With polymorphic malware, quick-turn domains and turn-on-a-dime attack tactics, most security professionals are looking for real-time intelligence to enable protection that is as close to zero-day as possible. Finding a threat anywhere around the globe and then immediately blasting out a definition or identifying an artifact is high on the cybersecurity wish list.
The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems, while defenders can use the registry to ensure that settings are configured as they are expected to. This is something that is not always easy to do with standard tools in Windows, or with the right level of performance. Fortunately, osquery solves that for us.
2018: The year of speculative execution bugs
A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public.
Although disclosure was supposed to occur on January 9, news outlets found updates in the Linux Kernel and broke word early on January 3, kicking off the year with a pretty big headache for IT and security teams across the globe.
2018 marks the first full year in which Uptycs, the company created to bring Facebook’s open source osquery agent to widespread commercial adoption, has had its turnkey security analytics platform in the market. As can be expected of any startup that launches a new ground-breaking product, it has been an exciting year, full of anticipation, unprecedented interest, and challenging work as we tweaked and tuned the product to optimize it for what our customers needed it to do.
Last week, Malwarebytes posted an article highlighting new malware discovered by John Lambert (Microsoft), Patrick Wardle (Objective-See and Digita Security) and Adam Thomas (Malwarebytes), and sure enough, persistence using launchd is still a common thing.
Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely. These vulnerabilities, discovered by Radboud University researchers Carlo Meijer and Bernard van Gastel, affect multiple models including some made by the popular brands Crucial and Samsung.
I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.
451 Research, a global research advisory firm, recently published their first market insight report covering osquery. The report, “Uptycs emerges from stealth betting on SQL-based osquery for upending endpoint security” acknowledges the growing impact the universal open source agent is having in the security market.
According to the official osquery docs, osquery (os=operating system) is an operating system instrumentation framework that exposes an operating system as a high-performance relational database. Using SQL, you can write a single query to explore any given data, regardless of operating system. (more on osquery basics here)
Two of the 6 basic security controls, according to the Center for Internet Security, are focused on the current state of your assets. Assessing the state of your assets has been a priority for years, but the old means aren’t as effective in modern infrastructure as they were on legacy systems. These two critical controls - Continuous Vulnerability Management and Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers - are a foundational part of any security program, but you’ll run into implementation challenges if you simply drag legacy tools into a cloud environment. That’s why osquery, a light weight and cloud friendly universal agent, is quickly becoming the go-to for helping to secure cloud workloads, in part through the effective application of these two critical controls. Let’s explore how.