Comment by bhattisatish
21 hours ago
In case of small enterprises, what are the options for migrating to Ubuntu for all remote users?
How does one have an MDM solution? Most of the solutions out there are poor on Ubuntu or need lots of work to get things right. Can anyone provide a reference architecture/solution that allows them to be SOC2 compliant? But also not have high friction for developers and more importantly not have bigger overheads on process or investment?
The industry standard endpoint security solutions all run on either Windows or Mac. Endpoint security is an absolute MUST for a corporate environment.
Crowdstrike Falcon runs on Linux.
Edit: that's probably a bad thing, lol
What is RHEL, chopped liver?
EDR products are really quite bad on Linux, even RHEL in my experience.
It's been years since I've seen RHEL on the desktop at work. Any company that tolerated Linux desktops has either been large and geeky enough to go all-in on Linux and roll their own custom management solutions (Google), or else was still operating in "startup mode" with an attitude of "we trust our software devs, let's just give them a laptop and let them go nuts with root" which means they would flunk any serious security audit. And most of those used Ubuntu or similar.
The only place I've actually seen RHEL on the desktop, also the only large instutition besides Google I've seen Linux desktop rollout, was in government labs; and for those the government can commission arbitrarily bespoke security systems. In the real world, the CISO of your organization is going to go with one of the industry standards, like Cisco Secure Endpoint, which—again—only exist on Windows and Mac. In the real world, you might be issued a Mac if you're a developer, otherwise a Windows machine, and that's what you'll use, end of story.
[dead]
Yeah, I requested to have a Linux desktop from my employer and was flatly told "NO". None of our many security applications supports it, which is a real shame. As we use Windows and MacOS, I can't see how we'll really be more secure on those platforms, even with the security theater applications they force us to use.
The standard approach is to use intrusive spyware to monitor all activity "for security" rather than to use systems designed to be resistant to attack. I call it the "fucking for virginity" approach to infosec. The reason why is because it's assumed that all attack-resistant systems break down somehow, under some circumstances but the audit trail to determine who committed the attack and how is non-negotiable, especially in regulatory and compliance settings. So institutional infosec tools are more interested in gathering the audit trail if/when an attack happens than in preventing the attack (in a "while we value the things in column A, the things in column B take priority" kind of way). And since they're almost always proprietary and considered beyond reproach by the corporate infosec division, well... occasionally something like the Clownstrike incident of 2024 does happen. But even that's not as bad as having had a breach without a sufficient audit trail to defend against liability or claims of noncompliance with regulations or industry standards (e.g., HITRUST in the health field).