SlideShare a Scribd company logo

Netflix SIRT - Culture and Tech -Trainman

A
Alex Maestretti

How Netflix approaches incident response and the Trainman User Behavior Analytics platform.

Technology
1 of 49
Download to read offline
Security Intelligence and Response Team @maestretti jobs.netflix.com/teams/security
SIRT TECH & CULTURE CULTURE DETECTION Technology Culture medium.com/netflix-techblog/ jobs.netflix.com/culture
CULTURE FnR Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation…
CULTURE CONTEXT Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation… FEMA Incident Command System - https://training.fema.gov/
CULTURE FULL CYCLE DEVELOPERS https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15 PRODUCT CI/CD TECH STACK ‘Baking’ Virtual Machine images, called Amazon Machine Images (AMIs), from source (instead of configuring servers on the fly as you would with Chef/Puppet) provides a strong baseline for forensics. Any changes to be made to a server (instance), are made in code, checked into source control, and built into a new AMI - then new servers (instances) are deployed from this new AMI. Containers deploy the same way.
https://www.spinnaker.io/ PRODUCT MICROSERVICES Deploying multiple copies of the same AMI not only scales load, but creates a peer group to compare against, allowing us to surface suspicious differences in our fleet. https://github.com/Netflix-Skunkworks/diffy
CORPORATE LISA Our corporate model relies heavily on SaaS and the services we do run are launched in our cloud the same way as our product. We isolate and devalue our user endpoints, then seek to protect our core assets in the cloud. No lateral network access (LISA), no Active Directory, no network shares (GDrive). https://www.slideshare.net/BryanZimmer/location-independent-security-approach-lisa
CORPORATE SCOPE Identity is our perimeter. We seek to control access to our cloud resources through Single Sign On and User Behavior Analytics. We make access decisions based on strong identity and device health checks. https://github.com/Netflix-Skunkworks/stethoscope-app
Technology and Culture are formative. Our technology stack supports new approaches to security problems. We try to solve the easy problem, instead of the hard one. Our culture enables smart risk taking and aligns incentives to produce positive outcomes. SUMMARY
Trainman - Learnings from a detection platform Security Data Science Colloquium - 06/11/2018 Siamac Mirzaie, Science & Analytics
Motivation
Corporate Apps 2-year Growth
40%
Corporate App Users 2-year Growth
460%
2018 Content Investment
$ 8B
Share learnings for better collaboration
Stack
Visualization There is more to it than just detection Ingestion Detection Post-Processing
Learnings
“Can you folks do some machine learning on my app’s data?”
Three components to a viable use case Business impact Audit log data Analytically tractable
“The thing is, we don’t have past examples of malicious behavior”
Compensating for the lack of ground truth Security analyst feedback Red team testing
“Wait, why was this categorized as abnormal?”
Making an output explainable Data enrichment Algorithms transparency Decomposable ranking of anomalies
“Also, some people always use this resource, others don’t”
Working around data sparsity More complex feature engineering Uncovering entity personas Picking the right model
“This is a mathematical anomaly, not a business one”
Curbing false positives Ensemble approach Post-processing of anomalies
“This used to be an anomaly… but not anymore”
Keeping up with behavioral drift Dynamic models/thresholds
“That finally looks good. Can we make it faster?”
Shrinking time-to-detection Stream processing Combination of simpler anomaly detectors
“We have a new use case, can you build another detector?”
Handling use case quantity and variety Repeat Identify use case categories Pre-implemented functionality
Thank You.
Backup Slides.
CULTURE Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization. Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation… Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation... Full Cycle Developers https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
CULTURE MEMO - 1 Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization.
SECURITY LEARNING ORGANIZATION
Mary Landesman - Threat Intelligence https://www.linkedin.com/in/marylandesman/ Forest Monsen - SIRT Security Engineer https://www.linkedin.com/in/forestm/ Steve Zenone - SIRT Security Engineer https://www.linkedin.com/in/zenone/ BROCADE Alex Maestretti - SIRT Manager https://www.linkedin.com/in/maestretti/ Swathi Joshi - TPM Response https://www.linkedin.com/in/joshiswathi/ Kevin Glisson - SIRT Security Engineer https://www.linkedin.com/in/joshiswathi/

Recommended

Agile Project and Portfolio Management Using Jira - AgileSolutions
Agile Project and Portfolio Management Using Jira - AgileSolutionsAgile Project and Portfolio Management Using Jira - AgileSolutions
Agile Project and Portfolio Management Using Jira - AgileSolutions
Keith Klundt
 
User Story as UX Method
User Story as UX MethodUser Story as UX Method
User Story as UX Method
ПрофсоUX
 
Agile estimation and planning
Agile estimation and planning Agile estimation and planning
Agile estimation and planning
Elad Sofer
 
Unplanned Work: Options for managing the inevitable
Unplanned Work: Options for managing the inevitableUnplanned Work: Options for managing the inevitable
Unplanned Work: Options for managing the inevitable
David Hanson
 
What is in your Business Analysis Toolkit?
What is in your Business Analysis Toolkit?What is in your Business Analysis Toolkit?
What is in your Business Analysis Toolkit?
Patrick van Abbema, PMP, CBAP, CSP
 
Agile effort estimation
Agile effort estimation Agile effort estimation
Agile effort estimation
Elad Sofer
 
Introduction to Google Developer Relations
Introduction to Google Developer RelationsIntroduction to Google Developer Relations
Introduction to Google Developer Relations
Patrick Chanezon
 
Agile Product Management: Getting from Backlog to Value
Agile Product Management: Getting from Backlog to ValueAgile Product Management: Getting from Backlog to Value
Agile Product Management: Getting from Backlog to Value
LeadingAgile
 

Recommended

Agile Project and Portfolio Management Using Jira - AgileSolutions
Agile Project and Portfolio Management Using Jira - AgileSolutionsAgile Project and Portfolio Management Using Jira - AgileSolutions
Agile Project and Portfolio Management Using Jira - AgileSolutions
Keith Klundt
 
User Story as UX Method
User Story as UX MethodUser Story as UX Method
User Story as UX Method
ПрофсоUX
 
Agile estimation and planning
Agile estimation and planning Agile estimation and planning
Agile estimation and planning
Elad Sofer
 
Unplanned Work: Options for managing the inevitable
Unplanned Work: Options for managing the inevitableUnplanned Work: Options for managing the inevitable
Unplanned Work: Options for managing the inevitable
David Hanson
 
What is in your Business Analysis Toolkit?
What is in your Business Analysis Toolkit?What is in your Business Analysis Toolkit?
What is in your Business Analysis Toolkit?
Patrick van Abbema, PMP, CBAP, CSP
 
Agile effort estimation
Agile effort estimation Agile effort estimation
Agile effort estimation
Elad Sofer
 
Introduction to Google Developer Relations
Introduction to Google Developer RelationsIntroduction to Google Developer Relations
Introduction to Google Developer Relations
Patrick Chanezon
 
Agile Product Management: Getting from Backlog to Value
Agile Product Management: Getting from Backlog to ValueAgile Product Management: Getting from Backlog to Value
Agile Product Management: Getting from Backlog to Value
LeadingAgile
 
Adult Manifesto
Adult ManifestoAdult Manifesto
Adult Manifesto
Daniel Teng
 
Requirements Management
Requirements ManagementRequirements Management
Requirements Management
Shwetha-BA
 
Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
Kris Buytaert
 
The BA role in Agile Development
The BA role in Agile Development The BA role in Agile Development
The BA role in Agile Development
Agileee
 
Agile and waterfall
Agile and waterfallAgile and waterfall
Agile and waterfall
John Morse
 
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystemsTechnical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
OutSystems
 
Fundamentals of Business Analysis
Fundamentals of Business AnalysisFundamentals of Business Analysis
Fundamentals of Business Analysis
Joshua Pierce
 
Business Requirement Document
Business Requirement DocumentBusiness Requirement Document
Business Requirement Document
Hendrix Yapputro , Certified IT Architect
 
Storytelling Techniques for Better Requirements
Storytelling Techniques for Better RequirementsStorytelling Techniques for Better Requirements
Storytelling Techniques for Better Requirements
TechWell
 
Impediments: Silent killer of agile teams
Impediments: Silent killer of agile teamsImpediments: Silent killer of agile teams
Impediments: Silent killer of agile teams
Pooja Wandile
 
Business Analysis 101
Business Analysis 101Business Analysis 101
Business Analysis 101
Abhishek Navlakha, PMP, CSM
 
Introductory session on business analyst training1
Introductory session on business analyst training1Introductory session on business analyst training1
Introductory session on business analyst training1
Suprriya Nair
 
Project Closing Procedure PowerPoint Presentation Slides
Project Closing Procedure PowerPoint Presentation Slides Project Closing Procedure PowerPoint Presentation Slides
Project Closing Procedure PowerPoint Presentation Slides
SlideTeam
 
Agile Story Writing
Agile Story WritingAgile Story Writing
Agile Story Writing
Intelliware Development Inc.
 
