The most motivating part of working in security has always been the strength and knowledge sharing of the security community, and nothing paints that better than the Osquery@Scale conference. A smaller gathering of passionate security tinkerers who like building things on the overwhelmingly robust open-source osquery.
The strength of this community, and what I love so much about it, is the willingness to share knowledge and evangelize the interesting ways that we use our security tools to make our lives as security practitioners easier and our environments more secure. In advance of this year's 2022 Osquery@Scale conference, I have put together a summary of a couple of talks that stood out to me when looking at how osquery is being put to work for compliance and cloud governance use cases.
Endpoint compliance at it's best
Kuntal gives a masterclass in his talk Endpoint compliance at your “fingertips”, explaining in detail how he and his team at Comcast simplified endpoint compliance with osquery reports, scheduled queries, and real-time compliance checks. Weaving compliance use cases from on-demand audit reports all the way down to investigating developer laptops for outdated chrome extensions, this talk covers vast ground in the osquery compliance space - and yet he concludes by saying this is just the surface of what osquery can accomplish.
The interoperability of Osquery, combined with the granular level of detail, serves as a perfect tool for monitoring dynamic and diverse asset fleetss. This talk lays the foundation for using osquery as the base tooling for your compliance monitoring, and even addresses concerns around resource utilization of the agent (quelling those concerns through the osquery watchdog).
Foundations of a strong security program: Cloud Governance
Chris brings light to the black sheep of the security world, compliance and regulatory governance, in his talk Cloud Governance and Compliance with osquery. He dives into the weeds of technically addressing cloud governance (primarily in AWS) and gives his unique perspective on why first addressing the ever-increasing burden of compliance is the foundation of good security and not the other way around with good security being the foundation of easy compliance.
Working directly in cloud provider tooling can be costly between runtime API quotas or just difficulty with navigating the UI to extract the right data for compliance use cases. Using osquery, Mulesoft was able to inventory across diverse assets and map a compliance program that allowed for real-time monitoring of the control and data planes to achieve 100% coverage, ultimately easing the pain with FedRAMP and CIS benchmarks.
Join the osquery party
This September, 2022 is bringing another iteration of the Osquery@Scale conference to bring together an array of security leaders, practitioners, and friends of osquery. If these talks piqued your interest, please join in on the fun and come see us (in person!) on September 14th and 15th in San Francisco at The Exploratorium, a perfect place to meet security folks and continue to explore the world of science and security.