One Year Later: Ensuring Windows is Protected from Meltdown+Spectre

Posted by Guillaume Ross on 1/10/19 9:48 AM

2018: The year of speculative execution bugs

A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public.

Although disclosure was supposed to occur on January 9, news outlets found updates in the Linux Kernel and broke word early on January 3, kicking off the year with a pretty big headache for IT and security teams across the globe.

Read More

Topics: osquery, open-source, system architecture

3 Reasons Incident Responders Need Osquery

Posted by Milan Shah on 12/20/18 9:18 AM

2018 marks the first full year in which Uptycs, the company created to bring Facebook’s open source osquery agent to widespread commercial adoption, has had its turnkey security analytics platform in the market. As can be expected of any startup that launches a new ground-breaking product, it has been an exciting year, full of anticipation, unprecedented interest, and challenging work as we tweaked and tuned the product to optimize it for what our customers needed it to do.

Read More

Topics: osquery, incident investigation

Hunting for Evil Launch Daemons - Identifying Suspicious Behavior with Osquery

Posted by Guillaume Ross on 12/18/18 10:05 AM

Last week, Malwarebytes posted an article highlighting new malware discovered by John Lambert (Microsoft), Patrick Wardle (Objective-See and Digita Security) and Adam Thomas (Malwarebytes), and sure enough, persistence using launchd is still a common thing.

Read More

Topics: open-source, osquery, macOS

Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines

Posted by Guillaume Ross on 11/12/18 12:32 PM

Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely. These vulnerabilities, discovered by Radboud University researchers Carlo Meijer and Bernard van Gastel, affect multiple models including some made by the popular brands Crucial and Samsung.

Read More

Topics: osquery, Insider

Cloud Compliance for FiServ Requires Merger of 3 Disciplines

Posted by Amber Picotte on 11/1/18 8:40 AM

With weightier compliance penalties, ever-deepening cybercrime, and rapid adoption rates of public or hybrid cloud, financial services companies must pay closer attention to cloud compliance and stop treating it in a vacuum.

Read More

Topics: CIS Benchmark, cloud monitoring, continuous monitoring, cloud compliance

Free Osquery Training Course Now On-Demand

Posted by Doug Wilson on 10/18/18 8:35 AM

I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.

Read More

Topics: open-source, osquery, osquery tutorial

Research Report Evaluates Osquery’s Role in Upending Endpoint Security [Complimentary Copy]

Posted by Harry Hayward on 10/4/18 8:43 AM

451 Research, a global research advisory firm, recently published their first market insight report covering osquery. The report, “Uptycs emerges from stealth betting on SQL-based osquery for upending endpoint security” acknowledges the growing impact the universal open source agent is having in the security market. 

Read More

Topics: osquery, Insider, open-source

Deploying Osquery at Scale: A Comprehensive List of Open Source Tools

Posted by Harry Hayward on 9/13/18 8:31 AM

According to the official osquery docs, osquery (os=operating system) is an operating system instrumentation framework that exposes an operating system as a high-performance relational database. Using SQL, you can write a single query to explore any given data, regardless of operating system. (more on osquery basics here)

Read More

Topics: osquery

How Osquery Helps Secure Your Cloud with These Two Critical CIS Benchmark Controls

Posted by Matt Hathaway on 9/6/18 9:09 AM

Two of the 6 basic security controls, according to the Center for Internet Security, are focused on the current state of your assets. Assessing the state of your assets has been a priority for years, but the old means aren’t as effective in modern infrastructure as they were on legacy systems. These two critical controls - Continuous Vulnerability Management and Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers - are a foundational part of any security program, but you’ll run into implementation challenges if you simply drag legacy tools into a cloud environment. That’s why osquery, a light weight and cloud friendly universal agent, is quickly becoming the go-to for helping to secure cloud workloads, in part through the effective application of these two critical controls. Let’s explore how.

Read More

Topics: CIS Benchmark, osquery, continuous monitoring, cloud monitoring, cloud security

How Osquery Will Change The Fragmented Security Market

Posted by Ganesh Pai & Amber Picotte on 8/30/18 9:42 AM

 The Current State of Enterprise Security: Fragmentation and Fatigue

In a recent blog post, we discussed some of the issues with proprietary agents and the challenges they pose to enterprises. For example, most security solutions deploy separate and proprietary agents for audit/compliance, threat detection, vulnerability detection and incident response.

Read More

Topics: osquery, system architecture

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads