Podcasts about osquery

  • 41PODCASTS
  • 69EPISODES
  • 58mAVG DURATION
  • ?INFREQUENT EPISODES
  • May 7, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about osquery

Latest podcast episodes about osquery

Value Inspiration Podcast
#360 - Zach Wasserman, Co-founder of Fleet on community-driven business growth

Value Inspiration Podcast

Play Episode Listen Later May 7, 2025 52:51


This podcast interview focuses on the entrepreneurial journey of turning transparency into business advantage. My guest is Zach Wasserman, Cofounder and Tech Evangelist of Fleet.  With over a decade of experience in open source software development, Zach helped create the widely-adopted OSquery project at Facebook in 2014, which has since become an industry standard for device visibility and is now governed by the Linux Foundation. After transitioning through a role at Kolide (later acquired by 1Password), Zach became the maintainer of a project that would eventually evolve into Fleet. Throughout his entrepreneurial journey, Zach discovered that what truly energizes him is "building software that's making someone's life better" - specifically IT administrators and security professionals who manage company devices. This human-centered approach led him to transform a personal passion project into a rapidly growing company that's challenging traditional business models in enterprise software This inspired me to invite Zach to my podcast. We explore how being open source gives Fleet a strategic edge. His approach rejects the common belief that enterprise sales requires complexity and secrecy. We discuss how community building leads to faster adoption and better results than traditional sales tactics. The formula is simple: be transparent, earn trust, and close deals faster. Here's one of his quotes: "The best way to lose a deal is to our own open source product, because those people remain prime prospective customers that we really need to continue to understand and figure out how we are going to build enough new value in that premium product for them to want to pay for it." By listening to this podcast, you will learn: How building on existing open source foundations can give startups immediate credibility with enterprise customers Why passionate early adopters can close deals remarkably easily compared to traditional prospects The entrepreneurial wisdom of identifying and connecting with actual budget holders while still maintaining engineer enthusiasm How customer-driven unexpected use cases can dramatically expand your market vision and product roadmap For more information about the guest from this week:  Guest: Zach Wasserman  Website: fleet.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Ardan Labs Podcast
Fleet, Open Source, and Osquery with Zach Wasserman

Ardan Labs Podcast

Play Episode Listen Later Jul 17, 2024 104:51


Join us in this episode as we delve into the world of open-source device management with Zach Wasserman. Zach is the cofounder and Tech Evangelist of Fleet, where he works to unlock the full potential of osquery for both enterprise and open-source customers. With a deep history with osquery, dating back to its inception at Facebook in 2014, Zach brings unparalleled expertise and passion. He has been a member of osquery's Technical Steering Committee since 2019 and continues to contribute to the community's growth. Tune in to learn more about his journey and challenges along the way.00:00 Introduction00:40 What is Zach Doing Today?12:07 Compliance Frameworks29:00 First Memory of a Computer36:51 Highschool Interests 43:31 Traveling to India54:51 Entering University1:07:30 Tech is Versatile1:10:50 Working at Facebook1:19:50 Moving to Open Source 1:29:30 Starting Fleet1:43:40 Contact InfoConnect with Zach: Twitter: https://twitter.com/@thezachwGithub: https://github.com/zwassLinkedin: https://www.linkedin.com/in/zacharywasserman/Mentioned in today's episode:Fleet Device Management: https://fleetdm.com/Osquery: https://github.com/osquery/osqueryWant more from Ardan Labs? You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!Online Courses : https://ardanlabs.com/education/ Live Events : https://www.ardanlabs.com/live-training-events/ Blog : https://www.ardanlabs.com/blog Github : https://github.com/ardanlabs

Mac Admins Podcast
Episode 369: Zach Wasserman, Fleet, & Osquery

Mac Admins Podcast

Play Episode Listen Later Jun 25, 2024 67:41


Zach Wasserman from Fleet DM joins the podcast this week to talk about software updates, osquery, DDM, and more! This wide-ranging conversation will cover all manner of new things… (To be finished once we get the full knowledge of WWDC…) Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Zach Wasserman - LinkedIn Links: https://fleetdm.com/device-management Sponsors: Kandji 1Password Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson  

The Business of Open Source
Buyer-Based Open Core with Zach Wasserman

The Business of Open Source

Play Episode Listen Later Mar 6, 2024 37:50


This week on The Business of Open Source, I spoke with Zach Wasserman, co-founder and CTO of Fleet. This was a fabulous episode for many reasons, but then again I never do crappy episodes, right? The first thing I wanted to call your attention to is that Zach talked about how he's building an open core business because building an open source business is what he wants to do. When his previous company turned away from open source, Zach left to do consulting around OSquery and Fleet (the project). I always like to talk about how companies / founders need a solid reason for building an open source company… and “this is the kind of company I want to build” is a very good reason. (“Everyone else is doing it” on the other hand, is not a good reason). Everyone puts constraints around the type of company the want to build, and as long as you are intentionally about the decisions, there is nothing wrong about this, business-wise.Second, we talked about the tension that exists between making a great project and still leaving room for a commercial product that people will pay for, and Zach talked through how Fleet uses a buyer-based open core strategy to decide which functionality to put in the enterprise version or in the open core. We also talked about:Leaving his first company, Kolide, when the founders had divergent visions about where the company should goHow his investor arranged a ‘co-founder marriage' for Zach and his co-founder Mike McNeilHow the transparency aspect of open source can be extremely important, especially for anything in the security spaceLastly, Fleet happens to be a former client of mine. You can check out what Mike, Zach's co-founder, said about working with me here. And if you're interested in more conversations like this… but in person!!! you should come to Open Source Founders Summit May 27th and 28th in Paris. 

