capture hasn't been easy or even possible."

"Stratoshark helps unlock this level of visibility, equipping network professionals with a familiar tool that makes system call and log analysis as accessible and transformative for the cloud as Wireshark did for network packet analysis."

The move to the cloud has highlighted a significant skills gap in cloud security, reportedly lacking nearly 5 million qualified cybersecurity professionals globally.

The "State of Security in 2024" report by O'Reilly supports this claim, indicating that cloud computing is a domain where skills are in high demand but difficult to source. Stratoshark integrates with Falco—known for cloud-native threat detection with over 130 million downloads—providing extensive cloud context and enabling experienced network analysts to transition their skills seamlessly to cloud environments.

Loris Degioanni, Sysdig Founder and CTO, as well as co-creator of Stratoshark and Wireshark, stated, "With Stratoshark, we're bringing the proven principles of Wireshark to the complexities of modern environments. By combining Wireshark's rich network insights with Falco's real-time cloud-native security, Stratoshark equips teams to better understand cloud events, logs, and system calls with open source accessibility."

The market response to Stratoshark reflects its potential to modernise network analysis skills for the cloud.

Sheri Najafi, Executive Director at the Wireshark Foundation, said, "Stratoshark presents an exciting opportunity for longtime Wireshark users to apply their network analysis skills directly to the cloud, and the community couldn't be more thrilled. Wireshark has empowered multiple generations of network professionals to analyse malicious behaviour, like lateral movement, ransomware spread, and communications from compromised systems, and Stratoshark equips them to modernise this skill set."

Josh Clark, Performance Engineer for a large U.S. financial institution, also recognised the tool's importance, stating, "Stratoshark unlocks a new dimension of troubleshooting, allowing users to look deep into servers with the same fidelity that Wireshark has given them on networks. It sets a new standard for system call and log analysis, and opens the door for packet analysts to transfer their expertise to a new domain."

Ross Bagurdes, a Network Engineer and Educator at Pluralsight, added that "For over two decades, Wireshark has helped countless engineers filter network traffic to efficiently isolate and troubleshoot application issues by analysing evidence within network protocols.

Stratoshark takes the best of Wireshark's tools and equips today's professionals with critical cloud system visibility and troubleshooting."