Osquery has become a popular tooling for endpoint-based security analytics. The user community is thriving and vibrant as reflected in GitHub security showcase and osquery slack channel activity. There are many organizations, large and small, who are using it for a wide-variety of use cases. There are anecdotal references to organizations such as Facebook, Google and others using it at very large scale to get security visibility.

In this blog post I’ll cover osquery’s ability to provide performant behavior and its capabilities to excel at enterprise grade requirements. Many observations covered in this blog will highlight various capabilities of osquery that should aid in your journey toward an enterprise-grade osquery deployment.

Osquery has become a popular source of instrumentation for a wide variety of use cases. On github security showcase, it is currently among the top most popular open source security projects. Given the popularity, a recurring question is what use cases can one address with osquery in an enterprise environment?

Today, we announced our $10M Series A funding led by ForgePoint Capital and Comcast Ventures. Read the press release here. 

Three years ago a conversation - over coffee and in the company of my co-founders – changed the trajectory of my entrepreneurial journey. We were discussing how fragmentation is a major problem in the cyber security industry. What do I mean by fragmentation?  Just take a look at the exhibit floor at RSA Conference and observe the ever-growing sea of vendors offering point solutions, each with their own agent collecting relevant data and covering only a portion of what is needed to achieve good cyber hygiene. The vast majority of these solutions are closed and proprietary, and only extensible by convincing the solution vendor to add some new features to its product roadmap, which could take many months or even years. Within a category, each vendor claims theirs is the best.  But based on what, the security credentials of the founders and technical leadership team?  You can’t look inside the products to see what is going on. It’s more of a “trust me, I know what I’m doing.”  Adding to the problem is that each solution comes with its own UI and threat intelligence, and doesn’t easily share data with other solutions, except through a third solution, typically a SIEM.