2018: The year of speculative execution bugs

A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public.

Although disclosure was supposed to occur on January 9, news outlets found updates in the Linux Kernel and broke word early on January 3, kicking off the year with a pretty big headache for IT and security teams across the globe.

2018 marks the first full year in which Uptycs, the company created to bring Facebook’s open source osquery agent to widespread commercial adoption, has had its turnkey security analytics platform in the market. As can be expected of any startup that launches a new ground-breaking product, it has been an exciting year, full of anticipation, unprecedented interest, and challenging work as we tweaked and tuned the product to optimize it for what our customers needed it to do.

Last week, Malwarebytes posted an article highlighting new malware discovered by John Lambert (Microsoft), Patrick Wardle (Objective-See and Digita Security) and Adam Thomas (Malwarebytes), and sure enough, persistence using launchd is still a common thing.

Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely. These vulnerabilities, discovered by Radboud University researchers Carlo Meijer and Bernard van Gastel, affect multiple models including some made by the popular brands Crucial and Samsung.

With weightier compliance penalties, ever-deepening cybercrime, and rapid adoption rates of public or hybrid cloud, financial services companies must pay closer attention to cloud compliance and stop treating it in a vacuum.

I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.

451 Research, a global research advisory firm, recently published their first market insight report covering osquery. The report, “Uptycs emerges from stealth betting on SQL-based osquery for upending endpoint security” acknowledges the growing impact the universal open source agent is having in the security market. 

According to the official osquery docs, osquery (os=operating system) is an operating system instrumentation framework that exposes an operating system as a high-performance relational database. Using SQL, you can write a single query to explore any given data, regardless of operating system. (more on osquery basics here)

Two of the 6 basic security controls, according to the Center for Internet Security, are focused on the current state of your assets. Assessing the state of your assets has been a priority for years, but the old means aren’t as effective in modern infrastructure as they were on legacy systems. These two critical controls - Continuous Vulnerability Management and Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers - are a foundational part of any security program, but you’ll run into implementation challenges if you simply drag legacy tools into a cloud environment. That’s why osquery, a light weight and cloud friendly universal agent, is quickly becoming the go-to for helping to secure cloud workloads, in part through the effective application of these two critical controls. Let’s explore how.

 The Current State of Enterprise Security: Fragmentation and Fatigue

In a recent blog post, we discussed some of the issues with proprietary agents and the challenges they pose to enterprises. For example, most security solutions deploy separate and proprietary agents for audit/compliance, threat detection, vulnerability detection and incident response.