Paul's Security Weekly
What Smart CISOs and Mature Orgs Get That Others Don't About Cyber Compliance - Matt Coose - PSW #814

Paul's Security Weekly

Play Episode Listen Later Jan 25, 2024 195:35


Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS). CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it's a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Choose shares his top considerations below for how CISOs can navigate the crowded market of cybersecurity tools when cost is highly scrutinized, but regulations keep growing. Platforms are what every vendor dreams of being called, but no platform does it all, says Coose. Coose shares what smart CISOs and mature organizations understand, that others don't: • There's no “buying their way out of security issues or into a better risk posture.” They understand the need to evolve to a top-down, risk-driven, inherently business-aligned, dynamically adaptable, and evidence-based security management strategy. • That looking at technology choices through the lens of risk controls (and the related data provided by technology that implements those controls) enables credible and transparent strategic tech portfolio management decisions that are immune to vendor preferences or the latest market(ing) fads. • The need for meaningful security and risk measurement and the difference between leading and lagging indicators. • The original intent of security and regulatory compliance as a model for proactive and consistent risk management (leading indicator), not just a historical reporting and audit function (lagging indicator). • That managing risk, compliance, and security as distinct and separate functions is not only wasteful and inefficient, but denies the enterprise the ability to cross-leverage significant people, process, and technology investments In the Security News: Don't expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-814

Paul's Security Weekly
2024: The Year Cross-Platform Endpoint Management Finally Gets Good? - Zach Wasserman - ESW #347

Paul's Security Weekly

Play Episode Listen Later Jan 25, 2024 99:46


We interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist. Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base. Segment Resources: Zach's GitHub Zach's Conf42 DevSecOps Presentation on Securing the endpoint with open source software GopherCon 2022: Collect First, Ask Questions Later Glitches in the Matrix, or Taming Agent Chaos Oleria, Vicarius, and Secret Double Octopus raise funding (NOTE: Secret Double Octopus is a real company that chose Secret Double Octopus as their name, I'm making none of this up). Rumors about Zscaler's next 9-digit acquisition, 2 new security vendors and demystifying public cybersecurity companies. Chrome gets AI features, security teams have TOO much data, and a new threat intel database from Wiz. Is bootstrapping a cybersecurity startup a realistic option? Finally, remember Furbies? NSA's furby docs just dropped, and they are HILARIOUS. Thanks to Jason Koebler from 404Media for that. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-347

Enterprise Security Weekly (Audio)
2024: The Year Cross-Platform Endpoint Management Finally Gets Good? - Zach Wasserman - ESW #347

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jan 25, 2024 99:46


We interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist. Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base. Segment Resources: Zach's GitHub Zach's Conf42 DevSecOps Presentation on Securing the endpoint with open source software GopherCon 2022: Collect First, Ask Questions Later Glitches in the Matrix, or Taming Agent Chaos Oleria, Vicarius, and Secret Double Octopus raise funding (NOTE: Secret Double Octopus is a real company that chose Secret Double Octopus as their name, I'm making none of this up). Rumors about Zscaler's next 9-digit acquisition, 2 new security vendors and demystifying public cybersecurity companies. Chrome gets AI features, security teams have TOO much data, and a new threat intel database from Wiz. Is bootstrapping a cybersecurity startup a realistic option? Finally, remember Furbies? NSA's furby docs just dropped, and they are HILARIOUS. Thanks to Jason Koebler from 404Media for that. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-347

Paul's Security Weekly TV
2024: The Year Cross-Platform Endpoint Management Finally Gets Good? - Zach Wasserman - ESW #347

Paul's Security Weekly TV

Play Episode Listen Later Jan 25, 2024 42:01


We interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist. Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base. Segment Resources: Zach's GitHub Zach's Conf42 DevSecOps Presentation on Securing the endpoint with open source software GopherCon 2022: Collect First, Ask Questions Later Glitches in the Matrix, or Taming Agent Chaos Show Notes: https://securityweekly.com/esw-347

Paul's Security Weekly TV
MS Breach, printers, Android hacking - PSW #814

Paul's Security Weekly TV

Play Episode Listen Later Jan 25, 2024 132:46


In the Security News: Don't expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills. Show Notes: https://securityweekly.com/psw-814

Paul's Security Weekly (Podcast-Only)
What Smart CISOs and Mature Orgs Get That Others Don't About Cyber Compliance - Matt Coose - PSW #814

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Jan 25, 2024 195:35


Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS). CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it's a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Choose shares his top considerations below for how CISOs can navigate the crowded market of cybersecurity tools when cost is highly scrutinized, but regulations keep growing. Platforms are what every vendor dreams of being called, but no platform does it all, says Coose. Coose shares what smart CISOs and mature organizations understand, that others don't: • There's no “buying their way out of security issues or into a better risk posture.” They understand the need to evolve to a top-down, risk-driven, inherently business-aligned, dynamically adaptable, and evidence-based security management strategy. • That looking at technology choices through the lens of risk controls (and the related data provided by technology that implements those controls) enables credible and transparent strategic tech portfolio management decisions that are immune to vendor preferences or the latest market(ing) fads. • The need for meaningful security and risk measurement and the difference between leading and lagging indicators. • The original intent of security and regulatory compliance as a model for proactive and consistent risk management (leading indicator), not just a historical reporting and audit function (lagging indicator). • That managing risk, compliance, and security as distinct and separate functions is not only wasteful and inefficient, but denies the enterprise the ability to cross-leverage significant people, process, and technology investments In the Security News: Don't expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-814

Enterprise Security Weekly (Video)
2024: The Year Cross-Platform Endpoint Management Finally Gets Good? - Zach Wasserman - ESW #347

