Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Out in the Open: Netflix Unleashes the ‘Monkey’ That Keeps Its Systems Secure By Klint Finley
http://www.wired.com/2014/07/security-monkey/
Out in the Open: Netflix Unleashes the ‘Monkey’ That Keeps Its Systems Secure
By Klint Finley
07.02.14 | 6:30 am
Netflix has open sourced another member of its “Simian Army,” the monkey-monikered tools its engineers use to manage the enormous number of machines that drive its popular video streaming service. The latest is called Security Monkey, and it’s a tool for monitoring and analyzing the security of its systems.
Like others in the family, the tool is designed to deal with machines used through Amazon’s cloud computing service. Netflix operates several dozen accounts on the Amazon cloud, and through each of these, it can spin up virtual servers to run the various parts of its video service. The company is constantly deploying new code, adding new services, deleting old ones, and modifying server configurations. Each of these tasks can create security vulnerabilities, and that’s where Security Monkey comes into play. The tool could potentially help any company that runs its operations atop Amazon and other cloud services—and such companies are only becoming more prevalent.
Security Monkey monitors and logs changes to configuration changes across any number of Amazon accounts, notifies a user list of users about those changes, and checks the new configurations for common security problems, such as accidentally exposing a server to the whole internet. Amazon already offers two tools called CloudTrail and Trusted Advisor that do monitoring and auditing, but according to Netflix, Security Monkey predates both tools and offers some unique features.
While CloudTrail can provide a detail log of commands executed on a server, it doesn’t provide records of how security configuration may have changed over time. “It was also critical to have access to an authoritative configuration history service for forensic and investigative purposes so that we could know how things have changed over time,” reads a Netflix blog post. And while Trusted Advisor has the ability to run a number of security checks, it lacks Security Monkey’s ability to create custom checks. Plus, unlike Trusted Advisor, Security Monkey is free. In the future, Netflix plans to integrate the tool with CloudTrail.
