Talk With an Expert

Open-Source Endpoint Detection and Response with CIS Benchmarks, Osquery, Elastic Stack, and TheHive

Open-Source Endpoint Detection and Response with CIS Benchmarks, Osquery, Elastic Stack, and TheHive (PDF, 3.35MB)Published: 23 Oct, 2020
Created by
Christopher Hurless

There is a wealth of open-source tools available for information security. A characterization of the various open-source products will provide a means of fortifying endpoints and auditing those fortifications with an Endpoint Detection and Response (EDR) solution. High-quality security practices do not have to be expensive products, but they do need to hit several automation requirements to be effective. With this in mind, building robust, automated, EDR capability using open-source, community-driven tools that automate and standardize security responses is not only possible but practical. Having a set of predefined control settings on an endpoint goes beyond malware detection. It sets the stage to ensure that an organization's endpoints are fortified from an attack before it happens. By implementing the Center for Internet Security (CIS) Desktop Benchmarks, organizations have a means of strengthening endpoints from attack. Adding Osquery allows them to have a tool for knowing when a machine has fallen out of a fortified state. Following the loss of fortification is the need to investigate the cause and return the device to its intended state which can be done using Elastic Stack and TheHive.