SlideShare ist ein Scribd-Unternehmen logo

Netflix SIRT - Culture and Tech -Trainman

A
Alex Maestretti

How Netflix approaches incident response and the Trainman User Behavior Analytics platform.

Technologie
1 von 49
Downloaden Sie, um offline zu lesen
Security Intelligence and Response Team @maestretti jobs.netflix.com/teams/security
SIRT TECH & CULTURE CULTURE DETECTION Technology Culture medium.com/netflix-techblog/ jobs.netflix.com/culture
CULTURE FnR Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation…
CULTURE CONTEXT Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation… FEMA Incident Command System - https://training.fema.gov/
CULTURE FULL CYCLE DEVELOPERS https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15 PRODUCT CI/CD TECH STACK ‘Baking’ Virtual Machine images, called Amazon Machine Images (AMIs), from source (instead of configuring servers on the fly as you would with Chef/Puppet) provides a strong baseline for forensics. Any changes to be made to a server (instance), are made in code, checked into source control, and built into a new AMI - then new servers (instances) are deployed from this new AMI. Containers deploy the same way.
https://www.spinnaker.io/ PRODUCT MICROSERVICES Deploying multiple copies of the same AMI not only scales load, but creates a peer group to compare against, allowing us to surface suspicious differences in our fleet. https://github.com/Netflix-Skunkworks/diffy
CORPORATE LISA Our corporate model relies heavily on SaaS and the services we do run are launched in our cloud the same way as our product. We isolate and devalue our user endpoints, then seek to protect our core assets in the cloud. No lateral network access (LISA), no Active Directory, no network shares (GDrive). https://www.slideshare.net/BryanZimmer/location-independent-security-approach-lisa
CORPORATE SCOPE Identity is our perimeter. We seek to control access to our cloud resources through Single Sign On and User Behavior Analytics. We make access decisions based on strong identity and device health checks. https://github.com/Netflix-Skunkworks/stethoscope-app
Technology and Culture are formative. Our technology stack supports new approaches to security problems. We try to solve the easy problem, instead of the hard one. Our culture enables smart risk taking and aligns incentives to produce positive outcomes. SUMMARY
Trainman - Learnings from a detection platform Security Data Science Colloquium - 06/11/2018 Siamac Mirzaie, Science & Analytics
Motivation
Corporate Apps 2-year Growth
40%
Corporate App Users 2-year Growth
460%
2018 Content Investment
$ 8B
Share learnings for better collaboration
Stack
Visualization There is more to it than just detection Ingestion Detection Post-Processing
Learnings
“Can you folks do some machine learning on my app’s data?”
Three components to a viable use case Business impact Audit log data Analytically tractable
“The thing is, we don’t have past examples of malicious behavior”
Compensating for the lack of ground truth Security analyst feedback Red team testing
“Wait, why was this categorized as abnormal?”
Making an output explainable Data enrichment Algorithms transparency Decomposable ranking of anomalies
“Also, some people always use this resource, others don’t”
Working around data sparsity More complex feature engineering Uncovering entity personas Picking the right model
“This is a mathematical anomaly, not a business one”
Curbing false positives Ensemble approach Post-processing of anomalies
“This used to be an anomaly… but not anymore”
Keeping up with behavioral drift Dynamic models/thresholds
“That finally looks good. Can we make it faster?”
Shrinking time-to-detection Stream processing Combination of simpler anomaly detectors
“We have a new use case, can you build another detector?”
Handling use case quantity and variety Repeat Identify use case categories Pre-implemented functionality
Thank You.
Backup Slides.
CULTURE Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization. Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation… Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation... Full Cycle Developers https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
CULTURE MEMO - 1 Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization.
SECURITY LEARNING ORGANIZATION
Mary Landesman - Threat Intelligence https://www.linkedin.com/in/marylandesman/ Forest Monsen - SIRT Security Engineer https://www.linkedin.com/in/forestm/ Steve Zenone - SIRT Security Engineer https://www.linkedin.com/in/zenone/ BROCADE Alex Maestretti - SIRT Manager https://www.linkedin.com/in/maestretti/ Swathi Joshi - TPM Response https://www.linkedin.com/in/joshiswathi/ Kevin Glisson - SIRT Security Engineer https://www.linkedin.com/in/joshiswathi/

Empfohlen

Jira
JiraJira
JiraAbdullah Shahneel
 
Advanced JIRA and Confluence
Advanced JIRA and ConfluenceAdvanced JIRA and Confluence
Advanced JIRA and ConfluenceAshish Jain, CSM, Prince2 Practitioner
 
Slicing and dicing your user stories
Slicing and dicing your user storiesSlicing and dicing your user stories
Slicing and dicing your user storiesJenny Wong
 
