SlideShare a Scribd company logo

Netflix SIRT - Culture and Tech -Trainman

•
•
A
Alex Maestretti

How Netflix approaches incident response and the Trainman User Behavior Analytics platform.

Technology
1 of 49
Download to read offline
Security Intelligence and Response Team @maestretti jobs.netflix.com/teams/security
SIRT TECH & CULTURE CULTURE DETECTION Technology Culture medium.com/netflix-techblog/ jobs.netflix.com/culture
CULTURE FnR Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation…
CULTURE CONTEXT Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation… FEMA Incident Command System - https://training.fema.gov/
CULTURE FULL CYCLE DEVELOPERS https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15 PRODUCT CI/CD TECH STACK ‘Baking’ Virtual Machine images, called Amazon Machine Images (AMIs), from source (instead of configuring servers on the fly as you would with Chef/Puppet) provides a strong baseline for forensics. Any changes to be made to a server (instance), are made in code, checked into source control, and built into a new AMI - then new servers (instances) are deployed from this new AMI. Containers deploy the same way.
https://www.spinnaker.io/ PRODUCT MICROSERVICES Deploying multiple copies of the same AMI not only scales load, but creates a peer group to compare against, allowing us to surface suspicious differences in our fleet. https://github.com/Netflix-Skunkworks/diffy
CORPORATE LISA Our corporate model relies heavily on SaaS and the services we do run are launched in our cloud the same way as our product. We isolate and devalue our user endpoints, then seek to protect our core assets in the cloud. No lateral network access (LISA), no Active Directory, no network shares (GDrive). https://www.slideshare.net/BryanZimmer/location-independent-security-approach-lisa
CORPORATE SCOPE Identity is our perimeter. We seek to control access to our cloud resources through Single Sign On and User Behavior Analytics. We make access decisions based on strong identity and device health checks. https://github.com/Netflix-Skunkworks/stethoscope-app
Technology and Culture are formative. Our technology stack supports new approaches to security problems. We try to solve the easy problem, instead of the hard one. Our culture enables smart risk taking and aligns incentives to produce positive outcomes. SUMMARY
Trainman - Learnings from a detection platform Security Data Science Colloquium - 06/11/2018 Siamac Mirzaie, Science & Analytics
Motivation
Corporate Apps 2-year Growth
40%
Corporate App Users 2-year Growth
460%
2018 Content Investment
$ 8B
Share learnings for better collaboration
Stack
Visualization There is more to it than just detection Ingestion Detection Post-Processing
Learnings
“Can you folks do some machine learning on my app’s data?”
Three components to a viable use case Business impact Audit log data Analytically tractable
“The thing is, we don’t have past examples of malicious behavior”
Compensating for the lack of ground truth Security analyst feedback Red team testing
“Wait, why was this categorized as abnormal?”
Making an output explainable Data enrichment Algorithms transparency Decomposable ranking of anomalies
“Also, some people always use this resource, others don’t”
Working around data sparsity More complex feature engineering Uncovering entity personas Picking the right model
“This is a mathematical anomaly, not a business one”
Curbing false positives Ensemble approach Post-processing of anomalies
“This used to be an anomaly… but not anymore”
Keeping up with behavioral drift Dynamic models/thresholds
“That finally looks good. Can we make it faster?”
Shrinking time-to-detection Stream processing Combination of simpler anomaly detectors
“We have a new use case, can you build another detector?”
Handling use case quantity and variety Repeat Identify use case categories Pre-implemented functionality
Thank You.
Backup Slides.
CULTURE Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization. Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation… Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation... Full Cycle Developers https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
CULTURE MEMO - 1 Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization.
SECURITY LEARNING ORGANIZATION
Mary Landesman - Threat Intelligence https://www.linkedin.com/in/marylandesman/ Forest Monsen - SIRT Security Engineer https://www.linkedin.com/in/forestm/ Steve Zenone - SIRT Security Engineer https://www.linkedin.com/in/zenone/ BROCADE Alex Maestretti - SIRT Manager https://www.linkedin.com/in/maestretti/ Swathi Joshi - TPM Response https://www.linkedin.com/in/joshiswathi/ Kevin Glisson - SIRT Security Engineer https://www.linkedin.com/in/joshiswathi/

Recommended

Presentation Design Secrets
Presentation Design SecretsPresentation Design Secrets
Presentation Design SecretsAkash Karia
 
Disciplined Entrepreneurship: Overview | Who is your customer?
Disciplined Entrepreneurship: Overview | Who is your customer?Disciplined Entrepreneurship: Overview | Who is your customer?
Disciplined Entrepreneurship: Overview | Who is your customer?Elaine Chen
 
Torry Harris API and Application Integration Governance Framework
Torry Harris API and Application Integration Governance FrameworkTorry Harris API and Application Integration Governance Framework
Torry Harris API and Application Integration Governance FrameworkShubaS4
 
User behavior analytics
User behavior analyticsUser behavior analytics
User behavior analyticsShankar Vedaraman
 
Y Combinator Pitch Deck designed by Zlides
Y Combinator Pitch Deck designed by ZlidesY Combinator Pitch Deck designed by Zlides
Y Combinator Pitch Deck designed by ZlidesZlides
 
SITS15: Swarming - A radical new way to deliver service
SITS15: Swarming - A radical new way to deliver serviceSITS15: Swarming - A radical new way to deliver service
SITS15: Swarming - A radical new way to deliver serviceJon Stevens-Hall
 
The Principles of product development flow - a summary
The Principles of product development flow - a summary The Principles of product development flow - a summary
The Principles of product development flow - a summary Sebastian Kamilli
 
Crystal - Engenharia de Software
Crystal - Engenharia de SoftwareCrystal - Engenharia de Software
Crystal - Engenharia de SoftwareFelipe Bastos
 

Recommended

Presentation Design Secrets
Presentation Design SecretsPresentation Design Secrets
Presentation Design SecretsAkash Karia
 
Disciplined Entrepreneurship: Overview | Who is your customer?
Disciplined Entrepreneurship: Overview | Who is your customer?Disciplined Entrepreneurship: Overview | Who is your customer?
Disciplined Entrepreneurship: Overview | Who is your customer?Elaine Chen
 
Torry Harris API and Application Integration Governance Framework
Torry Harris API and Application Integration Governance FrameworkTorry Harris API and Application Integration Governance Framework
Torry Harris API and Application Integration Governance FrameworkShubaS4
 
User behavior analytics
User behavior analyticsUser behavior analytics
User behavior analyticsShankar Vedaraman
 
Y Combinator Pitch Deck designed by Zlides
Y Combinator Pitch Deck designed by ZlidesY Combinator Pitch Deck designed by Zlides
Y Combinator Pitch Deck designed by ZlidesZlides
 
SITS15: Swarming - A radical new way to deliver service
SITS15: Swarming - A radical new way to deliver serviceSITS15: Swarming - A radical new way to deliver service
SITS15: Swarming - A radical new way to deliver serviceJon Stevens-Hall
 
The Principles of product development flow - a summary
The Principles of product development flow - a summary The Principles of product development flow - a summary
The Principles of product development flow - a summary Sebastian Kamilli
 
Crystal - Engenharia de Software
Crystal - Engenharia de SoftwareCrystal - Engenharia de Software
Crystal - Engenharia de SoftwareFelipe Bastos
 
Reddit Pitch Deck
Reddit Pitch DeckReddit Pitch Deck
Reddit Pitch Deckstartuphome
 
Product design - Service design - Revolut Case Study + Shareshop
Product design - Service design - Revolut Case Study + ShareshopProduct design - Service design - Revolut Case Study + Shareshop
Product design - Service design - Revolut Case Study + ShareshopTadej Mursic
 
How to create SLIDES that rock (Presentation Tips)
How to create SLIDES that rock (Presentation Tips)How to create SLIDES that rock (Presentation Tips)
How to create SLIDES that rock (Presentation Tips)Amber Bhaumik
 
Robinhood
RobinhoodRobinhood
RobinhoodSuraj Rajan
 
Introduction to JIRA
Introduction to JIRAIntroduction to JIRA
Introduction to JIRARozi khan
 
Exploring the Deep Dream Generator (an Art-Making Generative AI)
Exploring the Deep Dream Generator (an Art-Making Generative AI) Exploring the Deep Dream Generator (an Art-Making Generative AI)
Exploring the Deep Dream Generator (an Art-Making Generative AI) Shalin Hai-Jew
 
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, AustinJoe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin500 Startups
 
Amazon Product Manager Interview Cheat Sheet
Amazon Product Manager Interview Cheat SheetAmazon Product Manager Interview Cheat Sheet
Amazon Product Manager Interview Cheat SheetLewis Lin 🦊
 
