We have just open sourced Trailbot, a files and logs tracking daemon for GNU/Linux that triggers Smart Policies upon unwanted modifications.
Current security solutions are based on an obsolete paradigm: building walls and fences. Companies advertise their overcomplicated perimeter security systems as if they were impenetrable. But nevertheless we hear everyday about cyber security breaches at even the largest corporations. It’s not a matter of “if” but “when” the perimeter will get breached.
In any case walls and fences will not protect you at all from internal breaches and insider threats. Furthermore, most data resides nowadays in the cloud, where walls, borders and fences fade and blur.
With Trailbot you can rest assured of the integrity of your data, being it a system log or any other important file. It doesn't matter if an outsider got access to your systems or an insider decided to go rogue—you are now in control.
When compared to Tripwire, AIDE, Graylog or other conventional SEM solutions, Trailbot offers a much more extensible and powerful policies engine that allows anyone to write, fork, customize and share their own smart policies written in javascript or coffeescript.
Other big point in favor of Trailbot is that we are strong believers and supporters of the technological sovereignty movement, so we open sourced all the components in Trailbot's stack so that you can self-host the whole thing in case you don't want to trust any third party.
In addition, all traffic going between Trailbot Watcher and Trailbot Client is encrypted end-to-end using asymmetric cryptography (PGP with 4096 bits keys).
Thanks a lot for your interest, we hope you find Trailbot useful :)
It's too bad this submission didn't get more attention. It seems like these files/logs could help inform the "walls and fences" to better fight intrusion in the first place (root cause analysis). I think at the enterprise level, intrusion detection is used to help prevent intrusion in the first place. Minimizing the latency b/w these two functions seems like the thing to optimize for.
Thank you! We focused on building a product that is very easy to extend. Smart policies bringing the functionalities you describe can and will be built.
5 comments
[ 3.1 ms ] story [ 24.5 ms ] threadWe have just open sourced Trailbot, a files and logs tracking daemon for GNU/Linux that triggers Smart Policies upon unwanted modifications.
Current security solutions are based on an obsolete paradigm: building walls and fences. Companies advertise their overcomplicated perimeter security systems as if they were impenetrable. But nevertheless we hear everyday about cyber security breaches at even the largest corporations. It’s not a matter of “if” but “when” the perimeter will get breached.
In any case walls and fences will not protect you at all from internal breaches and insider threats. Furthermore, most data resides nowadays in the cloud, where walls, borders and fences fade and blur.
With Trailbot you can rest assured of the integrity of your data, being it a system log or any other important file. It doesn't matter if an outsider got access to your systems or an insider decided to go rogue—you are now in control.
Would love to hear your thoughts and feedback!
When compared to Tripwire, AIDE, Graylog or other conventional SEM solutions, Trailbot offers a much more extensible and powerful policies engine that allows anyone to write, fork, customize and share their own smart policies written in javascript or coffeescript.
Other big point in favor of Trailbot is that we are strong believers and supporters of the technological sovereignty movement, so we open sourced all the components in Trailbot's stack so that you can self-host the whole thing in case you don't want to trust any third party.
In addition, all traffic going between Trailbot Watcher and Trailbot Client is encrypted end-to-end using asymmetric cryptography (PGP with 4096 bits keys).
Thanks a lot for your interest, we hope you find Trailbot useful :)