Introducing JIRA AGILE
Introducing JIRA AGILEIntroducing JIRA AGILE
Introducing JIRA AGILENishanth K Hydru
 
Big Data and Data Science: The Technologies Shaping Our Lives
Big Data and Data Science: The Technologies Shaping Our LivesBig Data and Data Science: The Technologies Shaping Our Lives
Big Data and Data Science: The Technologies Shaping Our LivesRukshan Batuwita
 
Scrum - Product Owner
Scrum - Product OwnerScrum - Product Owner
Scrum - Product OwnerMárcio Oya
 
The Startup Journey: Scaling a New Venture
The Startup Journey: Scaling a New VentureThe Startup Journey: Scaling a New Venture
The Startup Journey: Scaling a New VentureElena Putnam
 
A New Introduction to Jira & Agile Product Management
A New Introduction to Jira & Agile Product ManagementA New Introduction to Jira & Agile Product Management
A New Introduction to Jira & Agile Product ManagementDan Chuparkoff
 

Empfohlen

Jira
JiraJira
JiraAbdullah Shahneel
 
Advanced JIRA and Confluence
Advanced JIRA and ConfluenceAdvanced JIRA and Confluence
Advanced JIRA and ConfluenceAshish Jain, CSM, Prince2 Practitioner
 
Slicing and dicing your user stories
Slicing and dicing your user storiesSlicing and dicing your user stories
Slicing and dicing your user storiesJenny Wong
 
Introducing JIRA AGILE
Introducing JIRA AGILEIntroducing JIRA AGILE
Introducing JIRA AGILENishanth K Hydru
 
Big Data and Data Science: The Technologies Shaping Our Lives
Big Data and Data Science: The Technologies Shaping Our LivesBig Data and Data Science: The Technologies Shaping Our Lives
Big Data and Data Science: The Technologies Shaping Our LivesRukshan Batuwita
 
Scrum - Product Owner
Scrum - Product OwnerScrum - Product Owner
Scrum - Product OwnerMárcio Oya
 
The Startup Journey: Scaling a New Venture
The Startup Journey: Scaling a New VentureThe Startup Journey: Scaling a New Venture
The Startup Journey: Scaling a New VentureElena Putnam
 
A New Introduction to Jira & Agile Product Management
A New Introduction to Jira & Agile Product ManagementA New Introduction to Jira & Agile Product Management
A New Introduction to Jira & Agile Product ManagementDan Chuparkoff
 
Working With Big Data
Working With Big DataWorking With Big Data
Working With Big DataSeth Familian
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElasticsearch
 
User Story Workshop
User Story WorkshopUser Story Workshop
User Story WorkshopPeter Antman
 
Cynefin sensemaking framework and usage examples
Cynefin sensemaking framework and usage examplesCynefin sensemaking framework and usage examples
Cynefin sensemaking framework and usage examplesLuxoftAgilePractice
 
Agile effort estimation
Agile effort estimation Agile effort estimation
Agile effort estimation Elad Sofer
 
Scaled Agile Framework (SAFe) in the Trenches
Scaled Agile Framework (SAFe) in the TrenchesScaled Agile Framework (SAFe) in the Trenches
Scaled Agile Framework (SAFe) in the TrenchesYuval Yeret
 
Scaling Agile | Spotify
Scaling Agile | SpotifyScaling Agile | Spotify
Scaling Agile | SpotifyXPDays
 
Why jira
Why jiraWhy jira
Why jiraMasih Heidarizadeh
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Stanford University
 
Cynefin - A Framework for Leaders in an Ever-Changing World
Cynefin - A Framework for Leaders in an Ever-Changing WorldCynefin - A Framework for Leaders in an Ever-Changing World
Cynefin - A Framework for Leaders in an Ever-Changing WorldIlio Krumins-Beens
 
Scrum Process
Scrum ProcessScrum Process
Scrum ProcessRodrigo Paolucci
 
Use of Jira Confluence as Project Management Tool
Use of Jira Confluence as Project Management ToolUse of Jira Confluence as Project Management Tool
Use of Jira Confluence as Project Management ToolJipin Nakarmi
 
Doing hard things - ALX Culture Deck
Doing hard things - ALX Culture DeckDoing hard things - ALX Culture Deck
Doing hard things - ALX Culture DeckMiquel-Àngel Artero
 
Jira training
Jira trainingJira training
Jira trainingRahul Janghel
 
Akamai as Code
Akamai as CodeAkamai as Code
Akamai as CodeAkamai Developers & Admins
 
Heart of Agile: What is Agile?
Heart of Agile: What is Agile?Heart of Agile: What is Agile?
Heart of Agile: What is Agile?Agile Tour Beirut
 
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...SlideTeam
 
Starbase: Graph-Based Security Analysis for Everyone
Starbase: Graph-Based Security Analysis for EveryoneStarbase: Graph-Based Security Analysis for Everyone
Starbase: Graph-Based Security Analysis for EveryoneNeo4j
 
Scrum Process Overview
Scrum Process OverviewScrum Process Overview
Scrum Process OverviewPaul Nguyen
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 

Weitere ähnliche Inhalte

Was ist angesagt?

