It is a Windows-centric world, but not at Facebook where the company has many more Mac laptops than those running Windows. With a lack of Mac OS X-based security network appliances, Facebook began, 18 months ago, to write its own security software. The result, Osquery, enables its security team to monitor, in real-time, the current state of those laptops’ operating systems. Facebook also made the tools freely available as an open source project, bringing outside security expertise to bear.
According to The Wall Street Journal, Facebook has 16,000 Mac laptops (and many fewer Windows computers), making it essential for the company to develop a security solution.
Speaking at a Mac IT conference in Silicon Valley, Facebook Security Engineer Ted Reed noted that, “these laptops that everyone uses are the highest risk at Facebook as a company,” since employees visit websites that the company doesn’t control, install apps and run different network protocols. Hackers are drawn to the laptops because they contain “information about the company’s developers and provide a springboard to Facebook’s production infrastructure as well as all of the company’s code.”
When the company realized the lack of Mac OS X tools, says Facebook Software Engineer Mike Arpaia, he and other Facebook developers on the intrusion detection team began to write their own software. Osquery software monitors functions such as which processes are currently running on a particular machine or the open network connections, all in real-time.
Facebook began testing the software and, in October 2014, made it available to as an open source project, which serves as a way to increase its security forces without making new hires. Since its initial debut, at least 52 people have contributed to Osquery, from not only Facebook. GitHub, where the source project is hosted, also names developers from Box Inc. and Slack Technologies, Inc.
Facebook’s move is similar, says WSJ, to how Netflix created Security Monkey to monitor its Amazon Web Services infrastructure for changes to configurations and to notify the security team when something significant has changed.