Cybersecurity Asset Management, Container security, Cloud security, Configuration management, Blue team

Building A Truly Unified Endpoint Data Platform

There are a lot of endpoint security solutions on the market.  How do you pick and choose which solution is right for you?  The answer may depend on which endpoints you want to protect. Windows? MacOS? Linux? All of the above?  What about containers and cloud infrastructure?

When we think of traditional endpoints, we immediately focus on traditional operating systems.  However, with the expansion of cloud infrastructure and containers, the definition of an endpoint is expanding.  Deploying agents to all of these endpoints could be challenging or not even possible, depending on the cloud platform.  So how can you build a truly unified endpoint data platform?

Facebook started to address this with the release of osquery, an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD.  With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes across all platforms, creating normalized security telemetry.  This enabled organizations to easily ask questions of their endpoint fleet, such as “Are there processes running without a binary on disk?”  “Are there primary disks that are unencrypted?”  “What servers had a root login in last hour?”  Unfortunately, osquery did not extend into some of the new endpoints, like containers.  That’s where Uptycs comes in…

Uptycs took the concept of osquery as a unified endpoint and took it to the next level.  By leveraging the foundations of osquery and the concept of SQL-driven analytics, Uptycs built a truly unified endpoint data platform by:

  • Creating a scalable SaaS offering to centralize management of the osquery agents
  • Incorporating other data sources, including containers, Kubernetes, and cloud providers such as Amazon Web Services 
  • Applying osquery security telemetry to a number of use cases, including:
    • MITRE ATT&CK detection coverage
    • vulnerability monitoring
    • file integrity monitoring
    • CIS Benchmark checks, and
    • compliance evidence gathering (PCI, SOC 2, FedRAMP, etc)

To understand how Uptycs can transform telemetry from endpoints, containers, cloud instances, and cloud providers to create a unified endpoint data platform, watch the interview on Enterprise Security Weekly here or visit securityweekly.com/uptycs for more information.

prestitial ad