Working With Big Data
Working With Big DataWorking With Big Data
Working With Big DataSeth Familian
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElasticsearch
 
User Story Workshop
User Story WorkshopUser Story Workshop
User Story WorkshopPeter Antman
 
Cynefin sensemaking framework and usage examples
Cynefin sensemaking framework and usage examplesCynefin sensemaking framework and usage examples
Cynefin sensemaking framework and usage examplesLuxoftAgilePractice
 
Agile effort estimation
Agile effort estimation Agile effort estimation
Agile effort estimation Elad Sofer
 
Scaled Agile Framework (SAFe) in the Trenches
Scaled Agile Framework (SAFe) in the TrenchesScaled Agile Framework (SAFe) in the Trenches
Scaled Agile Framework (SAFe) in the TrenchesYuval Yeret
 
Scaling Agile | Spotify
Scaling Agile | SpotifyScaling Agile | Spotify
Scaling Agile | SpotifyXPDays
 
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Stanford University
 
Cynefin - A Framework for Leaders in an Ever-Changing World
Cynefin - A Framework for Leaders in an Ever-Changing WorldCynefin - A Framework for Leaders in an Ever-Changing World
Cynefin - A Framework for Leaders in an Ever-Changing WorldIlio Krumins-Beens
 
Use of Jira Confluence as Project Management Tool
Use of Jira Confluence as Project Management ToolUse of Jira Confluence as Project Management Tool
Use of Jira Confluence as Project Management ToolJipin Nakarmi
 
Doing hard things - ALX Culture Deck
Doing hard things - ALX Culture DeckDoing hard things - ALX Culture Deck
Doing hard things - ALX Culture DeckMiquel-Àngel Artero
 
Heart of Agile: What is Agile?
Heart of Agile: What is Agile?Heart of Agile: What is Agile?
Heart of Agile: What is Agile?Agile Tour Beirut
 
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...SlideTeam
 
Starbase: Graph-Based Security Analysis for Everyone
Starbase: Graph-Based Security Analysis for EveryoneStarbase: Graph-Based Security Analysis for Everyone
Starbase: Graph-Based Security Analysis for EveryoneNeo4j
 
Scrum Process Overview
Scrum Process OverviewScrum Process Overview
Scrum Process OverviewPaul Nguyen
 

Was ist angesagt? (20)

Working With Big Data
Working With Big DataWorking With Big Data
Working With Big Data
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ Cisco
 
User Story Workshop
User Story WorkshopUser Story Workshop
User Story Workshop
 
Cynefin sensemaking framework and usage examples
Cynefin sensemaking framework and usage examplesCynefin sensemaking framework and usage examples
Cynefin sensemaking framework and usage examples
 
Agile effort estimation
Agile effort estimation Agile effort estimation
Agile effort estimation
 
Scaled Agile Framework (SAFe) in the Trenches
Scaled Agile Framework (SAFe) in the TrenchesScaled Agile Framework (SAFe) in the Trenches
Scaled Agile Framework (SAFe) in the Trenches
 
Scaling Agile | Spotify
Scaling Agile | SpotifyScaling Agile | Spotify
Scaling Agile | Spotify
 
Why jira
Why jiraWhy jira
Why jira
 
Cloud security
Cloud securityCloud security
Cloud security
 
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
 
Cynefin - A Framework for Leaders in an Ever-Changing World
Cynefin - A Framework for Leaders in an Ever-Changing WorldCynefin - A Framework for Leaders in an Ever-Changing World
Cynefin - A Framework for Leaders in an Ever-Changing World
 
Scrum Process
Scrum ProcessScrum Process
Scrum Process
 
Use of Jira Confluence as Project Management Tool
Use of Jira Confluence as Project Management ToolUse of Jira Confluence as Project Management Tool
Use of Jira Confluence as Project Management Tool
 
Doing hard things - ALX Culture Deck
Doing hard things - ALX Culture DeckDoing hard things - ALX Culture Deck
Doing hard things - ALX Culture Deck
 
Jira training
Jira trainingJira training
Jira training
 
Akamai as Code
Akamai as CodeAkamai as Code
Akamai as Code
 
Heart of Agile: What is Agile?
Heart of Agile: What is Agile?Heart of Agile: What is Agile?
Heart of Agile: What is Agile?
 
