The Power of Osquery for FinTech: The New Stack

Jeremy Colvin

Jeremy Colvin is Technical Product Marketing Manager at Uptycs and enjoys learning the bits and bytes of what makes good security. Prior to Uptycs, Jeremy spent two years at Deloitte helping clients design, configure, and implement secure systems. He graduated from Princeton with an AB in Public and International Affairs, focusing on privacy policy and information security.

FinTech security teams are tasked with a big job: defending the ever-evolving attack surface that comes from using technology as a differentiator in the world of investment and consumer banking, cryptocurrencies, and more. all while complying with multiple federal and state regulations.

FinTech organizations are always looking to innovate, and that carries over to their security teams as well. The notable shift to cloud-native environments has pushed these security teams toward solutions that provide reliable, flexible, and deep coverage as they scale.

To protect your IT ecosystem, security teams not only implement traditional security controls for on-premises solutions, but also focus on new threats coming your way in your cloud-native infrastructure. In this blog, we’ll take a deep dive into what has become a hidden superpower for FinTech security teams and some real-world examples of how they’re using it. Let’s discuss why security teams turn to osquery as a key security solution.

Osquery: The Differentiator for FinTech Security Teams

So how are they making cloud-native security possible at scale? It all starts with good people and processes, of course. The first technical step for any team is to understand its environment and the assets it is protecting. At this stage, you’ll be looking to gain deep visibility into your assets, giving you a clear foundation for best practices, such as proactively hardening your assets or spotting anomalies in your environment. To achieve that foundation of deep visibility, teams are using the osquery universe to support a robust analytics-focused security program.

See also  Magnum Technology Center opens second UAE production facility in Hamriyah Free Zone

For those unfamiliar, osquery is a powerful and scalable agent that collects a large amount of telemetry from macOS, Linux, Windows, and container workloads. The lightweight agent normalizes data into easily queryable sql tables, making it easy to ask questions about your assets, track compliance configurations, detect anomalies or malicious signatures, and gain a deep understanding of the real-time status of your security posture.

Through two extensions developed by Uptycs (kubequery and cloudquery), osquery’s concept of structured security analysis has been extended to support Kubernetes and cloud service providers such as Amazon Web Services, Google Cloud Platform and Azure. When carefully implemented, this tool supports a unified endpoint and cloud-native application protection program to comprehensively cover your fleet of assets.

Robust security analytics powered by osquery can drive support for nearly unlimited use cases: proactive (audit and compliance, software asset management), reactive (detection and investigation), and protective (block, remediation, governance).

If you want to start learning about the osquery universe from scratch, this is where you can start:

Osquery working with FinTech security teams

One of the best things about the osquery universe is the support and knowledge sharing in the user community. Uptycs helps drive this through the annual [email protected] conference that brings together stories from organizations that are building industry-leading security programs with osquery as a core part of their IT ecosystem.

Here’s a look at two previous presentations that highlight the benefits of using osquery:

Detections in Stripe

The Stripe financial services platform prioritizes proactive and actionable security observability across all of its deployments, with the goal of automating threat detection and response workflows. This presentation, from Stripe security engineer Russ Nolen, dives into his methodology for optimizing osquery to support the following:

See also  AI-generated art and YouTube algorithm

● Security observability at scale

● Ability to analyze behavioral changes or abnormalities

● Detection automation as code

Stripe has generously shared more content about their experiences with osquery and why they feel confident deploying the lightweight osquery agent on critical production servers. You can learn more about the steps taken to ensure low resource utilization here.

DevOps and Container Security at Ethos

Ethos is a fast-growing insurance technology organization facing the typical challenges of a cloud-native environment. Most productivity endpoints across the organization are macOS, where developers build in their local IDE and then push it through a CI/CD pipeline that ends up in a 100% containerized production workload, running on Kubernetes clusters. In order to deliver your applications with confidence and security, this approach requires strong end-to-end security observability throughout the entire DevOps process.

In the video below, Ethos VP of Security Ody Lupescu talks about using osquery telemetry to analyze DevOps processes and how to improve the experience for engineers working with your local IDE. The second half of the talk talks about tracking workloads in the CI/CD pipeline end-to-end from an engineer’s local IDE all the way to production. Lupescu helps bring to light how osquery can help reduce friction for your DevOps teams, as well as provide secure tracking of how each of your workloads is built, orchestrated, and deployed.

Leave a Comment