Application Security Cloud Security DevOps Security Bloggers Network 
SBN

Osquery Security Use Cases and Solutions

Avatar photo by Ganesh Pai on August 6, 2019

Osquery has become a popular source of instrumentation for a wide variety of use cases. On github security showcase, it is currently among the top most popular open source security projects. Given the popularity, a recurring question is what use cases can one address with osquery in an enterprise environment?

In this blog, I’ll discuss:

  • Key attributes of osquery that make it an excellent universal agent of choice for collecting telemetry for multiple use cases
  • Considerations for operationalizing osquery and collecting high volume telemetry from an endpoint and aggregation at scale across many endpoints
  • Components of a solution for osquery-powered security analytics

 

Osquery: A Universal open source agent

Osquery is well-documented. In this blog, I’ll touch on a few key attributes of osquery that make it a pragmatic universal open source agent. As you explore osquery further and understand the depth and breadth of the collected data, you will realize the possible use cases are limited only by your imagination.

  • Osquery interfaces with the kernel (e.g., openbsm, kaudit, etw) to capture kernel behavioral activity/events (e.g., processes launched, socket connections, file changes). This is done via event tables. The events and attributes provide a reliable source of telemetry for detecting intrusion and malicious behavior on an endpoint. These tables lay a sound foundation for Osquery-based EDR and FIM solutions.
  • Osquery can scrape point-in-time OS state via scheduled queries. The queries can be scheduled to run as snapshot or differential (i.e., only changes are (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Ganesh Pai. Read the original post at: https://www.uptycs.com/blog/osquery-security-use-cases-and-solutions

Ganesh Pai , , ,
Avatar photo

Ganesh Pai

Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

ganesh-pai has 6 posts and counting.See all posts by ganesh-pai