How Osquery Helps Secure Your Cloud with These Two Critical CIS Benchmark Controls

Posted by Matt Hathaway on 9/6/18 9:09 AM

Two of the 6 basic security controls, according to the Center for Internet Security, are focused on the current state of your assets. Assessing the state of your assets has been a priority for years, but the old means aren’t as effective in modern infrastructure as they were on legacy systems. These two critical controls - Continuous Vulnerability Management and Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers - are a foundational part of any security program, but you’ll run into implementation challenges if you simply drag legacy tools into a cloud environment. That’s why osquery, a light weight and cloud friendly universal agent, is quickly becoming the go-to for helping to secure cloud workloads, in part through the effective application of these two critical controls. Let’s explore how.

Read More

Topics: osquery, continuous monitoring, cloud monitoring, cloud security, CIS Benchmark

How Osquery Will Change The Fragmented Security Market

Posted by Ganesh Pai & Amber Picotte on 8/30/18 9:42 AM

 The Current State of Enterprise Security: Fragmentation and Fatigue

In a recent blog post, we discussed some of the issues with proprietary agents and the challenges they pose to enterprises. For example, most security solutions deploy separate and proprietary agents for audit/compliance, threat detection, vulnerability detection and incident response.

Read More

Topics: osquery, system architecture

Secret Agent Mess

Posted by Amber Picotte on 8/28/18 8:15 AM

While endpoint agents have always tried to be the eyes and ears for security, an overabundance of them may be degrading security rather than improving it. A 2017 survey from Barkly and Ponemon Institute finds that companies have as many as seven different agents running on each endpoint, while at the same time, three out of four report still having difficulty managing endpoint risk. Other security solutions require agents for compliance, data leakage, vulnerability and patch management, network security solutions, systems management, and more. The industry has gone agent crazy, it seems, resulting in significant performance issues, escalating licensing costs, conflicts with other services running on the endpoints, maintenance headaches, difficulties for upgrades and certification issues, and more. 

Read More

Topics: osquery, opinion

Intro to Osquery: Frequently Asked Questions for Beginners

Posted by Amber Picotte on 7/17/18 6:52 AM

There is a growing and passionate community around osquery, actively sharing information and perspective, answering questions, exposing challenges and dispelling misconceptions. Even so, learning the basics as you're getting started requires a lot of piecing together bits of wisdom (ie Googling + Reading + Networking). The intention of this post is to a) curate some of the great content from the community b) organize it to cover common questions for beginners c) incorporate some of what we've learned over the past three years through the Uptycs journey. If you like it, and it is helpful, throw a comment down below or let us know on Twitter and we'll create a more advanced FAQ next time around. 

Read More

Topics: osquery

Osquery In Action: Where and When to Apply "Threat Intel"

Posted by Doug Wilson on 6/14/18 3:55 PM
Read More

Topics: osquery tutorial, osquery

Securing Containers: Using osquery to Solve New Challenges Posed by Hosted Orchestration Services

Posted by Milan Shah on 6/7/18 8:37 AM

It is not often that one runs into situations that so purely fit a classic stereotype. Securing and monitoring Docker containers happens to be one of those conundrums that is a textbook example of a “damned if you do and damned if you don’t” setup. On the surface, securing and monitoring containers seems like a straightforward affair – treat containers like mini virtual machines, and run your security/monitoring agents in each container; or, treat them like processes running on the host OS, and run your security/monitoring agents on the host OS. Sounds simple enough. However, both options run into some surprisingly natty difficulties. 

Read More

Topics: osquery, Docker Security, Kubernetes, containers

Does osquery violate GDPR rules around Personally Identifiable Data (PII)?

Posted by Milan Shah on 5/25/18 8:49 AM

AHHHH! GDPR day is upon us!

If you've used a service or signed up for anything ever in your life then you've surely noticed the onslaught of "Terms of Privacy Update" emails over the last couple of days. That could only mean one thing: GDPR implementation day has finally arrived! But for all the unavoidable noise around GDPR, we couldn't help but notice a lack in any advice or documentation about osquery and its link to Personally Identifiable Information (PII) -- a focal area in the GDPR regulation (here's a "handy" 100 page reference guide on GDPR). So, let's get right to it then.

Read More

Topics: osquery, GDPR

Osquery Security Solutions: Build or Buy?

Posted by Doug Wilson on 5/11/18 9:46 AM

Late last week, Chris Sanders (@chrissanders88), a former FireEye colleague, posted an interesting "lunchtime poll":

Read More

Topics: osquery, open-source

Open-source hasn't disrupted security...yet

Posted by Doug Wilson on 5/3/18 11:55 AM

I’ve written before about how I feel open-source technology will prove disruptive in the security industry. Having recently returned from a week in San Francisco for B-Sides SF & RSA, which is known as the annual pilgrimage for "Infosec Sales," I feel that way now more than ever. The growth in adoption of open-source technologies may indicate that people are starting to get more comfortable with the concept or ability of their still being enough room for innovation that companies can charge for what they develop on top of “free” open-source projects. Coming back from the premier sales conference for the information security industry is a great showcase for why I’ve come away with that thought. Let's explore...

Read More

Topics: osquery, open-source

SQL introduction for osquery

Posted by Doug Wilson on 4/12/18 7:39 AM

SQL (Structured Query Language) will be in its mid-forties later this month having been introduced by its creators Donald Chamberlin and Raymond Boyce in the 1970s. Given its age, it isn’t so hard to understand how the 2017 Stack Overflow Developers Survey uncovered that SQL is the second-most common programming language, used by 50% of developers and beaten only by JavaScript. 

Read More

Topics: osquery tutorial, osquery, video

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads