Netflix open-sources security incident management tool
- 05 May, 2015 13:47
Netflix has released under an open-source license an internal tool it developed to manage a deluge of security alerts and incidents.
Called FIDO (Fully Integrated Defense Operation), the tool is designed to research, score and categorize threats in order to speed up handling of the most urgent ones.
Netflix started developing FIDO four years ago after finding it took from a few days to more than a week to resolve issues that were entered into its help-desk ticketing system, the company wrote in a blog post Monday.
It was a largely manual and labor intensive process. "As attacks increase in number and diversity, there is an increasing array of detection systems deployed and generating even more alerts for security teams to investigate," it said.
Netflix has often opted to built its own tools to deal with specific problems with its massive delivery of video across the web. FIDO potentially competes with security information and event management systems on the market.
FIDO collects incident information from firewalls, intrusion detection and anti-malware systems. It figures out what kind of system is being attacked and checks external threat feeds to put the incident into more context.
It then scores the incident to gauge how severe it may be. It can be configured to take automatic actions, such as disabling an account or a network port, or send an alert that can be evaluated by an engineer.
FIDO is available on GitHub.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk