Endpoint Security For Mac: What You Need To Know In 2020

For a long time, Mac security threats weren’t a top of mind concern for security teams and vendors, who primarily focused on securing Windows where they had a much larger footprint. Now, many employees are using Macs to access production infrastructure, presenting new avenues for attackers to exploit.

Read More

Topics: endpoint security

Resource Smart YARA Scans: Saving CPU and Time with osquery

As attackers continually evolve their tactics, the arsenal of tools at hand for defenders needs to respond to attacker complexity while still enabling day-to-day business to happen.

When it comes to detecting malware, the arms race between attackers and defenders is certainly nothing new. The once seemingly simple battle between nuisance script kiddie worms and simple anti-virus software evolved over time into a much more complex and layered approach towards stopping powerful weapons against organizations to extort, incur damages, and steal intellectual property. For a long time now, malware-detection technologies have become more sophisticated as malware works harder than ever to gain access to a target machine and then conceal its presence as it runs.

Read More

Topics: malware, threat hunting, security analytics, endpoint security

How To Use MITRE ATT&CK For Endpoint Security

MITRE ATT&CK is a trusted tool in the arsenal of many security teams. When it comes to endpoint security, analysts need to stay proactive to ensure their organization remains resolute in the face of growing threats.

Read More

Topics: security analytics, endpoint security

Osquery vs. OSSEC: Which Is Best for Linux Security in 2020?

For security analysts working on Linux, the lack of flexible, transparent and comprehensive tools is an ongoing problem. As is often the case, security professionals are turning to open-source solutions that can be more easily customized to solve specific problems.

Read More

Topics: linux security

Security Analytics and Big Data: 4 Keys To An Effective Approach

Proper security analytics require big data—a fact that companies are increasingly starting to recognize. Nearly 30% of organizations claim they are collecting, processing, and analyzing significantly more security data than they did two years ago, and 42% acknowledge the future importance of leveraging big data for security purposes. But at the same time, only 13% of companies believe their IT security stack is up to the task of effectively collecting and analyzing data organization-wide.

Read More

Topics: security analytics

Exploring The Critical Components Of DevOps

In a world where development is conducted on a variety of operating systems and hosted on the cloud, having a well-structured development system with integrated security is vital to ensuring that customer solutions are functioning optimally and are secure. This is achieved through DevOps.

Read More

Topics: project management

Introducing usql: An Interactive Command Line Tool for osquery and Uptycs

If you like a command line and want a way to access osquery data stored in your various Uptycs databases (global | realtime | timemachine), you'll want to install and use usql. usql is written in python and uses the dbcli framework. It functions like osqueryi, giving you the ability to run a query or multiple queries against all enrolled assets in Uptycs. 

Read More

Topics: integrations

How To Maximize Your SIEM Benefits

Having the ability to aggregate and analyze data across multiple systems is a necessity for companies of all sizes, primarily for security and compliance reasons. For most businesses, SIEM (security information and event management) tools fulfill this function. But SIEM solutions as they are traditionally used can be costly, a problem that eventually leads most security professionals to make important decisions based on dollars and cents rather than actual security needs.

Read More

Topics: siem, threat management

Investigating Threat Alerts with Osquery: Understanding Threat Surface & Risk

The Uptycs Threat Intelligence team is responsible for providing a high quality, curated, and current Threat Intelligence feed to the Uptycs product. In order to deliver the threat feed, the team evaluates every single alert that is seen by our customers, and investigates the alert as feedback into the threat feed curation process. Recently we observed a malicious domain alert from a customer. The out-of-the-box alert description indicated that it belonged to the OSX/Shlayer malware family. We were quickly able to query Uptycs threat intelligence to find that the domain first appeared on February, 2019 and was reported by multiple threat intel sources. Once the threat was validated, we dove into deeper investigation to understand the threat surface and risk. This post walks through the steps and techniques we performed to analyze data that had been collected via osquery, and aggregated in Uptycs.

Read More

Topics: osquery, incident investigation, threat hunting, threat intelligence

Announcing the osquery@scale Conference

Osquery has become a popular tooling for endpoint-based security analytics. The user community is thriving and vibrant as reflected in GitHub security showcase and osquery slack channel activity. There are many organizations, large and small, who are using it for a wide-variety of use cases. There are anecdotal references to organizations such as Facebook, Google and others using it at very large scale to get security visibility.

Read More

Topics: osquery

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads