This week we continue in our osquery@scale best of series. This time, we delve into monitoring and compliance. As much as we love the social aspect of hosting the osquery@scale conference, the thing that really gets us pumped is bringing together this community of security practitioners and tinkerers who are passionate about exploring and finding better ways to do things. And, indicative of what a great community it is, we’re always amazed at how willing everyone is to share what they’ve learned and their best practices.
Previous years have seen speakers from all walks of security bring their wealth of knowledge to share with the world. Monitoring and compliance is often a tough nut to crack for most organizations, but check out some of our favorite talks osquery@scale attendees have given over the years.
It’s OK To Be Paranoid
Our first blast from the past has us checking in with Rob Heaton of Stripe. When Rob and his team wanted to deploy osquery, an incredibly powerful tool for a security team, on the mission-critical server fleet, they got a little pushback. Like most things in your infrastructure, if compromised, osquery can become a tool for an attacker. In this talk, Heaton explains how to threat model and mitigate new attack vectors that osquery opens up, and how to deploy the agent to your mission-critical hosts without worrying about harming them.
Reliable osquery deployment for the paranoid
Risk Managment = Better Customer Assurance
Next up we hear from Grant Kahn of Lookout. In this talk Grant shares how his nimble security team is using osquery to provide assurance and inspire confidence in their demanding enterprise customer base. Applying osquery telemetry piped into ELK, Lookout solves for intrusion detection, data loss prevention (DLP), malware monitoring, and more across their cloud-native environment composed of macOS workstations and Linux servers.
How osquery's comprehensive visibility enables customer assurance and risk management at Lookout
Governance & Compliance: An Engineer’s Perspective
In 2020, we were lucky enough to host Chris Bryon, Director of Product Security at MuleSoft. Interestingly, Chris brought a unique perspective to the conference, as he has primarily an engineer versus a security analyst perspective.
Chris talked with the audience about how osquery is a powerful tool for forensics and for metrics analysis, but it can also be used to meet compliance and security policy requirements. At MuleSoft, using osquery to meet those requirements makes audits a breeze, all the while improving our incident response capabilities.
Check out more of his thoughts in this video.
MuleSoft: Cloud governance and compliance with osquery
Linux Efficacy: How Comcast Found Success With osquery
When it comes to heavy hitters in the security space, Comcast stands among the giants. Which is why we were so thrilled in 2020 to be joined by Comcast's Erin Palmer, Director of Endpoint Security, and Abubakar Yousafzai, Sr. Cyber Security Engineer. As we all know, the Compliance Team, Cyber Security teams, and System Engineers all have different requirements but do we need different agents? In this talk Erin and Abubakar discussed how and why Comcast decided to use osquery to solve diverse use cases. Hint: the decision was easy when they discovered that a single agent could be used to provide visibility across the Linux footprint @ scale.
Linux Efficacy @Scale with Comcast
osquery@scale 2022
Want to see more great content like that? Or even better, how about meeting the community and making some great connections? Then join us in San Francisco on September 14th for the next osquery@scale conference.