In this blog post I’ll cover osquery’s ability to provide performant behavior and its capabilities to excel at enterprise grade requirements. Many observations covered in this blog will highlight various capabilities of osquery that should aid in your journey toward an enterprise-grade osquery deployment.
Osquery has become a popular source of instrumentation for a wide variety of use cases. On github security showcase, it is currently among the top most popular open source security projects. Given the popularity, a recurring question is what use cases can one address with osquery in an enterprise environment?
2018: The year of speculative execution bugs
A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public.
Although disclosure was supposed to occur on January 9, news outlets found updates in the Linux Kernel and broke word early on January 3, kicking off the year with a pretty big headache for IT and security teams across the globe.
The Current State of Enterprise Security: Fragmentation and Fatigue
In a recent blog post, we discussed some of the issues with proprietary agents and the challenges they pose to enterprises. For example, most security solutions deploy separate and proprietary agents for audit/compliance, threat detection, vulnerability detection and incident response.
Uptycs has submitted two pull requests to add HTTP(s) proxy & TLS persistent transport support to osquery. Both have now been merged in support for Beast (more on that later) and Persistent Transport Support).