Netflix Open Sources Internal Threat Monitoring Tools

alphadogg (971356) writes Netflix has released three internal tools it uses to catch hints on the Web that hackers might target its services. "Many security teams need to stay on the lookout for Internet-based discussions, posts and other bits that may be of impact to the organizations they are protecting," wrote Andy Hoernecke and Scott Behrens of Netflix's Cloud Security Team. One of the tools, called Scumblr, can be used to create custom searches of Google sites, Twitter and Facebook for users or keywords.

Re:

[davester666]

Unfortunately, the NSA is the threat, and there is nobody monitoring them.

I wonder why they released these.

[haruchai]

Does Netflix have a tradition of free / open source software contribs?

Re: I wonder why they released these.

[bsDaemon]

Their github account has 3 pages worth of stuff and they put a lot back into FreeBSD, too.

Re:

[haruchai]

Good to know; nice to see more companies giving back to the opensource community.

I wonder why they released these.

[Anonymous Coward]

Yes. They just keep releasing one neat tool after the other as open source:
https://github.com/Netflix/

Re:I wonder why they released these.

[CrankyFool]

I work at Netflix (and manage a software development group).

The general approach to OSS can generally be summarized as "if it's not core product (algorithms, recommendations, etc), why haven't you open-sourced it yet?"

It's one of the (very many) nice parts of the job.

Re:

[haruchai]

That's great to hear; wish my own company thought that way. We have talented developers but limit them to writing mostly reporting, integration & user interface code and spend megabucks buying commercial software when solid, stable free / open alternatives already exist.

Re:

[laffer1]

For all you know, he's on the team that's trying to stop you from using chromium on netflix.

The biggest risk to Netflix

[gelfling]

Is Netflix, Amazon AWS and Xbox. Taken together any fucking thing you can imagine will or won't happen.

Netflix in news

[Comen]

Why is it this is the only article I can really find online about Netflix petitioning the FCC to now allow the Comcast TWC merger?

http://www.engadget.com/2014/08/26/netflix-fcc-petition-time-warner-cable-comcast/

Re:

[Guspaz]

Huh? You've linked to an article of Netflix asking for the merger to be blocked.

The three tools (because TFA article is, well...)

[xxxJonBoyxxx]

#1: Scumblr: Ruby-based, web-configured application that allows searching the Internet for sites and content of interest. Includes libraries for sites like Google, Facebook, and Twitter.
#2: Workflowable: Ruby gem that routes different kinds of detections from Scumblr to specific processes.
#3: Sketchy: takes screenshots of web finds for Scumblr.

(I might be a little off, but the Karma gods will surely reward me.)

Only problem is the name

[mattr]

Honestly they couldn't change the name before open sourcing it?
I cannot see any company saying oh yeah let's use scumblr. And it might even be a good tool, who knows.
I wouldn't even want to propose it, and my customer actually uses similar systems.

Re:

[ShaunC]

So fork it and rename it to CorporateGoodwillProtector, then suggest that to your customer.

Re:Only problem is the name

[CrankyFool]

It's an artifact of how Netflix does OSS: If you're the engineer who open-sources a product, you're the person who names the product. Sometimes that works better than others :)

Re:

[omems]

As an end-user and not a marketing weasel, I value non-marketing speak. I especially roll my eyes when companies trademark stupid names and then insist on including the symbol in every instance. (thankfully you won't see that here because I am unable to get this commenting system to reproduce it)