Last Updated on April 1, 2022
Do you know what software is running on your endpoints? If not, you lack the ability to detect unauthorized applications or services, or to enforce security policies regarding unapproved software. Also, if you don’t know what software is on your endpoints, how do you know if that software is out of date or introduces known vulnerabilities that hackers are targeting?
On a recent episode of The Virtual CISO Podcast, Mike McNeil, CEO at Fleet Device Management, explained how his company’s open source solution can provide a comprehensive endpoint software inventory, and how customers are using that capability today.
Motion detection for your devices
Say you don’t want Zoom running inside your network. How do you know if someone just installed it?
“You can think of policies in Fleet today as motion detectors,” says Mike. “You define a perimeter of acceptable use for your workstations and servers, and then you collect data about that.”
Fleet can provide a software inventory of Windows programs, Mac programs, Chrome extensions, Firefox plugins, and software packages/libraries.
What about blocking a user from installing unauthorized software? Since osquery, the open source project Fleet is based on, is read-only, an osquery extension would be needed. According to Mike, different operating systems (Windows, Linux and MacOS are supported currently) need different extensions—but writing on devices can be done today using osquery extensions.
Using Fleet for configuration management
Fleet can provide exceptionally detailed data about devices. So why not use it for configuration management? Need to track CIS benchmarks or DISA STIGs for compliance? Need to ensure that devices meet HIPAA requirements? Fleet can tell you whether devices are in conformance with a standard or not, based on how you define conformance via your policies.
“This is something that folks are doing today with osquery,” Mike relates. “You can also accomplish that with policies in Fleet. Policies are basically a yes/no question with a yes/no answer. As long as you can express that in osquery SQL, then that’s something you can handle in Fleet. So, CIS level 1 and Level 2, I’ve heard of good results. And there are actually open source osquery queries out there for that, so you can copy/paste them.”
osquery further enables you to group policies together into configurations. You can also tag queries in Fleet to facilitate using them together. For example, you can tag certain policies as relevant to ISO 27001, HIPAA, CIS benchmarks or whatever standards you need to comply with.
To listen to the podcast with Mike McNeil, CEO at Fleet, click here.
Looking to make better security decisions with data from your endpoints? You’ll appreciate this related podcast: EP#50 – Chris Neyhuis – How EDR & NDR Help You Make Better Security Decisions