Stethoscope is an opensource web application security tool by netflix which stresses on User Focussed Security and various innovative features
Stethoscope is a web-based tool that gives Netflix employees a view into the security state of their devices, with specific recommendations regarding disk encryption, firewalls, and other device settings. The website, in conjunction with email alerts, gives Netflix employees a straightforward way to see what actions they should take to remain safe.
Users cause most of the security incidents like data breaches and mass cyber attacks. Usually, big corporates and financial establishments will have a lot of security policies and tools which are enforced on the users and controlled centrally. But User Focused Security is formulated to change this approach. This approach of user-focused security largely depends on the direct action by the users to thwart cyber threats instead of a single point controlled security system. It relies on the user's knowledge and awareness about the possible security issues they might come across in their day to day work. This is achieved by informing the user about the potential security issues on the go as they continue doing their daily work. It is designed considering the true context of people’s work.
Stethoscope tool continuously monitors user activities and gives suggestions to users directly. These include a short description of the security threat so that the user can understand why it is being suggested and the importance of it. Below is an example of one such suggestion. It tells about the importance of updating an Android device to the latest available software version.
The following device configurations are monitored by the Stethoscope security tool and these are known as 'practices'
Stethoscope security tool is powered by a Python back-end and a React front end. It doesn't have its own data storage feature, instead, it directly fetches device information by querying various data sources and then merges that data for the final output. The data sources here are implemented as plugins which can be added easily. Currently, the following are supported- LANDESK (for Windows), JAMF (for Macs), and Google MDM (for mobile devices).
Stethoscope security Tool provides a dashboard for notifications and alerts. One can directly respond to notifications from there. An example notification is shown below.
Stethoscope is an innovative approach to security monitoring. It relies on the end users and their awareness to fight security threats. A normal SIEM implementation or an IDS/IPS has centralized consoles from where every security events and incidents are monitored and handled. The end user has little or no roles to play. Other than staying vigilant maximum he can do is to follow the instructions sent by the IT department in case of a security incident. Stethoscope security Tool works upon the motto of "Prevention Is Better Than Cure". Moreover, Stethoscope Security tool has a mobile friendly interface and this further makes the process of notifying users easy even if they are not at their desk.
Stethoscope Tool is available on Netflix Github.
User Focused Security
Users cause most of the security incidents like data breaches and mass cyber attacks. Usually, big corporates and financial establishments will have a lot of security policies and tools which are enforced on the users and controlled centrally. But User Focused Security is formulated to change this approach. This approach of user-focused security largely depends on the direct action by the users to thwart cyber threats instead of a single point controlled security system. It relies on the user's knowledge and awareness about the possible security issues they might come across in their day to day work. This is achieved by informing the user about the potential security issues on the go as they continue doing their daily work. It is designed considering the true context of people’s work.
Image Credits: netflix.com |
How Stethoscope implements User Focused Security
Stethoscope tool continuously monitors user activities and gives suggestions to users directly. These include a short description of the security threat so that the user can understand why it is being suggested and the importance of it. Below is an example of one such suggestion. It tells about the importance of updating an Android device to the latest available software version.
Image Credits : netflix.com |
What Security Elements are monitored?
The following device configurations are monitored by the Stethoscope security tool and these are known as 'practices'
- Disk encryption
- Firewall
- Automatic updates
- Up-to-date OS/software
- Screen lock
- Not jailbroken/rooted
- Security software stack (e.g., Carbon Black)
Implementation of Stethoscope security Tool
Image Credits: Netflix.com |
Notification option by Stethoscope security Tool
Stethoscope security Tool provides a dashboard for notifications and alerts. One can directly respond to notifications from there. An example notification is shown below.
Conclusion
Stethoscope is an innovative approach to security monitoring. It relies on the end users and their awareness to fight security threats. A normal SIEM implementation or an IDS/IPS has centralized consoles from where every security events and incidents are monitored and handled. The end user has little or no roles to play. Other than staying vigilant maximum he can do is to follow the instructions sent by the IT department in case of a security incident. Stethoscope security Tool works upon the motto of "Prevention Is Better Than Cure". Moreover, Stethoscope Security tool has a mobile friendly interface and this further makes the process of notifying users easy even if they are not at their desk.
Stethoscope Tool is available on Netflix Github.
COMMENTS