Hacker News new | past | comments | ask | show | jobs | submit login
Introducing FIDO: Automated Security Incident Response (netflix.com)
72 points by akerl_ on May 4, 2015 | hide | past | favorite | 16 comments



Anyone else notice the source they provide seems a bit light on functional code in multiple areas? Lots of stubs, empty methods, commented-out blocks and such throughout.

Did they neuter it by stripping out core functionality prior to releasing as open source? Sort of disappointing if so.

Almost seems useless in its current state given the degree of missing code (caveat: I have not run it yet, only read through the code in the GitHub repo).


Looking at it deeper I notice the scoring system is less advanced than I would have thought coming from a Netflix-type organization. Etsy released a tool a while back for general anomaly detection that used much more advanced statistical analysis. Would have loved to see more of that in here.


Anyone else surprised to see that this is a C# application? Anyone know if how much C# development happens at Netflix?


Up until last year, Netflix was using Silverlight for their player. They used to trot out on Microsoft dev conference stages and talk up IIS media streaming capabilities every now and then. For a while, it seemed like every feature microsoft announced for silverlight was basically aimed at Netflix... so not that surprising they have C# talent on staff?


Looks like it is the only C# project in their github: https://github.com/Netflix



Maybe if you like watching car crashes.


My understanding is this was developed internally inside their security team, so it likely isn't a reflection of their standard development process.

I'm glad to see this become open source. I became aware of this when they integrated with my API a few months ago [1].

https://github.com/Netflix/Fido/blob/master/Main/Detectors/D...


Is this intended to compliment or replace things like alienvault/snort? Can it handle raw nix logs? Logstash? Windows events? It seems like from the post some kind of third party connection is required (LANDesk?), but I may not be reading right.

At any rate, thanks as always for sharing :)


It doesn't seem like it replaces Snort, which is an intrusion prevention system. It's more akin to AlienVault, which is a SIEM. Netflix shies away from the term SIEM. They call this an incident response software. I'm reading through it trying to figure out how it's different from a SIEM, but there's not a lot of technical details.


So akin to snorby mixed with Ossec active-response? Should be interesting to see if this gets picked up in an OS like Security Onion.

Also, it appears to use snort.



I love the Windows ME comment


So NetFlix spent four years developing automated trouble ticketing? I wonder if they evaluated the dozens of existing products that do this already?


It's not trouble ticketing. It's an aggregator of threat analysis responses from multiple sources that they use in the SOC to monitor for security threats and incursions.

Is there already an open source product that does that? That would be interesting to know about since I work in that space.


Oh, so glad they gave the nod to the FIDO Alliance in passing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: