Back to Blog
Osquery vulnerability management5/30/2023 ![]() ![]() Incorporating other data sources, including containers, Kubernetes, and cloud providers such as Amazon Web Services.Creating a scalable SaaS offering to centralize management of the osquery agents.By leveraging the foundations of osquery and the concept of SQL-driven analytics, Uptycs built a truly unified endpoint data platform by: Uptycs took the concept of osquery as a unified endpoint and took it to the next level. This enabled organizations to easily ask questions of their endpoint fleet, such as “Are there processes running without a binary on disk?” “Are there primary disks that are unencrypted?” “What servers had a root login in last hour?” Unfortunately, osquery did not extend into some of the new endpoints, like containers. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes across all platforms, creating normalized security telemetry. So how can you build a truly unified endpoint data platform?įacebook started to address this with the release of osquery, an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. Deploying agents to all of these endpoints could be challenging or not even possible, depending on the cloud platform. ![]() However, with the expansion of cloud infrastructure and containers, the definition of an endpoint is expanding. When we think of traditional endpoints, we immediately focus on traditional operating systems. Windows? MacOS? Linux? All of the above? What about containers and cloud infrastructure? How do you pick and choose which solution is right for you? The answer may depend on which endpoints you want to protect. There are a lot of endpoint security solutions on the market. ![]()
0 Comments
Read More
Leave a Reply. |