Kolide — User Focused Security for Teams That Slack

Jason Meller
May 22nd, 2019

Tl;dr Kolide is launching a User Focused Security product for teams who use Slack called “K2”. This product is available today as a beta, and you can sign up for free, right here. If you want to know more about User Focused Security and why it matters, read this blog post!

“Starting tomorrow, we are rolling out new security software to all employee laptops.”

You shudder as you read the email from the new IT Director. You’ve read these words before at your last company, and you know they signal the “good ole’ days” of freedom-driven productivity are over. Soon your days will be filled with an escalating series of mass-deployed inconveniences all in the name of “compliance” or worse, promises of protection against faceless bogeymen.

On schedule, the new security agent silently rolls out to your MacBook Pro, planting its icon-based flag of conquest on your menu bar. You click it, and are greeted with a dropdown that contains a slew of disabled options. This app clearly isn’t meant for you.

a comic showing two people, one with his laptop chained to a weight that reads "30 tons" the other man is holding a welding tool and is saying "And there you go! perfectly safe and secure! I should let you get back to work.

You become hyper-vigilant of the performance of your machine. With every minor hiccup and delayed app launch, you scrutinize your Activity Monitor. You sort by CPU utilization hoping to catch your new foe red-handed, bogging your processor and thwarting your work. Finding it at the top of the list as expected, you terminate the process, knowing like some 3-headed hydra it will revive itself quickly and resume its assault on your daily tasks.

As you watch it siphon your CPU and memory, you imagine all the useless and ridiculous things it’s looking for, recording, and exporting to some secret dashboard. Is it searching for malware from 10 years ago? Is it logging every processes that you execute to some Splunk blackhole? Is it exporting your browser history?

You shrug your shoulders and decide to just ignore it. “IT and security are just necessary evils of becoming a successful large company”, you rationalize to yourself as you move on with your day.

The above story has played out countless times at successful, fast-growing companies. It’s become almost a right of passage as the agile startup “grows up” and needs to start worrying about adult things.

Here at Kolide, we are eager to challenge this thought process. We believe it is possible for organizations to responsibility meet their compliance and security goals without frustrating their users or locking down their devices. We call this new approach User Focused Security.

What is User Focused Security?

User Focused Security is a new alternative approach to excessive monitoring and management of end-user devices. We first became aware of this term in 2017 after Netflix published a Medium article about an in-house tool they created to give their end-users insight into the IT and security status of their device.

To me, User Focused Security consists of three components:

  1. Favor accessible security policies over rigid enforcement.

  2. Trust your users to do the right thing and use low-impact methods to verify compliance.

  3. Give your users easy to use tools to confirm and fix problems on their devices. These tools should favor education over “one click fixes”.

Essentially, you should treat your employees like capable adults who have the capacity to learn and understand security policies. Some benefits we have seen at organizations who embrace User Focused Security are:

  • Increased positive interactions and collaborations between end-users and Security teams.

  • Drastically decreased time between initial detection and remediation on compliance-based security issues.

  • Dramatically increased compliance on traditionally tough-to-enforce items (proper handling of customer data, encrypting credentials, etc.)

  • Reduced reliance on expensive workstation management software

While simple to explain, rolling out an effective User Focused Security program is difficult. You need software to codify your security policy and you need an effective way to reach out to your users, and verify their actions have resolved any problems that their device is exhibiting.

At Kolide, we believe in this new paradigm so much that we have spent the last four months building a product that we hope will enable turn-key User Focused Security in your organization.

Introducing K2 — Turn-Key User Focused Security

Today I am proud to announce K2 (short for Kolide 2), our latest SaaS product that focuses entirely on helping organizations who use Slack try out User Focused Security in their organization.

K2 is now in public beta with a free 14 day trial. Sign up for free! The workflow is simple.

  1. Sign up and install the Kolide Slack app.

  2. You install our pre-packaged open-source agent on your Mac, Linux, and Windows devices.

  3. We automatically associate your users in Slack with their devices.

  4. We perform a check up on those devices throughout the day to see if they are compliant with your security policy.

  5. We ping users on Slack once near the end of their day and tell them what is wrong with their device and how to fix it.

  6. Users resolve the problem and verify in real-time via the interactive Slack App that the issue is fixed.

  7. Any users who ignore the Slack app messages or request Admin assistance are escalated to your team for further action.

Check out this GIF of the Slack app in action…

a gif that shows the slack app working with user permissions

How end-users interact with the Kolide Slack app

In addition to the above, we’ve spent a lot of time creating a beautiful User Interface to quickly assess the status of your devices…

The Device Details view for an iMac Pro connected to Kolide

How is Kolide different from traditional Endpoint Security Products?

Our new product K2 is somewhat opinionated and is not for everyone. You are going to have the best experience with this product if you tend to agree with our values. These include:

  • Kolide prioritizes the performance or stability of a device over excessive visibility. In practice, this means we’d rather have an alert take 5 extra minutes to report into a dashboard if we can reduce the impact on the device by even a small amount.

  • Kolide is a good fit for organizations that value transparency and have cultures that preach the importance of personal freedom and responsibility.

  • Kolide does not subscribe to the “collect everything all the time for the sake of doing so in the event we might eventually need it” that plagues traditional endpoint detection software. If your goal is to build a giant flight-recorder and stream all actions taken across all devices to Splunk or Kibana, Kolide may not fit your use-case.

  • Kolide tries to avoiding collecting data for devices that violates their privacy and we are constantly evaluating whether data is worth collecting if a User would feel excessively surveilled.

  • Our built-in detection skews towards uncovering risks and compliance issues statistically more likely to impact software companies (particularly SaaS providers). Existing solutions underserve these types of organizations in favor of detection strategies more suitable for massive enterprises concerned about targeted attacks from nation-state threat actors.

Does this sound like a good fit for your team? Try it for free for 14 days!

Feedback Appreciated

K2 is a brand-new product, and we can’t wait to hear your feedback to improve the experience for you and your end-users.

Sign up today to get started and let us know what you think!

Share this story:

More articles you
might enjoy:

Introducing Deeper Integration With Your SSO Provider
Blaed Johnston
Two Years at Kolide — Creating a New Privacy Standard for Endpoint Security
Jason Meller
Deep Dives
Are Your Employees Slack Messages Leaking While Their Screen Is Locked?
Fritz Ifert-Miller
Watch a Demo
Watch a Demo