Announcing the osquery@scale Conference

Osquery has become a popular tooling for endpoint-based security analytics. The user community is thriving and vibrant as reflected in GitHub security showcase and osquery slack channel activity. There are many organizations, large and small, who are using it for a wide-variety of use cases. There are anecdotal references to organizations such as Facebook, Google and others using it at very large scale to get security visibility.

While there are no published accounts of the actual number of osquery-based endpoints in production, arguably it is one of the most widely deployed universal agents out there. Its universality and appeal stems from its open source roots, portability across Linux, Windows and MacOS, standardized SQL interface to access telemetry and performant behavior. The lightweight osquery agent can act as a sensor to stream telemetry for real-time analytics or act as an agent for interpreting ad-hoc questions and providing responses. All of these characteristics have made it a foundational tooling for visibility across many IT organizations.


Since its debut a few years ago, while there are has been wide-spread deployment and many organizations contributing back to the osquery code base, relatively little has been covered about the operational use cases of osquery and especially about osquery deployments at scale. At any meaningful scale, one will encounter the challenge of deploying and managing the agent, aggregating the data, and applying analytics on the aggregated data. Many organizations have tackled and solved the challenge to varying degrees. While the analytics provide the ultimate (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Ganesh Pai. Read the original post at:

Avatar photo

Ganesh Pai

Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

ganesh-pai has 6 posts and counting.See all posts by ganesh-pai