Out in the Open: Netflix Unleashes the ‘Monkey’ That Keeps Its Systems Secure By Klint Finley
http://www.wired.com/2014/07/security-monkey/
Out in the Open: Netflix Unleashes the Monkey That Keeps Its Systems Secure
By Klint Finley
07.02.14 | 6:30 am
Netflix has open sourced another member of its Simian Army, the monkey-monikered tools its engineers use to manage the enormous number of machines that drive its popular video streaming service. The latest is called Security Monkey, and its a tool for monitoring and analyzing the security of its systems.
Like others in the family, the tool is designed to deal with machines used through Amazons cloud computing service. Netflix operates several dozen accounts on the Amazon cloud, and through each of these, it can spin up virtual servers to run the various parts of its video service. The company is constantly deploying new code, adding new services, deleting old ones, and modifying server configurations. Each of these tasks can create security vulnerabilities, and thats where Security Monkey comes into play. The tool could potentially help any company that runs its operations atop Amazon and other cloud servicesand such companies are only becoming more prevalent.
Security Monkey monitors and logs changes to configuration changes across any number of Amazon accounts, notifies a user list of users about those changes, and checks the new configurations for common security problems, such as accidentally exposing a server to the whole internet. Amazon already offers two tools called CloudTrail and Trusted Advisor that do monitoring and auditing, but according to Netflix, Security Monkey predates both tools and offers some unique features.
While CloudTrail can provide a detail log of commands executed on a server, it doesnt provide records of how security configuration may have changed over time. It was also critical to have access to an authoritative configuration history service for forensic and investigative purposes so that we could know how things have changed over time, reads a Netflix blog post. And while Trusted Advisor has the ability to run a number of security checks, it lacks Security Monkeys ability to create custom checks. Plus, unlike Trusted Advisor, Security Monkey is free. In the future, Netflix plans to integrate the tool with CloudTrail.