Back To Schedule
Thursday, September 18 • 1:00pm - 1:45pm
Project Monterey or How I Learned to Stop Worrying and Love the Cloud

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

At Netflix developers deploy code hundreds of times a day. Each code push could be a production canary taking only a percentage of the total requests or a test determining which new feature is improving customer experience the best. The large number of applications along with multiple concurrent code bases creates an environment that is impractical for manual security testing. This presentation will outline and demo Project Monterey as one of many solutions that the Netflix Cloud Security Team has been developing to secure Netflix’s large cloud deployment.

Monterey’s main goal is to automate as much security testing as possible. It provides a framework for deploying and running traditional tools in the cloud. Taking industry standard tools such as the OWASP Zap web application scanner, NMAP, nessus, etc. and allowing them to be run in a large distributed and scalable manner. By providing a plugin interface Monterey allows security professionals to create and integrate their own tools with ease. Monterey also enables tools to be chained together; with output of one tool acting as the input of the other.

An important part of Monterey’s automation is the capability to respond to the dynamic nature of Netflix’s deployment process and environment. This means automatically detecting new applications or new code pushes as they happen and detecting services that are newly exposed to the internet.

Prior work in this area includes projects such as minion and graudit.

This talk will include a demo of Monterey itself, cover current use cases that Netflix has leveraged, and propose future expansion ideas, including open sourcing the project.

avatar for Kevin Glisson

Kevin Glisson

Senior Cloud Security Engineer, Netflix
When Kevin Glisson is not playing with security automation, new languages and python libraries he is an avid mountain biker and backpacker enjoying all parts of the Sierra's. Kevin is currently a Security Engineer at Netflix writing tools to help streamline security operations... Read More →

Thursday September 18, 2014 1:00pm - 1:45pm MDT
Colorado Ballroom E [Defenders] Denver Marriott City Center