Facilitating Release Planning Event
Facilitating Release Planning EventFacilitating Release Planning Event
Facilitating Release Planning Event
Ravi Tadwalkar
 
The Business Analyst: The Pivotal Role Of The Future
The Business Analyst: The Pivotal Role Of The FutureThe Business Analyst: The Pivotal Role Of The Future
The Business Analyst: The Pivotal Role Of The Future
Tom Humbarger
 
The Challenges of Agile Adoption
The Challenges of Agile AdoptionThe Challenges of Agile Adoption
The Challenges of Agile Adoption
Intelliware Development Inc.
 
Why Agile Works?
Why Agile Works?Why Agile Works?
Why Agile Works?
Aaron Medina
 
FPA for Dummies
FPA for DummiesFPA for Dummies
FPA for Dummies
Frank Vogelezang
 
Ace Up the Sleeve
Ace Up the SleeveAce Up the Sleeve
Ace Up the Sleeve
Will Schroeder
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
Jonathan Sinclair
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
Lydia Shepherd
 

More Related Content

What's hot

Requirements Management
Requirements ManagementRequirements Management
Requirements Management
Shwetha-BA
 
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystemsTechnical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
OutSystems
 
Storytelling Techniques for Better Requirements
Storytelling Techniques for Better RequirementsStorytelling Techniques for Better Requirements
Storytelling Techniques for Better Requirements
TechWell
 
Introductory session on business analyst training1
Introductory session on business analyst training1Introductory session on business analyst training1
Introductory session on business analyst training1
Suprriya Nair
 
Project Closing Procedure PowerPoint Presentation Slides
Project Closing Procedure PowerPoint Presentation Slides Project Closing Procedure PowerPoint Presentation Slides
Project Closing Procedure PowerPoint Presentation Slides
SlideTeam
 

What's hot (20)

Adult Manifesto
Adult ManifestoAdult Manifesto
Adult Manifesto
 
Requirements Management
Requirements ManagementRequirements Management
Requirements Management
 
Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
 
The BA role in Agile Development
The BA role in Agile Development The BA role in Agile Development
The BA role in Agile Development
 
Agile and waterfall
Agile and waterfallAgile and waterfall
Agile and waterfall
 
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystemsTechnical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
 
Fundamentals of Business Analysis
Fundamentals of Business AnalysisFundamentals of Business Analysis
Fundamentals of Business Analysis
 
Business Requirement Document
Business Requirement DocumentBusiness Requirement Document
Business Requirement Document
 
Storytelling Techniques for Better Requirements
Storytelling Techniques for Better RequirementsStorytelling Techniques for Better Requirements
Storytelling Techniques for Better Requirements
 
Impediments: Silent killer of agile teams
Impediments: Silent killer of agile teamsImpediments: Silent killer of agile teams
Impediments: Silent killer of agile teams
 
Business Analysis 101
Business Analysis 101Business Analysis 101
Business Analysis 101
 
Introductory session on business analyst training1
Introductory session on business analyst training1Introductory session on business analyst training1
Introductory session on business analyst training1
 
Project Closing Procedure PowerPoint Presentation Slides
Project Closing Procedure PowerPoint Presentation Slides Project Closing Procedure PowerPoint Presentation Slides
Project Closing Procedure PowerPoint Presentation Slides
 
Agile Story Writing
Agile Story WritingAgile Story Writing
Agile Story Writing
 
Facilitating Release Planning Event
Facilitating Release Planning EventFacilitating Release Planning Event
Facilitating Release Planning Event
 
The Business Analyst: The Pivotal Role Of The Future
The Business Analyst: The Pivotal Role Of The FutureThe Business Analyst: The Pivotal Role Of The Future
The Business Analyst: The Pivotal Role Of The Future
 
The Challenges of Agile Adoption
The Challenges of Agile AdoptionThe Challenges of Agile Adoption
The Challenges of Agile Adoption
 
Why Agile Works?
Why Agile Works?Why Agile Works?
Why Agile Works?
 
