3 Reasons Osquery Should Be On Every Incident Responders Christmas List

2018 marks the first full year in which Uptycs, the company created to bring Facebook’s open source osquery agent to widespread commercial adoption, has had its turnkey security analytics platform in the market. As can be expected of any startup that launches a new ground-breaking product, it has been an exciting year, full of anticipation, unprecedented interest, and challenging work as we tweaked and tuned the product to optimize it for what our customers needed it to do.

The incredible breadth of data that osquery is capable of collecting opens it up for a nearly unbounded set of applications. Using osquery, Uptycs collects data spanning from the static configuration of systems, to certain network traffic, to the nearly full runtime state, to high-level abstractions like containers. At the dawn of this year, we were truly excited to see what our customers would want to do, or want us to do, with all that data. Perhaps massive scale with queries returning data instantaneously across an infrastructure spanning half a million machines. Or, the application of machine learning techniques to find anomalies in the environment. Perhaps even still, this data will open up a new vista that none of us had even considered possible before.

What transpired during the year was simultaneously anti-climatic and humbling. What we learnt from our customers was that even before we tackled machine learning or uncharted vistas, we needed to solve much simpler, utterly unglamorous, but notoriously difficult problems first. Then, prove they could be done (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Milan Shah. Read the original post at: https://www.uptycs.com/blog/3-reasons-osquery-should-be-on-every-incident-responders-christmas-list