Netflix Open Sources Tools Used to Monitor Security Threats

Add Your Comments

Netflix has open-sourced three tools it uses to internally monitor threats. Scumblr, sketchy, and Workflowable are available under open-source licenses from Github.

Scumblr is a Ruby web application that uses site-specific “Search Provider” plugins to enable scheduled or manual searches.  Netflix uses it to find tips about attacks or other malicious activities on social media sites, forums, or wherever hackers might brag about their attempts.

Workflowable is a Ruby gem for managing search results, like those generated by Scumblr, which is what Netflix built it for. Its plug-in architecture allows for custom actions to be automated, according to Netflix.

Sketchy is a JavaScript tool which captures screenshots and text from a URL, which as Netflix uses it is provided by Scumblr.  Sketchy also works with sites and images which are otherwise difficult to capture correctly, such as AJAX-heavy sites.

“One of the features we wanted to see in Scumblr was the ability to collect screenshots and text content from potentially malicious sites – this allows security analysts to preview Scumblr results without the risk of visiting the site directly,” wrote Andy Hoernecke and Scott Behrens of Netflix Cloud Security Team.

Netflix, which continues its international expansion by launching in France this fall, also open-sourced its Security Monkey AWS risk monitoring tool in July, and is now up to 42 programs on its Github page.

Its sharing ways also led Netflix to reveal details about its work on neural networks in February.

Add Your Comments

  • (will not be published)