FPA for Dummies
FPA for DummiesFPA for Dummies
FPA for Dummies
 
Ace Up the Sleeve
Ace Up the SleeveAce Up the Sleeve
Ace Up the Sleeve
 

Similar to Netflix SIRT - Culture and Tech -Trainman

Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
Lydia Shepherd
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Sherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Sherry Jones
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
Dominic Vogel
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
Casey Fleming
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
Patricia M Watson
 

Similar to Netflix SIRT - Culture and Tech -Trainman (20)

Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-book
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 

Netflix SIRT - Culture and Tech -Trainman

  • 1. Security Intelligence and Response Team @maestretti jobs.netflix.com/teams/security
  • 3. CULTURE FnR Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation…
  • 4. CULTURE CONTEXT Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation… FEMA Incident Command System - https://training.fema.gov/
  • 6. https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15 PRODUCT CI/CD TECH STACK ‘Baking’ Virtual Machine images, called Amazon Machine Images (AMIs), from source (instead of configuring servers on the fly as you would with Chef/Puppet) provides a strong baseline for forensics. Any changes to be made to a server (instance), are made in code, checked into source control, and built into a new AMI - then new servers (instances) are deployed from this new AMI. Containers deploy the same way.
  • 7. https://www.spinnaker.io/ PRODUCT MICROSERVICES Deploying multiple copies of the same AMI not only scales load, but creates a peer group to compare against, allowing us to surface suspicious differences in our fleet. https://github.com/Netflix-Skunkworks/diffy
  • 8. CORPORATE LISA Our corporate model relies heavily on SaaS and the services we do run are launched in our cloud the same way as our product. We isolate and devalue our user endpoints, then seek to protect our core assets in the cloud. No lateral network access (LISA), no Active Directory, no network shares (GDrive). https://www.slideshare.net/BryanZimmer/location-independent-security-approach-lisa
  • 9. CORPORATE SCOPE Identity is our perimeter. We seek to control access to our cloud resources through Single Sign On and User Behavior Analytics. We make access decisions based on strong identity and device health checks. https://github.com/Netflix-Skunkworks/stethoscope-app
  • 10. Technology and Culture are formative. Our technology stack supports new approaches to security problems. We try to solve the easy problem, instead of the hard one. Our culture enables smart risk taking and aligns incentives to produce positive outcomes. SUMMARY
  • 11.
  • 12. Trainman - Learnings from a detection platform Security Data Science Colloquium - 06/11/2018 Siamac Mirzaie, Science & Analytics
  • 15. 40%
  • 17. 460%
  • 19. $ 8B
  • 20.
  • 21. Share learnings for better collaboration
  • 22.
  • 23. Stack
  • 24. Visualization There is more to it than just detection Ingestion Detection Post-Processing
  • 25.
  • 26.
  • 28. “Can you folks do some machine learning on my app’s data?”
  • 29. Three components to a viable use case Business impact Audit log data Analytically tractable
  • 30. “The thing is, we don’t have past examples of malicious behavior”
  • 31. Compensating for the lack of ground truth Security analyst feedback Red team testing
  • 32. “Wait, why was this categorized as abnormal?”
  • 33. Making an output explainable Data enrichment Algorithms transparency Decomposable ranking of anomalies
  • 34. “Also, some people always use this resource, others don’t”
  • 35. Working around data sparsity More complex feature engineering Uncovering entity personas Picking the right model
  • 36. “This is a mathematical anomaly, not a business one”
  • 38. “This used to be an anomaly… but not anymore”
  • 39. Keeping up with behavioral drift Dynamic models/thresholds
  • 40. “That finally looks good. Can we make it faster?”
  • 42. “We have a new use case, can you build another detector?”
  • 43. Handling use case quantity and variety Repeat Identify use case categories Pre-implemented functionality
  • 46. CULTURE Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization. Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation… Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation... Full Cycle Developers https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
  • 47. CULTURE MEMO - 1 Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization.
  • 49. Mary Landesman - Threat Intelligence https://www.linkedin.com/in/marylandesman/ Forest Monsen - SIRT Security Engineer https://www.linkedin.com/in/forestm/ Steve Zenone - SIRT Security Engineer https://www.linkedin.com/in/zenone/ BROCADE Alex Maestretti - SIRT Manager https://www.linkedin.com/in/maestretti/ Swathi Joshi - TPM Response https://www.linkedin.com/in/joshiswathi/ Kevin Glisson - SIRT Security Engineer https://www.linkedin.com/in/joshiswathi/