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...
Reinforcement Learning In AI Powerpoint Presentation Slide Templates Complete...
 
Starbase: Graph-Based Security Analysis for Everyone
Starbase: Graph-Based Security Analysis for EveryoneStarbase: Graph-Based Security Analysis for Everyone
Starbase: Graph-Based Security Analysis for Everyone
 
Scrum Process Overview
Scrum Process OverviewScrum Process Overview
Scrum Process Overview
 

Ähnlich wie Netflix SIRT - Culture and Tech -Trainman

Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonPatricia M Watson
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMicrosoft India
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 

Ähnlich wie Netflix SIRT - Culture and Tech -Trainman (20)

Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-book
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 

Kürzlich hochgeladen

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Netflix SIRT - Culture and Tech -Trainman

  • 1. Security Intelligence and Response Team @maestretti jobs.netflix.com/teams/security
  • 3. CULTURE FnR Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation…
  • 4. CULTURE CONTEXT Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation… FEMA Incident Command System - https://training.fema.gov/
  • 6. https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15 PRODUCT CI/CD TECH STACK ‘Baking’ Virtual Machine images, called Amazon Machine Images (AMIs), from source (instead of configuring servers on the fly as you would with Chef/Puppet) provides a strong baseline for forensics. Any changes to be made to a server (instance), are made in code, checked into source control, and built into a new AMI - then new servers (instances) are deployed from this new AMI. Containers deploy the same way.
  • 7. https://www.spinnaker.io/ PRODUCT MICROSERVICES Deploying multiple copies of the same AMI not only scales load, but creates a peer group to compare against, allowing us to surface suspicious differences in our fleet. https://github.com/Netflix-Skunkworks/diffy
  • 8. CORPORATE LISA Our corporate model relies heavily on SaaS and the services we do run are launched in our cloud the same way as our product. We isolate and devalue our user endpoints, then seek to protect our core assets in the cloud. No lateral network access (LISA), no Active Directory, no network shares (GDrive). https://www.slideshare.net/BryanZimmer/location-independent-security-approach-lisa
  • 9. CORPORATE SCOPE Identity is our perimeter. We seek to control access to our cloud resources through Single Sign On and User Behavior Analytics. We make access decisions based on strong identity and device health checks. https://github.com/Netflix-Skunkworks/stethoscope-app
  • 10. Technology and Culture are formative. Our technology stack supports new approaches to security problems. We try to solve the easy problem, instead of the hard one. Our culture enables smart risk taking and aligns incentives to produce positive outcomes. SUMMARY
  • 11.
  • 12. Trainman - Learnings from a detection platform Security Data Science Colloquium - 06/11/2018 Siamac Mirzaie, Science & Analytics
  • 15. 40%
  • 17. 460%
  • 19. $ 8B
  • 20.
  • 21. Share learnings for better collaboration
  • 22.
  • 23. Stack
  • 24. Visualization There is more to it than just detection Ingestion Detection Post-Processing
  • 25.
  • 26.
  • 28. “Can you folks do some machine learning on my app’s data?”
  • 29. Three components to a viable use case Business impact Audit log data Analytically tractable
  • 30. “The thing is, we don’t have past examples of malicious behavior”
  • 31. Compensating for the lack of ground truth Security analyst feedback Red team testing
  • 32. “Wait, why was this categorized as abnormal?”
  • 33. Making an output explainable Data enrichment Algorithms transparency Decomposable ranking of anomalies
  • 34. “Also, some people always use this resource, others don’t”
  • 35. Working around data sparsity More complex feature engineering Uncovering entity personas Picking the right model
  • 36. “This is a mathematical anomaly, not a business one”
  • 38. “This used to be an anomaly… but not anymore”
  • 39. Keeping up with behavioral drift Dynamic models/thresholds
  • 40. “That finally looks good. Can we make it faster?”
  • 42. “We have a new use case, can you build another detector?”
  • 43. Handling use case quantity and variety Repeat Identify use case categories Pre-implemented functionality
  • 46. CULTURE Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization. Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation… Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation... Full Cycle Developers https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
  • 47. CULTURE MEMO - 1 Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization.
  • 49. Mary Landesman - Threat Intelligence https://www.linkedin.com/in/marylandesman/ Forest Monsen - SIRT Security Engineer https://www.linkedin.com/in/forestm/ Steve Zenone - SIRT Security Engineer https://www.linkedin.com/in/zenone/ BROCADE Alex Maestretti - SIRT Manager https://www.linkedin.com/in/maestretti/ Swathi Joshi - TPM Response https://www.linkedin.com/in/joshiswathi/ Kevin Glisson - SIRT Security Engineer https://www.linkedin.com/in/joshiswathi/