New is Easy but Right is Hard: Hacking Product Management
New is Easy but Right is Hard: Hacking Product ManagementNew is Easy but Right is Hard: Hacking Product Management
New is Easy but Right is Hard: Hacking Product ManagementBernard Leong
 
Seductive Interactions (Idea 09 Version)
Seductive Interactions (Idea 09 Version)Seductive Interactions (Idea 09 Version)
Seductive Interactions (Idea 09 Version)Stephen Anderson
 
Visual and Creative Thinking:What We Learned From Peter Pan and Willy Wonka
Visual and Creative Thinking:What We Learned From Peter Pan and Willy WonkaVisual and Creative Thinking:What We Learned From Peter Pan and Willy Wonka
Visual and Creative Thinking:What We Learned From Peter Pan and Willy WonkaKelsey Ruger
 
How to Shift to Product-Led Growth
How to Shift to Product-Led GrowthHow to Shift to Product-Led Growth
How to Shift to Product-Led GrowthProductPlan
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av softwarejunseok seo
 
Innovation at 50x 031616
Innovation at 50x 031616Innovation at 50x 031616
Innovation at 50x 031616Stanford University
 
Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Thoughtworks
 
Introduction to scaled agile framework
Introduction to scaled agile frameworkIntroduction to scaled agile framework
Introduction to scaled agile frameworkSrinath Ramakrishnan
 
WeWork pitch deck
WeWork pitch deckWeWork pitch deck
WeWork pitch deckTech in Asia
 
Concord Business Plans - Pitch Deck Examples
Concord Business Plans - Pitch Deck ExamplesConcord Business Plans - Pitch Deck Examples
Concord Business Plans - Pitch Deck ExamplesWanda Halpert
 
Talent Bin
Talent BinTalent Bin
Talent BinRyan Gum
 
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slides
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slidesInvestor Pitch Deck / Presentation - BradleyBirchall.com's favourite slides
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slidesBradley Birchall
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 

More Related Content

What's hot

Reddit Pitch Deck
Reddit Pitch DeckReddit Pitch Deck
Reddit Pitch Deckstartuphome
 
Product design - Service design - Revolut Case Study + Shareshop
Product design - Service design - Revolut Case Study + ShareshopProduct design - Service design - Revolut Case Study + Shareshop
Product design - Service design - Revolut Case Study + ShareshopTadej Mursic
 
How to create SLIDES that rock (Presentation Tips)
How to create SLIDES that rock (Presentation Tips)How to create SLIDES that rock (Presentation Tips)
How to create SLIDES that rock (Presentation Tips)Amber Bhaumik
 
Introduction to JIRA
Introduction to JIRAIntroduction to JIRA
Introduction to JIRARozi khan
 
Exploring the Deep Dream Generator (an Art-Making Generative AI)
Exploring the Deep Dream Generator (an Art-Making Generative AI) Exploring the Deep Dream Generator (an Art-Making Generative AI)
Exploring the Deep Dream Generator (an Art-Making Generative AI) Shalin Hai-Jew
 
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, AustinJoe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin500 Startups
 
Amazon Product Manager Interview Cheat Sheet
Amazon Product Manager Interview Cheat SheetAmazon Product Manager Interview Cheat Sheet
Amazon Product Manager Interview Cheat SheetLewis Lin 🦊
 
New is Easy but Right is Hard: Hacking Product Management
New is Easy but Right is Hard: Hacking Product ManagementNew is Easy but Right is Hard: Hacking Product Management
New is Easy but Right is Hard: Hacking Product ManagementBernard Leong
 
Seductive Interactions (Idea 09 Version)
Seductive Interactions (Idea 09 Version)Seductive Interactions (Idea 09 Version)
Seductive Interactions (Idea 09 Version)Stephen Anderson
 
Visual and Creative Thinking:What We Learned From Peter Pan and Willy Wonka
Visual and Creative Thinking:What We Learned From Peter Pan and Willy WonkaVisual and Creative Thinking:What We Learned From Peter Pan and Willy Wonka
Visual and Creative Thinking:What We Learned From Peter Pan and Willy WonkaKelsey Ruger
 
How to Shift to Product-Led Growth
How to Shift to Product-Led GrowthHow to Shift to Product-Led Growth
How to Shift to Product-Led GrowthProductPlan
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av softwarejunseok seo
 
Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Thoughtworks
 
Introduction to scaled agile framework
Introduction to scaled agile frameworkIntroduction to scaled agile framework
Introduction to scaled agile frameworkSrinath Ramakrishnan
 
WeWork pitch deck
WeWork pitch deckWeWork pitch deck
WeWork pitch deckTech in Asia
 
Concord Business Plans - Pitch Deck Examples
Concord Business Plans - Pitch Deck ExamplesConcord Business Plans - Pitch Deck Examples
Concord Business Plans - Pitch Deck ExamplesWanda Halpert
 
Talent Bin
Talent BinTalent Bin
Talent BinRyan Gum
 
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slides
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slidesInvestor Pitch Deck / Presentation - BradleyBirchall.com's favourite slides
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slidesBradley Birchall
 

What's hot (20)

Reddit Pitch Deck
Reddit Pitch DeckReddit Pitch Deck
Reddit Pitch Deck
 
Product design - Service design - Revolut Case Study + Shareshop
Product design - Service design - Revolut Case Study + ShareshopProduct design - Service design - Revolut Case Study + Shareshop
Product design - Service design - Revolut Case Study + Shareshop
 
How to create SLIDES that rock (Presentation Tips)
How to create SLIDES that rock (Presentation Tips)How to create SLIDES that rock (Presentation Tips)
How to create SLIDES that rock (Presentation Tips)
 
Robinhood
RobinhoodRobinhood
Robinhood
 
Introduction to JIRA
Introduction to JIRAIntroduction to JIRA
Introduction to JIRA
 
Exploring the Deep Dream Generator (an Art-Making Generative AI)
Exploring the Deep Dream Generator (an Art-Making Generative AI) Exploring the Deep Dream Generator (an Art-Making Generative AI)
Exploring the Deep Dream Generator (an Art-Making Generative AI)
 
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, AustinJoe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin
Joe Zadeh, Airbnb presentation at Lean Startup SXSW, Austin
 
Amazon Product Manager Interview Cheat Sheet
Amazon Product Manager Interview Cheat SheetAmazon Product Manager Interview Cheat Sheet
Amazon Product Manager Interview Cheat Sheet
 
New is Easy but Right is Hard: Hacking Product Management
New is Easy but Right is Hard: Hacking Product ManagementNew is Easy but Right is Hard: Hacking Product Management
New is Easy but Right is Hard: Hacking Product Management
 
Seductive Interactions (Idea 09 Version)
Seductive Interactions (Idea 09 Version)Seductive Interactions (Idea 09 Version)
Seductive Interactions (Idea 09 Version)
 
Visual and Creative Thinking:What We Learned From Peter Pan and Willy Wonka
Visual and Creative Thinking:What We Learned From Peter Pan and Willy WonkaVisual and Creative Thinking:What We Learned From Peter Pan and Willy Wonka
Visual and Creative Thinking:What We Learned From Peter Pan and Willy Wonka
 
How to Shift to Product-Led Growth
How to Shift to Product-Led GrowthHow to Shift to Product-Led Growth
How to Shift to Product-Led Growth
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av software
 
Innovation at 50x 031616
Innovation at 50x 031616Innovation at 50x 031616
Innovation at 50x 031616
 
Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns
 
Introduction to scaled agile framework
Introduction to scaled agile frameworkIntroduction to scaled agile framework
Introduction to scaled agile framework
 
WeWork pitch deck
WeWork pitch deckWeWork pitch deck
WeWork pitch deck
 
Concord Business Plans - Pitch Deck Examples
Concord Business Plans - Pitch Deck ExamplesConcord Business Plans - Pitch Deck Examples
Concord Business Plans - Pitch Deck Examples
 
Talent Bin
Talent BinTalent Bin
Talent Bin
 
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slides
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slidesInvestor Pitch Deck / Presentation - BradleyBirchall.com's favourite slides
Investor Pitch Deck / Presentation - BradleyBirchall.com's favourite slides
 

Similar to Netflix SIRT - Culture and Tech -Trainman

Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonPatricia M Watson
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMicrosoft India
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 

Similar to Netflix SIRT - Culture and Tech -Trainman (20)

Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-book
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 

Recently uploaded

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo GarcĂ­a Lavilla
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Recently uploaded (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

Netflix SIRT - Culture and Tech -Trainman

  • 1. Security Intelligence and Response Team @maestretti jobs.netflix.com/teams/security
  • 3. CULTURE FnR Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation…
  • 4. CULTURE CONTEXT Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation… FEMA Incident Command System - https://training.fema.gov/
  • 6. https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15 PRODUCT CI/CD TECH STACK ‘Baking’ Virtual Machine images, called Amazon Machine Images (AMIs), from source (instead of configuring servers on the fly as you would with Chef/Puppet) provides a strong baseline for forensics. Any changes to be made to a server (instance), are made in code, checked into source control, and built into a new AMI - then new servers (instances) are deployed from this new AMI. Containers deploy the same way.
  • 7. https://www.spinnaker.io/ PRODUCT MICROSERVICES Deploying multiple copies of the same AMI not only scales load, but creates a peer group to compare against, allowing us to surface suspicious differences in our fleet. https://github.com/Netflix-Skunkworks/diffy
  • 8. CORPORATE LISA Our corporate model relies heavily on SaaS and the services we do run are launched in our cloud the same way as our product. We isolate and devalue our user endpoints, then seek to protect our core assets in the cloud. No lateral network access (LISA), no Active Directory, no network shares (GDrive). https://www.slideshare.net/BryanZimmer/location-independent-security-approach-lisa
  • 9. CORPORATE SCOPE Identity is our perimeter. We seek to control access to our cloud resources through Single Sign On and User Behavior Analytics. We make access decisions based on strong identity and device health checks. https://github.com/Netflix-Skunkworks/stethoscope-app
  • 10. Technology and Culture are formative. Our technology stack supports new approaches to security problems. We try to solve the easy problem, instead of the hard one. Our culture enables smart risk taking and aligns incentives to produce positive outcomes. SUMMARY
  • 11.
  • 12. Trainman - Learnings from a detection platform Security Data Science Colloquium - 06/11/2018 Siamac Mirzaie, Science & Analytics
  • 15. 40%
  • 17. 460%
  • 19. $ 8B
  • 20.
  • 21. Share learnings for better collaboration
  • 22.
  • 23. Stack
  • 24. Visualization There is more to it than just detection Ingestion Detection Post-Processing
  • 25.
  • 26.
  • 28. “Can you folks do some machine learning on my app’s data?”
  • 29. Three components to a viable use case Business impact Audit log data Analytically tractable
  • 30. “The thing is, we don’t have past examples of malicious behavior”
  • 31. Compensating for the lack of ground truth Security analyst feedback Red team testing
  • 32. “Wait, why was this categorized as abnormal?”
  • 33. Making an output explainable Data enrichment Algorithms transparency Decomposable ranking of anomalies
  • 34. “Also, some people always use this resource, others don’t”
  • 35. Working around data sparsity More complex feature engineering Uncovering entity personas Picking the right model
  • 36. “This is a mathematical anomaly, not a business one”
  • 38. “This used to be an anomaly… but not anymore”
  • 39. Keeping up with behavioral drift Dynamic models/thresholds
  • 40. “That finally looks good. Can we make it faster?”
  • 42. “We have a new use case, can you build another detector?”
  • 43. Handling use case quantity and variety Repeat Identify use case categories Pre-implemented functionality
  • 46. CULTURE Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization. Freedom and Responsibility Our goal is to inspire people more than manage them. We trust our teams to do what they think is best for Netflix There are a few important exceptions to our anti-rules pro-freedom philosophy. ... keeping our members’ payment information safe, have strict controls around access. Transferring large amounts of cash from our company bank accounts has strict controls. But these are edge cases. In general, freedom and rapid recovery is better than trying to prevent error. We are in a creative business, not a safety-critical business. Our big threat over time is lack of innovation… Context Not Control There are some minor exceptions to “context not control,” such as an urgent situation... Full Cycle Developers https://medium.com/netflix-techblog/full-cycle-developers-at-netflix-a08c31f83249
  • 47. CULTURE MEMO - 1 Netflix Culture Memo - jobs.netflix.com/culture 1. Encourage independent decision-making by employees 2. Share information openly, broadly and deliberately 3. Are extraordinarily candid with each other 4. Keep only our highly effective people 5. Avoid rules Our core philosophy is people over process. More specifically, we have great people working together as a dream team. With this approach, we are a more flexible, fun, stimulating, creative, and successful organization.
  • 49. Mary Landesman - Threat Intelligence https://www.linkedin.com/in/marylandesman/ Forest Monsen - SIRT Security Engineer https://www.linkedin.com/in/forestm/ Steve Zenone - SIRT Security Engineer https://www.linkedin.com/in/zenone/ BROCADE Alex Maestretti - SIRT Manager https://www.linkedin.com/in/maestretti/ Swathi Joshi - TPM Response https://www.linkedin.com/in/joshiswathi/ Kevin Glisson - SIRT Security Engineer https://www.linkedin.com/in/joshiswathi/