Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netflix Just Announced a User Focused Security Application (netflix.com)

Posted by msmash on from the how-about-that dept.

Moving beyond movies and TV shows (and their DVDs), Netflix announced on Tuesday Stethoscope, its "first project following a User Focused Security approach." From a company's blog post: The notion of "User Focused Security" acknowledges that attacks against corporate users (e.g., phishing, malware) are the primary mechanism leading to security incidents and data breaches, and it's one of the core principles driving our approach to corporate information security. [...] Stethoscope is a web application that collects information for a given user's devices and gives them clear and specific recommendations for securing their systems. If we provide employees with focused, actionable information and low-friction tools, we believe they can get their devices into a more secure state without heavy-handed policy enforcement. The company says Stethoscope tracks disk encryption, firewall, automatic updates, up-to-date OS/software, screen lock, jailbroken/rooted status, security software stack configurations of the device.

5 of 43 comments (clear)

  1. In next weeks news get your nails done at Autozone by pecosdave · · Score: 2

    Wow - this is some pretty cool stuff and I commend Netflix for doing it, but really? Netflix?

    --
    The preceding post was not a Slashvertisement.
  2. Re:In next weeks news get your nails done at Autoz by EvilSS · · Score: 3, Interesting

    Looks like something they developed internally for their own use and decided to open source.

    --
    I browse on +1 so AC's need not respond, I won't see it.
  3. Re:In next weeks news get your nails done at Autoz by chispito · · Score: 3, Informative

    Check out their GitHub: https://netflix.github.io/

    They open source a lot of their in-house software.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
  4. Re:I already cover malware/firewall/phishing via by DontBeAMoran · · Score: 2

    Maybe, but I have to say that your movies library is quite limited and not worth the monthly fee.

    --
    #DeleteFacebook
  5. Re:Conflict between up to date and not rooted by skids · · Score: 2

    I couldn't find a public "check my phone" link, or I'd've tried it.

    I believe that would be because your phone is not enrolled in an MDM manager.

    From the article: "Stethoscope is a web application that collects information for a given user's devices"

    This implies it is a web app that, by itself, checks your device and maybe even enumerates/discovers
    your devices. That would make it a scary security hole rather than a security tool since web apps really
    should not be able to access any state of health information on a device (though some is quite leakable these days.)

    Fortunately it appears not to be. It seems to be just a way to put a pretty front-end on devices that are using other
    installable agents to assess their security. It goes to the backend databases of those agents, assuming you have an
    account on them which is available through an SSO system or other authenticator, and pulls information
    they have previously collected. Unless you have those backend egents installed and a database set up
    for them to report to, this tool isn't for you. Basically it's for the enterprise.

    Kudos to them for releasing their internal tools to github, though, I'm sure they will get some valuable
    additions from the community.

    --
    Someone had to do it.