April 4, 2022

Last Updated on January 18, 2024

Fleet Device Management is a leading open source device management solution built on the popular osquery open source project. The cross-platform Fleet agent runs on Windows, Linux and MacOS laptops and servers and streams accurate, real-time data from up to 100,000-plus devices.

A few of the many popular use cases for Fleet today include:

  • Maintaining an accurate device inventory
  • Identifying vulnerabilities or misconfigurations on devices
  • Pinpointing out-of-policy user activity
  • Finding potential data leaks
  • Quickly verifying patches and other changes made with other software
  • Conducting incident response using live endpoint data
  • Sending a notification when a CVE is detected

Fleet also has plans to add some in-demand use cases in the near future, as CEO Mike McNeil shared on a recent episode of The Virtual CISO Podcast.

Fleet Desktop—coming soon, with self-service support

Mike reveals that Fleet Desktop will ship in Q2 2022. It will not only offer transparency to users on what their company is monitoring about their workstation, but also let them fix common issues without involving IT.

“Imagine you’re in human resources at Atlassian [a current Fleet customer],” says Mike. “Then let’s say that your company decides to roll out Fleet Desktop. Now you’ll have a menu bar icon in the corner of your screen that will show you, ‘What is Atlassian monitoring about me?’

“You can see exactly what your device looks like in Fleet, and the software you have installed—maybe it’s even faster than going to the Apple menu!” jokes Mike. “You can see your disk space and how much is left on your hard drive. Probably most important of all, you can see where you’re failing or passing the organization’s policies. So, if I’m supposed to have antivirus turned on, and it’s not on, I see that I’m failing a policy. I can fix it myself with some remediation steps, and then I can hit a re-fetch button to then see that get automatically updated and see, ‘Ah, now I am passing the policy. All good.’”

Empowering users to fix their own out-of-policy issues is great from an IT perspective, as it reduces IT demands, shortens time to closure and is probably more convenient for users overall in most cases as well.

Vulnerability risk scoring

Fleet is also working on improving their vulnerability management features, including adding vulnerability risk scoring.

“You have to match these version numbers from the National Vulnerability Database to the data that’s coming back from osquery,” Mike explains. “That’s led us to prioritizing the most important apps and packages that people are going to have installed, and making sure we can provide the most accurate possible detection there. So that’s where a lot of our focus is going to be in the next few months.”

This could help reduce complexity for organizations that run a lot of required software on their endpoints, such as data loss prevention (DLP) and/or endpoint detection and response (EDR) tools.

One agent to rule them all,” Mike quips. “That’s an informal slogan we throw around.

At the rate Fleet is going, it could soon be the company tagline.

What’s next?

To check out the show with Mike McNeil, CEO at Fleet Device Management, click here.

Interested in a better way to get data about your endpoints? We recommend this podcast episode on the topic: EP#50 – Chris Neyhuis – How EDR & NDR Help You Make Better Security Decisions

Free OWASP ASVS Testing Guide

If you are just learning about OWASP’s testing standard or are considering the best way to prove the security of an application, this guide is meant for you!