Is Open Source the Future of Endpoint Security

Last Updated on January 18, 2024

Open source provides transparency. Being able to see what code is running in your environment — as well as what’s being monitored on your own computer — gives you a comforting level of visibility across data, apps, and usage.

In this episode, former open-source developer Mike McNeil, CEO at Fleet Device Management, an open-source company, talks with me about why open source is so important for security and compliance.

Join us as we discuss:

• The business impact of open source
• Why open source grants such necessary visibility
• How the open-source community removes friction inherent in proprietary software
• Vulnerability management and automation scenarios with Fleet
• What’s next for Mike and Fleet

The Business Impact of Open Source

In the world of device management, open source functions as it does in any other context. The code serves as a baseline, a foundation, that you can choose to use and adapt according to your unique needs.

Its key differentiator, as we discuss today, is the way it empowers literally anyone with the requisite skills to drill down into the code and understand what’s happening “under the hood.”

There is power in genuine visibility and transparency. In the security world, that leads to a concrete understanding of information systems and the data being collected, stored, shared, and even erased within those systems.

Why Open Source Grants This Level of Visibility

While Fleet collects device information, it’s important to note that it’s anonymous.

The goal of open source is to place freedom and flexibility into the hands of the people using the code. Further, open source enables inspired contributors to constantly work at evolving solutions and improving upon them for the benefit of the entire community.

How the Open Source Community Removes Friction

Time, cost, and quality are the three most important dials in business. Open source sets them all spinning in a positive direction.

Time

Open source is a way of working that seeks to provide true visibility and transparency. Flexibility and freedom are one thing, but there’s also collective intelligence constantly coming in from the ever-growing number of developers working to improve the base code and solution extensions.

Thus, open source communities can potentially evolve solutions at a far quicker pace than proprietary teams. There is even a way to request extensions to the code base, which elevates their priority within the developer community.

Cost

One of the top benefits of open-source solutions is their lower cost. Because Fleet and similar tools are “self-supported” by the teams that use them, and much of the development work is provided free of charge by the community, open-source options are almost always the cheapest way to go, in terms of purchase price, licensing, etc.

Quality

Quality is another aspect where open-source tools can remove friction relative to proprietary software and dealing with vendors. For example, Fleet’s ability to collect and store endpoint data on a regular cadence for historical analyses and to use as an audit trail in the event of an incident is extremely powerful. This kind of ability helps identify and prevent incidents — especially when you have the flexibility to process endpoint data through other solutions, such as your Governance, Risk and Compliance (GRC) software.

Vulnerability Management and Automation

Vulnerability management at the endpoint is different from network vulnerability scans. This is because some kinds of information collected and stored at the endpoint can be difficult to upload into the network environment.

Since there are multiple open-source and proprietary solutions in the market for vulnerability scanning, it is possible to try Fleet or osquery alongside them. While doing this, remember that every company has a unique set of security needs.

Automation

As Mike says, you can automate many things within your day-to-day routine, but you’ll need to pause along the way and invest in human intelligence for quality assurance reasons.

In the context of Fleet and osquery, you can automatically create new tickets when new vulnerabilities crop up on devices within your fleet. This extends to policies. For example, if your company policy mandates that an app shouldn’t be installed, you can automatically create a ticket if that app is found on any device, so that your IT team can step in.

What’s Next for Mike and Fleet?

Expect Fleet Desktop to be available in Q2 2022. It enables a menu bar icon that can be engaged to reveal what data the employer is collecting from the employee’s device. It also shows the relevant management or IT users an interface covering each of the devices being managed through the system.

Additionally, Fleet Desktop will enable self-management of policy adherence within the business. Its at-a-glance view of internal compliance will empower employees to self-check compliance, apply fixes and keep routine checks by management or IT teams short and laser-focused on bigger issues.

Further along on the horizon is a rules-based risk scoring function. It would score vulnerabilities before the automation is triggered against the score. This could help IT teams prioritize tickets and more intelligently allocate resources when patching issues.

To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here.

Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

Free OWASP ASVS Testing Guide

If you are just learning about OWASP’s testing standard or are considering the best way to prove the security of an application, this guide is meant for you!

Download Now!