Enterprise Security Weekly (Video)

Play Episode Listen Later Jan 25, 2024 42:01


We interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist. Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base. Segment Resources: Zach's GitHub Zach's Conf42 DevSecOps Presentation on Securing the endpoint with open source software GopherCon 2022: Collect First, Ask Questions Later Glitches in the Matrix, or Taming Agent Chaos Show Notes: https://securityweekly.com/esw-347

Paul's Security Weekly (Video-Only)
MS Breach, printers, Android hacking - PSW #814

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Jan 25, 2024 132:46


In the Security News: Don't expose your supercomputer, auth bypass and command injection FTW, just patch it, using OSQuery against you, massive credential stuffing, backdoors in Harmony, looking at Android, so basically I am licensing my printer, hacking Tesla, injecting keystrokes over Bluetooth, and remembering the work of David L. Mills. Show Notes: https://securityweekly.com/psw-814

The Tech Trek
Benefits and value of an open source business model

The Tech Trek

Play Episode Listen Later Dec 21, 2023 32:30


In this episode, host Amir interviews Zach Wasserman, Co-founder and CTO of Fleet, an open-source device management platform. They discuss the features and functionalities of Fleet, including its use in mobile device management (MDM) and telemetry collection. Zach explains how Fleet is built on top of OSQuery and supports managing Mac workstations, with plans to expand to Windows, mobile devices, and Linux. Tune in to learn more about the benefits of Fleet and why they decided to open-source their product. Highlights: [00:01:23] Device Management Use Cases. [00:05:55] Telemetry data. [00:09:54] Vulnerability management platform. [00:13:20] Bringing DevOps principles into IT and security. [00:15:28] Business requirements and efficiency gains. [00:19:27] Shifting left in endpoint management. [00:24:23] Open source business model. Zach Wasserman is a serial entrepreneur, engineer, co-founder, and CTO of Fleet, where he works to unlock the full potential of osquery for enterprise and open-source customers. He brings the vision and experience of co-creating and working with osquery since the earliest design documents at Facebook in 2014. He has been a member of the Linux Foundation osquery Technical Steering Committee since its inception in 2019. Before Fleet, Zach founded open-source security consultancy Dactiv,  and co-founded endpoint security company Kolide. Zach graduated Summa Cum Laude with a BSE in computer science from the University of Pennsylvania, where he conducted wireless security research and lectured on the Python programming language. --- Thank you so much for checking out this episode of The Tech Trek, and we would appreciate it if you would take a minute to rate and review us on your favorite podcast player. Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)

Paul's Security Weekly
Tackling the Perennial Problem of Device Management, News, BlackHat Interviews - Jason Meller - ESW #329

Paul's Security Weekly

Play Episode Listen Later Aug 25, 2023 152:02


Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it? This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them! Segment description coming soon! Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook. During this segment, Jon will explore today's ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon's latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines. This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh to learn more about them! In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You'll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!  This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3aibh to learn more about them! In this Black Hat 2023 interview, CRA's Bill Brenner and Sophos' John Shier discuss the company's latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn't openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.  This segment is sponsored by Sophos.  Visit https://securityweekly.com/sophosbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-329

Enterprise Security Weekly (Audio)
Tackling the Perennial Problem of Device Management, News, BlackHat Interviews - Jason Meller - ESW #329

Enterprise Security Weekly (Audio)

Play Episode Listen Later Aug 25, 2023 152:02


Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it? This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them! Segment description coming soon! Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook. During this segment, Jon will explore today's ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon's latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines. This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh to learn more about them! In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You'll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!  This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3aibh to learn more about them! In this Black Hat 2023 interview, CRA's Bill Brenner and Sophos' John Shier discuss the company's latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn't openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.  This segment is sponsored by Sophos.  Visit https://securityweekly.com/sophosbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-329

Paul's Security Weekly TV
Tackling the Perennial Problem of Device Management - Jason Meller - ESW #329

Paul's Security Weekly TV

Play Episode Listen Later Aug 24, 2023 49:23


Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it?   This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-329 

Enterprise Security Weekly (Video)
Tackling the Perennial Problem of Device Management - Jason Meller - ESW #329

Enterprise Security Weekly (Video)

Play Episode Listen Later Aug 24, 2023 49:23


Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it?   This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-329 

YusufOnSecurity.com
102 - OSQuery

YusufOnSecurity.com

Play Episode Listen Later Jan 14, 2023 42:43


Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.As a security analyst, you investigate. You want to query devices as part of your investigation of security incidents or maybe you are working to determine the effectiveness of a security control. So you always need real-time, granular inventory data about the systems you want to look at.In this week's episode we touch one of those tools that makes a security analyst's life a lot less painful: OSQuery.In addition, we will recap other  trending  security news, including:UK Royal Mail Ransomware AttackChatGPT-Written Malware-https://personal.help.royalmail.com: Service Update- https://www.telegraph.co.uk  Parcels letters stuck limbo royal mail hit suspected hack- https://arstechnica.com/information-technology: ChatGPT is enabling script kiddies to write functional malware- https://openai.com: ChatGPT- https://www.osquery.io: OSQueryBe sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.

