That means you can use an SQL query fashioned for osquery to collect data from Linux, macOS, and Windows. "You can provide one primary interface via SQL for system-level information for multiple operating systems," said Alexander Hoole, head of software security research at Micro Focus. Cross-platform supportĪn especially attractive aspect of osquery is that it works across platforms. Since osquery was designed for companies with newer types of infrastructure, and because it offers an array of benefitsnd those companies find enticing, it is being embraced by businesses that work at scale, including Lyft, Neflix, Etsy, Salesforce, and others. "Most security companies that now offer Mac and Linux are doing it in a checkbox fashion and have only a tiny fraction of the resources devoted to these new operating systems, compared to the vast engineering teams they have working on Windows products." The existing commercial security market was aimed at-and still mostly is-Windows and traditional enterprise infrastructure, said Doug Wilson, director of security for Uptycs, which makes an osquery-based security platform. Most of their servers were running on Linux in public and private clouds, and most of their developers were on Macs. Osquery was born out of the need for a security solution that addressed the demands of companies with cloud-native environments. Here's how osquery can benefit your security team. "Conceptually, it's very simple, but it's very powerful because it takes care of all the plumbing you need to connect to the agent and do authentication." But once that's done, you can make SQL queries to your endpoints.įernando Montenegro, a senior analyst with 451 Research, sums up the value to security teams: Osquery lets you collect operating system information, such as network, memory, service, process activity, and configurations on a scheduled basis, or you can query in real-time with the widely used Structured Query Language (SQL).Īn osquery agent needs to be deployed on your organization's endpoints and servers, and some back-end modifications are required. Facebook made the tool an open-source project in 2014. Osquery (pronounced OS-kwery) was developed by Facebook to make low-level operating system monitoring on endpoints and servers easier for its security team. One tool that does just that-and that's gaining popularity among DevSecOps practitioners: osquery. Peering into an organization's IT infrastructure in real time is essential to security analysts searching for malicious activity.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |