Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Turn on the lights

Mike McNeil
February 04, 2021
Technology
0
140

Turn on the lights

Learn how to tap into what your employer sees using Postman + osquery, an open source API for asking questions about devices like laptops, servers, and Docker containers.

> Note from Mike:
> To try out the "Is it any good?" demo for yourself, head over to:
> https://fleetdm.com

Mike McNeil

February 04, 2021
Tweet

More Decks by Mike McNeil

See All by Mike McNeil
❌ error 🖐️ling (Portland, OR)
mikermcneil
0
210
Developers, from scratch (Warecraft 2019 - Austin, TX)
mikermcneil
1
280
Developers, from scratch
mikermcneil
0
320
"Be not afraid!"
mikermcneil
0
200
Why hire a developer when you can hire a barista and teach them to code?
mikermcneil
0
390
Introducing Sails v1
mikermcneil
1
1.6k
I Love APIs
mikermcneil
1
860
What even is software?
mikermcneil
0
370
SxSW 2015
mikermcneil
4
690

Other Decks in Technology

See All in Technology
安全にプロセスを停止するためにシグナル制御を学ぼう!
yamamotohiroya
0
220
ローコード自動テストを1ヶ月半で導入した話
sumiren
0
230
ネットワーク設定の抽象化とコンテナルータを用いた検証環境の立ち上げ支援
tjmtrhs
0
100
Webアプリケーション設計の第一歩は
ディレクトリの整理から / Encraft 1
okunokentaro
24
6.8k
Secret sauce for improving developer experience: tackle flaky tests
line_developers
PRO
2
200
スマート東京実施戦略_2023(令和5)年度の取組
tokyo_metropolitan_gov_smart_tokyo_strat
0
490
ZOZOTOWNの検索APIにキャッシュを導入、実装時の工夫や効果について
sattosan
0
400
Cloudflare 基本のキ
katzueno
0
150
PM同士のレトロスペクティブのすゝめ
bengo4com
0
100
ちょっとわかるWindows Autopilot
shao1555
1
390
ZOZOTOWNの裏側に迫る! Javaで作られたBFFの開発事例を紹介
yutaro527
0
410
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
25k

Featured

See All Featured
The Invisible Side of Design
smashingmag
292
49k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Designing the Hi-DPI Web
ddemaree
273
33k
Mobile First: as difficult as doing things right
swwweet
213
7.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
The Cult of Friendly URLs
andyhume
70
5.2k
Bootstrapping a Software Product
garrettdimon
299
110k
Build The Right Thing And Hit Your Dates
maggiecrowley
22
1.5k
GraphQLとの向き合い方2022年版
quramy
22
10k
Scaling GitHub
holman
453
140k
Creatively Recalculating Your Daily Design Routine
revolveconf
207
11k
It's Worth the Effort
3n
177
26k

Transcript

  1. Postman Galaxy, 2021
    Turn on the lights ✨
    Mike McNeil


    View Slide

  2. Nothing to hide

    View Slide

  3. Your servers.

    View Slide

  4. Your work laptop.

    View Slide

  5. Your smartphone.

    View Slide

  6. What can your employer see?
    Nothing to hide
    • Vulnerable packages, ex
    fi
    ltrated Google docs


    • Installed apps, running processes


    • Screen lock status, hours spent online


    • Files on your desktop? 🤷


    • Browser history? 🤷


    • Every keystroke? 🤷

    View Slide

  7. Keyloggers
    c. 2001

    View Slide

  8. Keyloggers
    c. 2001
    • Run an .exe to generate an agent.


    • Trick someone into installing the agent on their device.


    • Every 30m, receive an email with everything they've typed.


    • Everything.

    View Slide

  9. Keyloggers
    c. 2001
    • So easy to get someone to run an .exe
    fi
    le.

    View Slide

  10. Keyloggers
    c. 2001
    • Uh oh.

    View Slide

  11. 20 years later
    Not much has changed

    View Slide

  12. Device management agents
    c. 2021
    • Run software to generate agents.


    • Install the agents on all your servers and employee devices.


    • Every 30m, IT/Sec receives an email with everything you've typed..?


    • What are these agents doing?


    • How do we know?


    • Aren't we supposed to be pursuing "Zero Trust"?

    View Slide

  13. Transparency

    View Slide

  14. Transparency
    How do we get there?
    • Start with the agent

    View Slide

  15. Building a better agent
    Priorities
    • Ubiquitous


    • Lightweight 🐾


    • Open 🖨

    View Slide

  16. View Slide

  17. Zach Wasserman
    CTO


    View Slide

  18. Zach Wasserman
    Co-creator


    View Slide

  19. View Slide

  20. View Slide

  21. osquery
    One agent to rule them all
    • Lightweight 🐾


    • Open 🖨


    • Ubiquitous

    View Slide

  22. osquery (cont.)
    Key innovation: SQL
    • 50 years of maturity


    • SQLite (query planner + SQL parser)


    • Virtual tables that describe devices

    View Slide

  23. Beyond the agent

    View Slide

  24. What else do we need?
    • Manageability


    • Interoperability


    • Trust Certainty
    Beyond the agent

    View Slide

  25. View Slide

  26. View Slide

  27. Open source

    View Slide

  28. Mike McNeil
    Creator & BDFL


    View Slide

  29. Open core

    View Slide

  30. Any log destination

    View Slide

  31. View Slide

  32. Interoperability

    View Slide

  33. - Brendan Shaklovitz
    "I use Fleet to manage thousands of hosts,
    develop better queries, and get the most out
    of osquery logs."

    View Slide

  34. Roadmap
    H1 2021
    • Teams (RBAC)


    • Auto-updates


    • Vulnerability management


    • Baseline queries available out of the box


    • Shareable compliance reporting & goal tracking


    • Query performance monitoring

    View Slide

  35. Roadmap (cont.)
    H1 2021
    • More
    fl
    exible con
    fi
    g (startup
    fl
    ags, etc)


    • Search


    • Deep links


    • Activity feed


    • Easier, faster deployments

    View Slide

  36. • Fleet Device API (chromebooks, etc)


    • Standard library (Fleet's recommended queries)


    • Tickets (ServiceNow GRC, JIRA)


    • gRPC
    Roadmap (cont.)
    H1 2021

    View Slide

  37. • Custom osquery extension deployment ("R"»»"EDR")


    • Fleet Desktop (turn on self-remediation, scope & audit transparency)
    Roadmap (cont.)
    H2 2021

    View Slide

  38. Is it any good?

    View Slide

  39. Read more:
    fl
    eetdm.com


    Twitter: @
    fl
    eetctl


    Contribute:
    fl
    eetdm/
    fl
    eet

    View Slide