b1ea2121da
Closes https://github.com/fleetdm/fleet/issues/41798 Changes: - Added an "About Fleet" section to the case study article template page. - Removed the "About Fleet" sections from case study articles. FYI @irenareedy: After this change is merged, you will not need to include an "About Fleet" section on new case study articles.
4.2 KiB
Cybersecurity company improves endpoint visibility with Fleet
A cybersecurity company builds products that help organizations detect and respond to vulnerabilities across complex environments. Its team relies on macOS devices today and plans to expand management to Linux and Windows as the organization grows.
As a security-focused company, the team needs device management that offers deeper insight into endpoint behavior while remaining transparent and customizable.
At a glance
-
Industry: Cybersecurity
-
Devices managed: ~56 macOS devices, expanding to Linux and Windows
-
Primary requirements: osquery visibility, vulnerability detection, granular policies
-
Previous challenge: Complex scripting requirements and limited cross-platform visibility
The challenge
The team currently uses Jamf to manage macOS devices.
However, extracting detailed user insights requires extensive custom scripting. Implementing granular policies also requires navigating complex administrative workflows.
At the same time, Linux and Windows devices sit outside the primary management scope. This creates gaps in endpoint visibility that the team wants to eliminate.
As a security-focused organization, the company needs a system that delivers detailed endpoint data while remaining flexible enough to support custom security workflows.
The evaluation criteria
During their evaluation, Fleet must meet three requirements:
-
osquery integration
Provide the ability to run custom queries and generate granular alerts. -
Vulnerability visibility
Identify vulnerable software across the fleet in real time. -
Granular policy management
Allow flexible policies without complex scripting or tiered add-ons.
The team also wants a platform that can manage macOS, Windows, and Linux through a single interface.
The solution
Fleet provides a platform that aligns with the company’s security-first mindset.
Using osquery through Fleet, the team runs custom queries across devices to gather detailed security data. This allows them to go beyond basic inventory and focus on the signals that matter to their environment.
Fleet’s open-source model is also important. Security engineers write custom queries and inspect how the system works, rather than relying on a proprietary management agent.
The team also evaluates telemetry streaming through AWS Kinesis. This allows endpoint data to flow directly into SOC workflows for faster threat detection.
A smooth migration
The migration to Fleet only took this team a few weeks.
The rollout created minimal disruption for the remote workforce. Self-service deployment tools allowed devices to transition without affecting productivity.
Fleet Cloud simplified onboarding and allowed the team to manage their devices through a unified platform.
The results
Real-time visibility improved the team’s ability to investigate and respond to security events.
With live queries and telemetry data, security teams triaged incidents and monitored compliance in minutes rather than days.
The platform also simplified device management. Instead of maintaining complex scripts or tiered tooling, the team managed policies and gathered security insights directly through Fleet.
Why they recommend Fleet
Their recommendation centers on customization and insight. Fleet allows teams to collect the specific data points that matter to their environment. Instead of relying on fixed inventory views, security teams build queries and workflows that match their operational needs.