Kolide – How Software Engineers Ruin Macs and Could Ruin You

Speakers: Jason Meller

Level: All Levels, Lecture

Excerpt: You’ve spent hours preparing for a new software engineer to start, you’ve enrolled their shiny new Mac in MDM, you’ve solved software deployment and managed updates, you’ve even enforced 2FA and SSO across your most important services. What could go wrong?


In this talk, I will simultaneously dazzle and horrify you, by showing how seemingly innocuous actions completely undermine the security of a Mac and inevitably lead to serious compromises.

We will use open-source tools like Facebook’s Osquery agent augmented by Kolide’s product to easily locate these ruined Macs, to shut down risks before they spiral out of control.

Description: Kolide is a security focused infrastructure analytics company. We specialize in collecting and analyzing data from your organization’s devices to deliver actionable insights through a thoughtful user experience. We answer all of your infrastructure questions, especially the ones you didn’t think to ask.

Throughout our journey, we’ve learned quite a lot about Macs and the developers that use them. While many of our clients are worried about detecting advanced threat actors pulling off a sophisticated attack, the reality is, the seemingly innocuous actions of their own technically savvy employees represent the greatest risk to their organization.

This talk is designed to educate MacAdmins who are ready to go beyond thinking about security as a checkbox. We will challenge you to start thinking strategically and creatively about how the controls you have deployed are rendered ineffective through actions taken by employees in the course of their daily routine.

Using these techniques we will pinpoint major weaknesses and showcase workarounds to the following security controls:

* Filevault full disk encryption
* Two-factor authentication in external SaaS services
* Password managers (including 1Password)
* Remote system access
* Gatekeeper
* Firewalls/VPNs
* And many more

To help us on our journey, we will use open-source tools like Facebook’s Osquery agent augmented by Kolide’s SaaS product to easily locate these high-risk Macs and learn more about them along the way.

About the speaker

Jason Meller (Twitter: @kolideco) – CEO – Kolide, Inc.

Jason is the CEO and co-founder of Kolide, an early-stage, Boston-based cyber security startup. Jason has spent his 10-year career building technology that enables cyber security professionals to protect their interests from the threats they will face. Before founding Kolide, Jason served as Chief Security Strategist at publicly traded cyber security firm FireEye. There, he was responsible for conceptualizing, building, and deploying key products, including their managed services and threat Intelligence offerings.

Prior to FireEye, Jason co-founded and served as CEO of Threat Stack, a Techstars-backed cloud security startup. Before which, he served as a product manager at incident response firm Mandiant. Prior to Mandiant, he was a core member of Richard Bejlicth’s elite GE Computer Incident Response Team.

This entry was posted in MacAdmins 2018 Sessions. Bookmark the permalink.