Netflix have released Stethoscope, an open source tool they say will give users specific recommendations for securing their computers, smartphones and tablets.
In announcing Stethoscope, Netflix have stated that their User Focused Security approach acknowledges that "attacks against corporate users (e.g., phishing, malware) are the primary information security. It’s also reflective of our philosophy that tools are only effective when they consider the true context of people’s work".
Stethoscope is essentially a web application and it will collect information for "a given user’s devices and gives them clear and specific recommendations for securing their systems".
"If we provide employees with focused, actionable information and low-friction tools, we believe they can get their devices into a more secure state without heavy-handed policy enforcement." said Netflix in a statement.
Below are some of the features as noted by Netflix.
Education, Not Automatic Enforcement
It’s important to us that people understand what simple steps they can take to improve the security state of their devices, because personal devices–which we don’t control–may very well be the first target of attack for phishing, malware, and other exploits. If they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix.
We also want people to be comfortable making these changes themselves, on their own time, without having to go to the help desk.
To make this self service, and so people can understand the reasoning behind our suggestions, we show additional information about each suggestion, as well as a link to detailed instructions.
We currently track the following device configurations, which we call “practices”:
- Disk encryption
- Automatic updates
- Up-to-date OS/software
- Screen lock
- Not jailbroken/rooted
- Security software stack (e.g., Carbon Black)
Each practice is given a rating that determines how important it is. The more important practices will sort to the top, with critical practices highlighted in red and collected in a top banner.
Implementation And Data Sources
Stethoscope is powered by a Python backend and a React front end. The web application doesn’t have its own data store, but directly queries various data sources for device information, then merges that data for display.
The various data sources are implemented as plugins, so it should be relatively straightforward to add new inputs. We currently support LANDESK (for Windows), JAMF (for Macs), and Google MDM (for mobile devices).
In addition to device status, Stethoscope provides an interface for viewing and responding to notifications.
For instance, if you have a system that tracks suspicious application accesses, you could choose to present a notification like this:
We recommend that you only use these alerts when there is an action for somebody to take–alerts without corresponding actions are often confusing and counterproductive.
The Stethoscope user interface is responsive, so it’s easy to use on mobile devices. This is especially important for notifications, which should be easy for people to address even if they aren’t at their desk.