SBN

Performant Osquery – Enterprise-grade Osquery at Scale Considerations

In this blog post I’ll cover osquery’s ability to provide performant behavior and its capabilities to excel at enterprise grade requirements. Many observations covered in this blog will highlight various capabilities of osquery that should aid in your journey toward an enterprise-grade osquery deployment.

As discussed in another blog post, the osquery agent provides a rich and structured source of telemetry. The open-source project is well documented and there are numerous osquery tutorials to get you started. In this blog post I’ll introduce some key topics for consideration in enterprise-wide deployments:

  • Osquery HTTP/TLS-based deployment
  • Osquery vs other script-based data collection options

Osquery HTTP/TLS-based deployment

There are multiple ways to configure and deploy osquery in production. Some of the more popular approaches are summarized in the table below:

Common osquery configuration and deployment models.

 

Option 1 is the simplest to implement, however, you are then reliant on your config management tool for control plane management and by default your config management tools will lack an understanding of controlling osquery. Additionally, you will need a separate solution for log forwarding and ingestion to a destination.

Option 2 has greater complexity than Option 1, as you need to deploy a fleet manager and ensure log forwarding is in place.

Option 3 is a more modern approach to osquery control and data plane management and can scale extremely well, as it is based on HTTP/TLS techniques for web scale deployments. This option can provide deterministic performance by place shifting complex detection analytics to a backend.

In this blog (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Ganesh Pai. Read the original post at: https://www.uptycs.com/blog/performant-osquery-enterprise-grade-osquery-at-scale-considerations

Avatar photo

Ganesh Pai

Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

ganesh-pai has 6 posts and counting.See all posts by ganesh-pai