Presentation: Doorman - An Osquery Fleet Manager

Track: Building Security Infrastructure

Location: Plymouth - Royale, 6th fl.

Day of week:

Slides: Download Slides

Level: Intermediate

Persona: Architect, Developer, Security Professional

More talks on:

Abstract

Osquery allows you to easily ask questions about your Linux, Windows, and macOS infrastructure using standard SQL-based statements. But how? Organizations deploying osquery will need to engineer various solutions to accomplish this seemingly simple task. Enter Doorman. This simple Python/Flask-based web interface allows you to manage your entire osquery deployment, from baseline configurations and ad-hoc queries, to log collection and alerting. In this talk, we'll give a brief demonstration of osquery and its capabilities and why we set upon using osquery as an endpoint security solution. We'll describe our threat model along with the design and architecture decisions that went into Doorman. Lastly, we'll discuss how we use Doorman and osquery to provide visibility into our infrastructure.

Speaker: Marcin Wielgoszewski

Security Engineer

Marcin Wielgoszewski is a security engineer at a cryptocurrency exchange, where he is responsible for designing preventative and detective security controls to safeguard customer funds and information. Prior to his engineering role, Marcin was a principal consultant at Matasano Security (now NCC Group), an application security consulting firm. At Matasano, he worked primarily in an offensive role performing application security assessments and cryptographic design and implementation reviews for financial institutions. Marcin was a member of the Cryptopals.com team, and previously a guest lecturer in NYU Tandon's Penetration Testing and Vulnerability Analysis class.

Find Marcin Wielgoszewski at

Speaker page

@marcinw
https://www.linkedin.com/in/wielgoszewski/

Similar Talks

Inside Job: How to Build Great Teams Within a Legacy Organization?

Qcon

Engineering Director @Meetup

Francisco Trindade

Self-Selection for Resilience and Better Culture

Qcon

Agile/DevOps Trainer & Founder of Agile Play Consulting, LLC

Dana Pylayeva

CockroachDB: Architecture of a Geo-Distributed SQL Database

Qcon

CockroachDB maintainer, Co-founder & CTO @CockroachDB

Peter Mattis

Breaking Hierarchy - How Spotify Enables Engineer Decision Making

Qcon

Senior Engineering Manager, Data and Machine Learning Infrastructure @Spotify

Kristian Lindwall

Context Matters: Improving the Performance and Wellbeing of Teams

Qcon

Director of IT @Etsy

Shawn Carney

Maintaining the Go Crypto Libraries

Qcon

Cryptogopher @Google

Filippo Valsorda

Video Streaming at Scale

Qcon

IBM Distinguished Engineer, CTO Watson Media Cognitive Solutions @IBM

Lysa Banks

Machine-to-Machine Interfaces

Qcon

Sr. Consultant, AppDev @awscloud

Ari Lerner

Building and Operating a Serverless Data Pipeline

Qcon

Director Of Engineering at Intent

Will Norman

Tracks

Tracks

Non-Technical Skills for Technical Folks

Trust, Safety, & Security

Data Engineering for the Bold

Machine Learning for Developers

Software Defined Infrastructure: Kubernetes, Service Meshes, & Beyond

21st Century Languages

High-Performance Computing: Lessons from FinTech & AdTech

Modern Java Innovations

Architecting for Success when Failure is Guaranteed

Building High-Performing Teams

Human Systems: Hacking the Org

Modern CS in the Real World

Developing/Optimizing Clients for Developers

Microservices / Serverless (Patterns & Practices)

Architectures You've Always Wondered About