Last Updated on January 19, 2024
Many companies already have proprietary device management solutions to protect, secure and enforce policies for devices, such as servers, laptops, tablets and phones. There are many entrants in this broad market space, some of which even offer free versions.
Where do open source device management solutions fit into the mix? Why add a “roll your own” solution when you can leverage a cost-effective, vendor supported offering?
To explain why his company’s open source tool, Fleet Device Management, is running on 1.65 million endpoints and counting, we invited Mike McNeil, CEO at Fleet, to join a recent episode of The Virtual CISO Podcast. The show is hosted by Pivot Point Security’s CISO and Managing Partner, John Verry.
Augment your vulnerability scanning
Vulnerability management is a new and evolving use case for Fleet, which is based on the popular osquery open source project. For organizations that have vulnerability scanning software like Qualys, Rapid7, Tenable or Nessus, Fleet can potentially augment (“I would not say supplant, today.” says Mike) existing capabilities.
“Try Fleet and see because everybody has a different level of freshness that they need,” Mike relates. “Our data source is the National Vulnerability Database, or NVD. Let’s say you’re using Rapid7 and getting a lot of value from that. You may just want to know a little bit sooner, or you want to get the ticket in the hands of the right person, or you want a little bit more programmability.”
“For example, you might want to use the API a little bit more or to be able to loop in your IT team and maybe involve Monkey. That might be a great fit to check out the vulnerability detection in Fleet,” adds Mike. “You can’t actually patch in Fleet today, but you can see a report of all the devices on your fleet that have a problem. Then you can even go a bit further and automate the ticket creation based on that.”
In short, you can quickly write and send a query against your whole device fleet or any subset of it. When you get back the data from the devices, you run one or more processes to analyze the aggregate queries. Based on results, your code can fire rules, like, “If you find a vulnerability above CVSS Level X, automatically open a ticket in Jira.”
To further augment that capability, Fleet is working with a partner in the health tech space to build automated risk scoring into Fleet in 2022.
Input to your favorite dashboard
While Fleet offers simple dashboarding, you can also pull its output to another solution, such as your governance, risk and compliance (GRC) tool, your security information event management (SIEM) solution, or an analytics tool like Grafana or Splunk. Fleet’s goal is to provide APIs to help clients get that rich Fleet “inventory” data into their system of record for security or compliance.
In short, Fleet is a quick, cost-effective way for technical IT staff and developers to enrich, augment and/or accelerate the data gathering and analytics you’re already doing. It’s great for finding critical vulnerabilities so you can patch them faster, or maintaining a detailed device inventory beyond what you might be getting with an SNMP-based approach today.
What’s next?
Ready to listen to the podcast with Mike McNeil on Fleet Device Management and osquery? click here.
Does your organization need to comply with STIGs or CIS controls? This podcast talks about a streamlined approach to configuration management: EP#72 – Brian Hajost – How Configuration Management Makes Security Simple