Open||Source||Data
Serial Entrepreneurship, Metadata Capture Systems, and Osquery with Tony Gauda

Open||Source||Data

Play Episode Listen Later Oct 26, 2022 33:33


This episode features an interview with Tony Gauda, Head of Customer Engineering at Fleet Device Management, an open core company powered by Osquery. Tony is a serial entrepreneur and inventor with a profound history in fraud, security, and SaaS business. He holds several issued patents and his companies have raised over $40 million in venture funding. Tony is also the founder of ThinAir, a Y-Combinator backed SaaS service that tackles the insider threat problem for enterprises and government agencies.In this episode, Sam and Tony discuss calculating data usage at scale, the creativity of attackers, and how to evolve as threats increase.-------------------“The great thing about Osquery is that since it is a sensor-based system that is queryable, it literally gives you the ability to discover new indicators of compromise and then use those when doing security investigations. And Osquery allows you to create these extremely interesting queries that would find things that you would never be able to find with a traditionally static functionality agent. And, that to me, is extremely exciting. The fact that you have this agent that is extendable and it's configurable and it's deployable across multiple different platforms, at the end of the day, it feels like it's almost a superpower for visibility.” – Tony Gauda-------------------Episode Timestamps:(01:17): What Tony is curious about these days(04:39): What problems Tony is trying to solve(05:47): How Tony got into the tech world(11:09): Tony's inspiration behind ThinAir(15:25): What open source data means to Tony(17:06): What led Tony to being an early adopter of Osquery(20:31): What's ahead for building next level applications with open and secure data(25:37): One question Tony's always wanted to be asked(29:24): Tony's advice for inventors-------------------Links:LinkedIn - Connect with TonyTwitter - Follow TonyTwitter - Follow FleetdmFleetdmFleetdm GitHub Platform

Sudo Show
54: Enterprise Linux Desktop

Sudo Show

Play Episode Listen Later Oct 6, 2022 54:00


Bill, Neal and Brandon get together to talk about "can you just drop linux in place of windows" on the business/enterprise desktop Links: TuxDigital - https://tuxDigital.com/ (https://tuxdigital.com) Sudo Show - https://sudo.show (https://sudo.show) Bitwarden - https://bitwarden.com/tux (https://bitwarden.com/tux) Digital Ocean - https://do.co/tux2022 (https://do.co/tux2022) Discussion Points The Register Article - https://www.theregister.com/2022/08/10/opinioncolumndropwindowsfor_linux/ (https://www.theregister.com/2022/08/10/opinion_column_drop_windows_for_linux/) Open Source Linux Desktop Management Solutions FleetDM - https://fleetdm.com (https://fleetdm.com) FleetDM is an great frontend to OSQuery and is designed to work with end user devices. Gnome Fleet Commander - https://fleet-commander.org (https://fleet-commander.org) Fleet Commander is built to push configuration to Gnome Desktops. The Foreman - https://theforeman.org (https://theforeman.org) Foreman is focused on Servers but pair it with Katello it allows you to have a contentment management system for packages and works with both RPM and Debian distros. Works nicely with Gnome Software. Special Guests: Bill Schouten and Neal Gompa.

Security Unfiltered
Episode 69 - Mike McNeil - CEO of FleetDM

Security Unfiltered

Play Episode Play 21 sec Highlight Listen Later Oct 3, 2022 56:02


In this episode I talk with Mike McNeil the CEO of FleetDM, a company that is revolutionizing device management. We had a fantastic conversation and I hope everyone enjoys it!  If you enjoy the podcast please go leave a review on the platform you listen, like it & share the podcast. You can also follow the podcast on social media at the links below.Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastMike's Links:https://www.linkedin.com/in/mikermcneil/https://fleetdm.com/Dev InterruptedWhat the smartest minds in engineering are thinking about, working on and investing in.Listen on: Apple Podcasts Spotify Taming the Hustle... or Something of the SortsAn entertaining mix of financial advice, marketing/business tips, and a lot of humour.Listen on: Apple Podcasts Spotify Buzzsprout — Easiest Way to Start a PodcastStart podcasting today. It's the easiest way to start, grow, and monetize your podcast.Support the show

Secure Ventures with Kyle McNulty
FleetDM: Mike McNeill on the BEST Way to Monetize a Product (Open Core)

Secure Ventures with Kyle McNulty

Play Episode Listen Later Sep 20, 2022 41:53


Mike: Founder at FleetDM, helping organizations manage and optimize their OSquery deployments Previously founded Sails.js, the most popular MVC framework for node.js, with over 50 million downloads per year A strong believer in Open Source and Open Core software products Check out the episode for our conversation on open source security software, pivoting from an open source contributor to a full-time founder, and more! Links: https://fleetdm.com/ GitLab article about Open Core: https://about.gitlab.com/company/pricing/

Future of Device Management
EP 4: Nick Anderson: endpoint security for osquery

Future of Device Management

Play Episode Listen Later Aug 12, 2022 31:02


Nick Anderson is a security engineer at Meta, and a member of the osquery technical steering committee. In today's episode we talk with him about how he overcame the challenges of endpoint security using osquery. Listen in to learn how your organization can best secure its endpoint computing devices.  Topics discussed: Nick's background in cybersecurity and how he got involved with osquery  The biggest challenges of osquery on windows  What excites Nick about being a part of the technical steering committee for osquery  Monitoring and securing various endpoints  How mobile devices change endpoint security strategies  His top 3 pieces of advice for managing and securing computing devices Try Fleet Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. Sign up for Fleet Sandbox for free today: https://fleetdm.com/try-fleet/register.

The Craft Of Open Source
Mike McNeil, CEO @ Fleet

The Craft Of Open Source

Play Episode Listen Later Jul 26, 2022 31:48


Fleet is the most widely used open-source OSQuery manager. It allows you to get accurate data from every endpoint in your organization and allow organizations to have complete control over their data. Fleet has been instrumental in businesses, for it is a scalable and resilient platform that manages your workloads. In this episode, Mike McNeil, the CEO of Fleet, explains how Fleet and OSQuery can significantly help your organization. Listen to this episode and learn more from Mike as he shares more information about Fleet as an open-source OSQuery manager.

