iQoncept - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What are the benefits of Netflix's threat monitoring tools?

Netflix released its own threat monitoring tools: Scumblr, Sketchy and Workflowable. Expert Joseph Granneman looks at these tools and their benefits to enterprises.

I heard that Netflix released three of its own threat monitoring tools designed to detect emerging security issues on the Web. What do these tools do and can they benefit an enterprise security program? Should my security team be implementing something similar?

Netflix forged a trail for others to follow when it moved to streaming movies across the Internet. The most amazing part of this transition was the technical architecture that Netflix developed as the backbone of the service. It has used a combination of open source operating systems, such as FreeBSD, and cloud services on Amazon to provide the high-performance scaling that a video streaming service would require. The massive scale of the Netflix service has forced the creation of custom technical and security solutions, which it shares with the rest of the world through open source.

Netflix has recently released three new open source security tools for threat monitoring that organizations may want to evaluate. These tools are focused on providing threat intelligence through monitoring social media, search engines and other external Web sources. The primary tool is called Scumblr, which has APIs available for searching Google, Bing, eBay, Pastebin and Twitter, among others. Scumblr can be configured to search for important clues to threat activity, such as compromised credentials, public discussions of identified vulnerabilities and hacking activity. This type of information is crucial for information security professionals and could help prevent damaging attacks before they occur.

The other open source tools released by Netflix -- Sketchy and Workflowable -- could be used independently, but are designed to increase the capabilities of Scumblr. Sketchy was designed to take screenshots of websites once they are identified by Scumblr. It uses a headless WebKit testing tool, PhantomJS, to take screenshots of both static and dynamic webpages. Workflowable is a Ruby gem that can be added to Ruby on Rails as a workflow manager to take other predefined actions after Scumblr has discovered the content. These actions could include administrator notification or other, more direct responses.

Netflix is a media company that has also become an open source technology leader. These three open source security tools are just the tip of the iceberg of the available open source tools that Netflix has shared with the community. Scumblr, Sketchy and Workflowable are great tools that security departments with limited budgets can implement to gain valuable external threat intelligence. This is the open source community model at its best.

Ask the Expert!
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

This was last published in March 2015

Dig Deeper on Open source security tools and software

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Would you use Netflix's open source security tools in your enterprise?
I would NOT recommend using "security" tools by Netflix. Until Netflix can guarantee me that they are able to keep my account from being accessed by IP's in Brazil (that I discovered and informed them of) --Netflix is not able to tout any security protocols.  They need to address their own vulnerabilities and system weaknesses that are compromising their customers accounts.  
External threat intelligence can be really expensive, and while open source security in general is hit-or-miss, using open intelligence tools makes much more sense.