Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 18 • 1:00pm - 1:45pm
Project Monterey or How I Learned to Stop Worrying and Love the Cloud

Sign up or log in to save this to your schedule and see who's attending!

At Netflix developers deploy code hundreds of times a day. Each code push could be a production canary taking only a percentage of the total requests or a test determining which new feature is improving customer experience the best. The large number of applications along with multiple concurrent code bases creates an environment that is impractical for manual security testing. This presentation will outline and demo Project Monterey as one of many solutions that the Netflix Cloud Security Team has been developing to secure Netflix’s large cloud deployment.

Monterey’s main goal is to automate as much security testing as possible. It provides a framework for deploying and running traditional tools in the cloud. Taking industry standard tools such as the OWASP Zap web application scanner, NMAP, nessus, etc. and allowing them to be run in a large distributed and scalable manner. By providing a plugin interface Monterey allows security professionals to create and integrate their own tools with ease. Monterey also enables tools to be chained together; with output of one tool acting as the input of the other.

An important part of Monterey’s automation is the capability to respond to the dynamic nature of Netflix’s deployment process and environment. This means automatically detecting new applications or new code pushes as they happen and detecting services that are newly exposed to the internet.

Prior work in this area includes projects such as minion and graudit.

This talk will include a demo of Monterey itself, cover current use cases that Netflix has leveraged, and propose future expansion ideas, including open sourcing the project.

Speakers
avatar for Kevin Glisson

Kevin Glisson

Senior Cloud Security Engineer, Netflix
When Kevin Glisson is not playing with security automation, new languages and python libraries he is an avid mountain biker and backpacker enjoying all parts of the Sierra's. Kevin is currently a Security Engineer at Netflix writing tools to help streamline security operations and make the cloud more approachable and secure. Kevin has previously worked on the Cyber Intelligence and Incident Response teams at J.P. Morgan Chase, working to... Read More →



Thursday September 18, 2014 1:00pm - 1:45pm
Colorado Ballroom E [Defenders] Denver Marriott City Center