Future of Device Management
EP 3: Chris Long: From osquery skeptic to believer

Future of Device Management

Play Episode Listen Later Jul 21, 2022 25:50


Chris Long is a Staff Security Engineer at Material Security, and you might know him from some of his open-source work at Detection Lab. In the episode today, we talk about his work with Facebook and Uber using osquery, and his thoughts on the present and future state of cybersecurity.  Topics discussed: Chris's story and how he got into cybersecurity  The day-to-day of a Staff Security Engineer  How Chris used osquery while he worked at Facebook  The benefits and power of osquery  How Chris went from an osquery skeptic to seeing the strengths  Why Chris started DetectionLab and how it helps security professionals  Top tips for device management and security strategy for organizations  Biggest challenges organizations face related to security today  Changes we can expect to see in cybersecurity over the coming years Where to Get in Touch Find Chris on LinkedIn Try Fleet Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. Sign up for Fleet Sandbox for free today: https://fleetdm.com/try-fleet/register.

uber believer skeptic chris long osquery material security detectionlab
Future of Device Management
EP 2: Prima Virani: Improving endpoint monitoring and visibility with osquery

Future of Device Management

Play Episode Listen Later Jun 28, 2022 31:17


In today's episode of the Future of Device Management podcast, we speak with Prima Virani— Detection & Response Engineering Lead at Twilio.  Topics discussed: - Prima's journey into cybersecurity and what initially made her so excited about the industry.  - What Prima's day-to-day looks like leading detection and response engineering at an organization with nearly 9,000 employees.  - Lessons from deploying Fleet and why Prima's team decided to host it entirely on an EKS cluster.  - Why endpoint visibility is an essential building block for the success of any detection and response team.  - How to think about container security.  - Prima's top advice for teams building an endpoint detection and response strategy.     Resources mentioned:   Blog post Prima wrote - Hosting FleetDM on AWS EKS  Book that Zach mentioned - Container Security: Fundamental Technology Concepts that Protect Containerized Applications 1st Edition Where to get in touch:  Follow Prima on Twitter Follow Prima on Linkedin    Try Fleet Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. Sign up for Fleet Sandbox for free today: https://fleetdm.com/try-fleet/register.

Future of Device Management
EP 1: Mike Arpaia: The story behind the creation of osquery

Future of Device Management

Play Episode Listen Later Jun 2, 2022 31:31


In today's episode of the Future of Device Management podcast, we speak with Mike Arpaia — co-creator and visionary of osquery and partner at Moonfire Ventures — a London-based VC firm focused on seed-stage investing in Europe.  Topics discussed: Mike's journey from a software engineer focused on security problems to a venture capitalist investing in leading startups.  How a macOS compromise while working at Etsy led Mike to realize how little visibility organizations have into their Mac fleets.  What motivated Mike and his co-creators to build an open-source project — and how they got management buy-in at Facebook.   The tipping point where osquery began to gain traction with engineers at leading organizations.  How it feels to see osquery continue to grow and evolve.  Mike's #1 piece of advice for those embarking on a journey of trying to understand what's going on in the systems they manage. Where to get in touch:  Follow Mike on Twitter  Visit Mike's personal website   Try Fleet Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. Sign up for Fleet Sandbox for free today: https://fleetdm.com/try-fleet/register.

MacDevOpsYVR podcast
Log All The Data with Tom and Dan from Snowflake

MacDevOpsYVR podcast

Play Episode Listen Later Mar 15, 2022 47:08


Co-hosts JD and Mat X talk with Tom and Dan from Snowflake about logging all the data. Everything! Osquery, FleetDM, and what do you do with 400TB of logs.

DevX Pod
A look at DevX with Chris Weichel (CTO, Gitpod) and some exciting news!

DevX Pod

Play Episode Listen Later Mar 15, 2022 28:38 Transcription Available


In this episode, Mike and Pauline talk to none other than Chris, CTO of Gitpod who shares with us his take on what developer experience is all about, reflecting on what motivated him to get into DevX and hopes for the future. We also have some exciting news! The hosts  ▻Pauline Narvas, Senior Community Engineer at Gitpod  (https://twitter.com/paulienuh)Mike Nikles, Senior Developer & Success Engineer at Gitpod  (https://twitter.com/mikenikles)Our guests  ▻Chris Weichel (https://twitter.com/csweichel)Things mentioned ▻Exhalation by Ted Chiang (https://www.goodreads.com/book/show/41160292-exhalation) Calm (https://www.calm.com/)OSquery (https://osquery.io/)Let's chat some more! ▻Gitpod Discord Community (https://www.gitpod.io/chat)Start a Gitpod workspace! (https://www.gitpod.io/)DevX Conf (https://www.devxconf.org)

MacDevOpsYVR podcast
Mike McNeil FleetDM

MacDevOpsYVR podcast

Play Episode Listen Later Feb 8, 2022 37:47


Co-hosts JD and Shania join Mat X to discuss Osquery and Security with guest Mike McNeil, FleetDM's CEO.

Paul's Security Weekly TV
Open Source Endpoint Security with Osquery & Fleet - Zach Wasserman - PSW #714

Paul's Security Weekly TV

Play Episode Listen Later Oct 16, 2021 54:26


The world's top tech organizations are pursuing an open-source endpoint security strategy using osquery. We will dig into how osquery and Fleet can enable observation, collection, and investigation on endpoints. This open-source strategy eases deployment, reduces cost, improves trust, and provides flexibility to meaningfully improve security on the endpoint. Segment Resources: https://osquery.io https://fleetdm.com   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw714

Paul's Security Weekly (Video-Only)
Open Source Endpoint Security with Osquery & Fleet - Zach Wasserman - PSW #714

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Oct 14, 2021 54:26


The world's top tech organizations are pursuing an open-source endpoint security strategy using osquery. We will dig into how osquery and Fleet can enable observation, collection, and investigation on endpoints. This open-source strategy eases deployment, reduces cost, improves trust, and provides flexibility to meaningfully improve security on the endpoint. Segment Resources: https://osquery.io https://fleetdm.com   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw714

Chill Chill Security
EP738: Security Tool - OSQuery Part2

Chill Chill Security

Play Episode Listen Later Jul 28, 2021 4:46


Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Chill Chill Security
EP737: Security Vocabulary - OSQuery

Chill Chill Security

Play Episode Listen Later Jul 27, 2021 4:26


Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

MacDevOpsYVR podcast
Osquery - Open source device management and security tools

MacDevOpsYVR podcast

Play Episode Listen Later Mar 23, 2021 45:03


Mat X and JD talk to Zach Wasserman, a MDOYVR 2018 Speaker, about OSquery, and FleetDM, an Open Source Software project for device management with security at its core.

Down the Security Rabbithole Podcast
DtSR Episode 439 - TPA Open Source Endpoint Defense

Down the Security Rabbithole Podcast

Play Episode Listen Later Mar 16, 2021 41:10


Prologue OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotely worked together. OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actually intelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically.   Guest Zach Wasserman LinkedIn: https://www.linkedin.com/in/zacharywasserman/ Twitter: https://twitter.com/thezachw  Fleet Open Source Device Management: https://fleetdm.com/ 

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Traffic Analysis Quiz: Mr. Natural https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/ An iOS Zero-Click Radio Proximity Exploit Odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html Github "State of the Octoverse" Report https://octoverse.github.com/static/2020-security-report.pdf Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900

Software Engineering Daily
Osquery with Ganesh Pai

Software Engineering Daily

Play Episode Listen Later Dec 4, 2020 45:37


Osquery is a tool for providing visibility into operating system endpoints. It is a flexible tool developed originally at Facebook. Ganesh Pai is the founder of Uptycs, a company that uses Osquery to find threats and malicious activity occurring across nodes. Ganesh joins the show to talk about Osquery usage and his work on Uptycs. The post Osquery with Ganesh Pai appeared first on Software Engineering Daily.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Traffic Analysis Quiz: Mr. Natural https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/ An iOS Zero-Click Radio Proximity Exploit Odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html Github "State of the Octoverse" Report https://octoverse.github.com/static/2020-security-report.pdf Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900

Security – Software Engineering Daily
Osquery with Ganesh Pai

Security – Software Engineering Daily

Play Episode Listen Later Dec 4, 2020 45:37


Osquery is a tool for providing visibility into operating system endpoints. It is a flexible tool developed originally at Facebook. Ganesh Pai is the founder of Uptycs, a company that uses Osquery to find threats and malicious activity occurring across nodes. Ganesh joins the show to talk about Osquery usage and his work on Uptycs. The post Osquery with Ganesh Pai appeared first on Software Engineering Daily.

Podcast – Software Engineering Daily
Osquery with Ganesh Pai

Podcast – Software Engineering Daily

Play Episode Listen Later Dec 4, 2020 45:37


Osquery is a tool for providing visibility into operating system endpoints. It is a flexible tool developed originally at Facebook. Ganesh Pai is the founder of Uptycs, a company that uses Osquery to find threats and malicious activity occurring across nodes. Ganesh joins the show to talk about Osquery usage and his work on Uptycs. The post Osquery with Ganesh Pai appeared first on Software Engineering Daily.

Software Daily
Osquery with Ganesh Pai

Software Daily

Play Episode Listen Later Dec 4, 2020


Osquery is a tool for providing visibility into operating system endpoints. It is a flexible tool developed originally at Facebook. Ganesh Pai is the founder of Uptycs, a company that uses Osquery to find threats and malicious activity occurring across nodes. Ganesh joins the show to talk about Osquery usage and his work on Uptycs.

Enterprise Security Weekly (Audio)
Some Serious Coin - ESW #207

Enterprise Security Weekly (Audio)

Play Episode Listen Later Nov 20, 2020 97:53


This week, we start with the Enterprise News, discussing the all new AWS Network Firewall, Zero Trust for Kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security! The latest acquisitions from Cisco, Acronis, Palo Alto Networks, and Flashpoint, and recent funding announcements from Unbound, Havoc Shield, Menlo Security and Cato networks!In our second segment, we discuss how network detection helps fill the gaps with Steve Porcello from Gigamon! Finally, we gain some insights into the future of Osquery with Ganesh Pai and Julian Wayte from Uptycs!   Show Notes: https://securityweekly.com/esw207 Visit https://securityweekly.com/gigamon to learn more about them! Visit https://securityweekly.com/uptycs to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly TV
The Future of Osquery - Ganesh Pai, Julian Wayte - ESW #207

Paul's Security Weekly TV

Play Episode Listen Later Nov 20, 2020 32:33


Osquery has grown in popularity because of its broad applicability in enterprise environments. In this tech segment, Ganesh Pai and Julian Wayte from Uptycs will talk about how organizations are using osquery to solve thorny problems such as fleet visibility, compliance and audit, and threat detection and investigation (including MITRE ATT&CK coverage).   This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw207

Paul's Security Weekly
Some Serious Coin - ESW #207

Paul's Security Weekly

Play Episode Listen Later Nov 20, 2020 97:53


This week, we start with the Enterprise News, discussing the all new AWS Network Firewall, Zero Trust for Kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security! The latest acquisitions from Cisco, Acronis, Palo Alto Networks, and Flashpoint, and recent funding announcements from Unbound, Havoc Shield, Menlo Security and Cato networks!In our second segment, we discuss how network detection helps fill the gaps with Steve Porcello from Gigamon! Finally, we gain some insights into the future of Osquery with Ganesh Pai and Julian Wayte from Uptycs!   Show Notes: https://securityweekly.com/esw207 Visit https://securityweekly.com/gigamon to learn more about them! Visit https://securityweekly.com/uptycs to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly (Video)
The Future of Osquery - Ganesh Pai, Julian Wayte - ESW #207

Enterprise Security Weekly (Video)

Play Episode Listen Later Nov 19, 2020 32:33


Osquery has grown in popularity because of its broad applicability in enterprise environments. In this tech segment, Ganesh Pai and Julian Wayte from Uptycs will talk about how organizations are using osquery to solve thorny problems such as fleet visibility, compliance and audit, and threat detection and investigation (including MITRE ATT&CK coverage).   This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw207

The Forensic Lunch with David Cowen and Matthew Seyer

Forensic Lunch! This week with Eric Zimmerman showing SQLite Explorer and Javier Marcos discussing OSCtrl for OSQuery

Code[ish]
Special Episode: Cybersecurity

Code[ish]

Play Episode Listen Later Apr 29, 2020


Corey Martin, a customer solutions architect at Heroku, is in conversation with Jason Meller, the founder and CEO of Kolide, to talk about the future of enterprise security software. Kolide is a device monitoring software with an emphasis on its users. By and large, devices which are part of the Kolide fleet are free to operate unrestricted, whether that's downloading files or disabling firewalls. However, Kolide lets users know when they're engaging in potentially insecure behaviors, through Slack messages and OS notifications. It places the responsibility and trust for safety onto the user, rather than locking everything down. Jason came up with the idea for Kolide after working at GE. As an enormous enterprise company, GE had to ensure that its employees' devices were always secure, to prevent outside threats from infiltrating their network. While realizing the importance of keeping users safe, he disliked the invasiveness of existing tools, not to mention that their approaches hindered necessary applications and services employees used to be successful at their jobs. User focused security, which is what Kolide practices, starts with empathy. This comes about by visualizing the needs of people that are using the devices every day and trying to understand where risks might exist there, from the entire chain of users. Links from this episode Kolide is an infrastructure analytics company Osquery allows you to query your OS using an SQL syntax

The Forensic Lunch with David Cowen and Matthew Seyer
Forensic Lunch 4/17/20 with Zach Wasserman

The Forensic Lunch with David Cowen and Matthew Seyer

Play Episode Listen Later Apr 17, 2020 65:35


  Today on the Forensic Lunch we only had one guest, Zach Wasserman, from OSQuery technical steering committee. We only had one guest because we knew we would have so much to talk to Zach about! From OSQuery's future in the linux foundation, Kollide Fleet and other fleet managers to Zach's work at Dactiv, LLC you have alot waiting for you in this weeks broadcast.   You can reach Zach Wasserman on twitter @TheZachW or Zach can be reached at zach@dactiv.llc if you want to work with him!  

The Forensic Lunch with David Cowen and Matthew Seyer
Forensic Lunch 4/10/20 with Belkasoft, AWS IR Automation, MVS DFIRFIT and HTTP Security Headers

The Forensic Lunch with David Cowen and Matthew Seyer

Play Episode Listen Later Apr 15, 2020 65:33


What a great Forensic Lunch today! On today's broadcast we had: Yuri Gubanov (@belkasoft) giving an update about whats going on at Belkasoft. Including their IOS 13.4 full file system acquisition using Checkm8, their new IR module in Belkasoft Evidence Center and a neat capability to do managed remote logical phone collections. Steve Gibson and Spencer Hendee (@stevegibson) from KPMG (disclaimer I work there too!) came on to discuss the really cool AWS Cloud IR Automation we've been working on. Brian Moran (@brimorlabs) social media maven and principal of BriMorLabs came on to discuss the Magnet Virtual Summit DFIRFIT 2020 where for a donation (and some excercise) you can get a cool prize pack shipped to you anywhere in the world! Register here: https://mvsdfirfit2020.com Caleb Queern (@HttpSecHeaders) also of KPMG came on to discuss the clearsite HTTP header. This was interesting as its a directive a website can give to a browser to tell it to clear/not store history or data about it. This will need to be tested, you can read more here https://w3c.github.io/webappsec-clear-site-data/ So great stuff this week, you can watch below. Otherwise next week we've already confirmed Zach Wasserman to come and talk about OSQuery and Kollide!

Splunk [Data Fabric Search and Data Stream Processor] 2019 .conf Videos w/ Slides
Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Splunk [Data Fabric Search and Data Stream Processor] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately. Speaker(s) James Brodsky, Director, Global Security Kittens, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146268 Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk [Enterprise] 2019 .conf Videos w/ Slides
Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Splunk [Enterprise] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately. Speaker(s) James Brodsky, Director, Global Security Kittens, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146230 Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk [Business Flow] 2019 .conf Videos w/ Slides
Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Splunk [Business Flow] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately. Speaker(s) James Brodsky, Director, Global Security Kittens, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146248 Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk [All Products] 2019 .conf Videos w/ Slides
Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately. Speaker(s) James Brodsky, Director, Global Security Kittens, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor Track: Security, Compliance and Fraud Level: Good for all skill levels

director speaker search hands boss fraud enterprise compliance bots initial slides splunk endpoint edr data fabric osquery sysmon level good product splunk enterprise track security splunk business flow data stream processor
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately. Speaker(s) James Brodsky, Director, Global Security Kittens, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor Track: Security, Compliance and Fraud Level: Good for all skill levels

director speaker search hands boss fraud enterprise compliance bots initial slides splunk endpoint edr data fabric osquery sysmon level good product splunk enterprise track security splunk business flow data stream processor
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https://www.theregister.co.uk/2019/10/17/paypal_account_domain/ Typosquatting Attacks Affect 2020 Presidential Election https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response https://www.sans.org/reading-room/whitepapers/detection/paper/39165

