Netflix Open Sources Internal Threat Monitoring Tools

alphadogg (971356) writes Netflix has released three internal tools it uses to catch hints on the Web that hackers might target its services. "Many security teams need to stay on the lookout for Internet-based discussions, posts and other bits that may be of impact to the organizations they are protecting," wrote Andy Hoernecke and Scott Behrens of Netflix's Cloud Security Team. One of the tools, called Scumblr, can be used to create custom searches of Google sites, Twitter and Facebook for users or keywords.

I wonder why they released these.

[haruchai]

Does Netflix have a tradition of free / open source software contribs?

Re: I wonder why they released these.

[bsDaemon]

Their github account has 3 pages worth of stuff and they put a lot back into FreeBSD, too.

Re: I wonder why they released these.

[haruchai]

Good to know; nice to see more companies giving back to the opensource community.

Re:I wonder why they released these.

[CrankyFool]

I work at Netflix (and manage a software development group).

The general approach to OSS can generally be summarized as "if it's not core product (algorithms, recommendations, etc), why haven't you open-sourced it yet?"

It's one of the (very many) nice parts of the job.

Re:I wonder why they released these.

[haruchai]

That's great to hear; wish my own company thought that way. We have talented developers but limit them to writing mostly reporting, integration & user interface code and spend megabucks buying commercial software when solid, stable free / open alternatives already exist.

I wonder why they released these.

Yes. They just keep releasing one neat tool after the other as open source:
https://github.com/Netflix/

The biggest risk to Netflix

[gelfling]

Is Netflix, Amazon AWS and Xbox. Taken together any fucking thing you can imagine will or won't happen.

Re:We should all do this

[davester666]

Unfortunately, the NSA is the threat, and there is nobody monitoring them.

Netflix in news

[Comen]

Why is it this is the only article I can really find online about Netflix petitioning the FCC to now allow the Comcast TWC merger?

http://www.engadget.com/2014/08/26/netflix-fcc-petition-time-warner-cable-comcast/

Re:Netflix in news

[Guspaz]

Huh? You've linked to an article of Netflix asking for the merger to be blocked.

The three tools (because TFA article is, well...)

[xxxJonBoyxxx]

#1: Scumblr: Ruby-based, web-configured application that allows searching the Internet for sites and content of interest. Includes libraries for sites like Google, Facebook, and Twitter.
#2: Workflowable: Ruby gem that routes different kinds of detections from Scumblr to specific processes.
#3: Sketchy: takes screenshots of web finds for Scumblr.

(I might be a little off, but the Karma gods will surely reward me.)

Re:Only problem is the name

[ShaunC]

So fork it and rename it to CorporateGoodwillProtector, then suggest that to your customer.

Re:Only problem is the name

[CrankyFool]

It's an artifact of how Netflix does OSS: If you're the engineer who open-sources a product, you're the person who names the product. Sometimes that works better than others :)

Re:Linux User Agent

[laffer1]

For all you know, he's on the team that's trying to stop you from using chromium on netflix.

Re:Only problem is the name

[omems]

As an end-user and not a marketing weasel, I value non-marketing speak. I especially roll my eyes when companies trademark stupid names and then insist on including the symbol in every instance. (thankfully you won't see that here because I am unable to get this commenting system to reproduce it)