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https://www.theregister.co.uk/2019/10/17/paypal_account_domain/ Typosquatting Attacks Affect 2020 Presidential Election https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response https://www.sans.org/reading-room/whitepapers/detection/paper/39165

Paul's Security Weekly TV
Osquery, Netflix, & Mozilla - Application Security Weekly #66

Paul's Security Weekly TV

Play Episode Listen Later Jun 26, 2019 41:56


Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

netflix healthcare bankruptcy breach devops mozilla array asw security weekly osquery application security weekly avoiding devops assigning devops
Application Security Weekly (Video)
Osquery, Netflix, & Mozilla - Application Security Weekly #66

Application Security Weekly (Video)

Play Episode Listen Later Jun 25, 2019 41:56


Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

netflix healthcare bankruptcy breach devops mozilla array asw security weekly osquery application security weekly avoiding devops assigning devops
Application Security Weekly (Audio)
Breaking Down the Walls - Application Security Weekly #66

Application Security Weekly (Audio)

Play Episode Listen Later Jun 25, 2019 65:58


This week, Matt, John, and Mike discuss a guide to API Security! They also discuss Public vs. Private APIs, and if the best practice should be segregation of the two! In the Application Security News, Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

netflix public healthcare bankruptcy breach devops mozilla array asw appsec apisecurity breaking down the walls security weekly osquery application security weekly application security news avoiding devops assigning devops dontignoreapis
Paul's Security Weekly
Breaking Down the Walls - Application Security Weekly #66

Paul's Security Weekly

Play Episode Listen Later Jun 25, 2019 65:58


This week, Matt, John, and Mike discuss a guide to API Security! They also discuss Public vs. Private APIs, and if the best practice should be segregation of the two! In the Application Security News, Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

netflix public healthcare bankruptcy breach devops mozilla array asw appsec apisecurity breaking down the walls security weekly osquery application security weekly application security news avoiding devops assigning devops dontignoreapis
Packet Pushers - Full Podcast Feed
Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Packet Pushers - Full Podcast Feed

Play Episode Listen Later May 29, 2019 43:34


Today's Day Two Cloud episode dives into egress control for cloud security. Guest David Redekop explains why outbound control is essential to protect cloud services, how to use DNS to restrict outbound connections, and the value of logging tools such as OSquery.

Packet Pushers - Fat Pipe
Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Packet Pushers - Fat Pipe

Play Episode Listen Later May 29, 2019 43:34


Today's Day Two Cloud episode dives into egress control for cloud security. Guest David Redekop explains why outbound control is essential to protect cloud services, how to use DNS to restrict outbound connections, and the value of logging tools such as OSquery.

Day 2 Cloud
Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Day 2 Cloud

Play Episode Listen Later May 29, 2019 43:34


Today's Day Two Cloud episode dives into egress control for cloud security. Guest David Redekop explains why outbound control is essential to protect cloud services, how to use DNS to restrict outbound connections, and the value of logging tools such as OSquery.

Packet Pushers - Fat Pipe
Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Packet Pushers - Fat Pipe

Play Episode Listen Later May 29, 2019 43:34


Today's Day Two Cloud episode dives into egress control for cloud security. Guest David Redekop explains why outbound control is essential to protect cloud services, how to use DNS to restrict outbound connections, and the value of logging tools such as OSquery. The post Day Two Cloud 010: The Role Of Egress Control In Cloud Security appeared first on Packet Pushers.

Packet Pushers - Full Podcast Feed
Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Packet Pushers - Full Podcast Feed

Play Episode Listen Later May 29, 2019 43:34


Today's Day Two Cloud episode dives into egress control for cloud security. Guest David Redekop explains why outbound control is essential to protect cloud services, how to use DNS to restrict outbound connections, and the value of logging tools such as OSquery. The post Day Two Cloud 010: The Role Of Egress Control In Cloud Security appeared first on Packet Pushers.

Day 2 Cloud
Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Day 2 Cloud

Play Episode Listen Later May 29, 2019 43:34


Today's Day Two Cloud episode dives into egress control for cloud security. Guest David Redekop explains why outbound control is essential to protect cloud services, how to use DNS to restrict outbound connections, and the value of logging tools such as OSquery. The post Day Two Cloud 010: The Role Of Egress Control In Cloud Security appeared first on Packet Pushers.

DevOps and Docker Talk
Pre DockerCon with Laura Tacho and Marcos Lilljedahl

DevOps and Docker Talk

Play Episode Listen Later Apr 21, 2019 70:34


In this episode, I chat with Laura Tacho from CloudBees and Marcos Lilljedahl from iúnigo, both Docker Captains and developers. We take questions from the live audience and discuss topics ranging from the difference between Jenkins and Jenkins X, to Facebook's osquery and other new open source, to Docker's upcoming 19.03 release and its new features.

Brakeing Down Security Podcast
2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?

Brakeing Down Security Podcast

Play Episode Listen Later Jul 26, 2018 43:52


Stories and topics we covered: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/   https://osquery.io/   https://www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates   https://medium.com/netflix-techblog/netflix-sirt-releases-diffy-a-differencing-engine-for-digital-forensics-in-the-cloud-37b71abd2698   Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec