Netflix has created a piece of software that hopes to make employees more aware of security.
The open source software is known as Stethoscope and uses what Netflix calls a User Focused Security approach. Perhaps it’s best if the firm explains that turn of phrase.
“The notion of “User Focused Security” acknowledges that attacks against corporate users (e.g., phishing, malware) are the primary mechanism leading to security incidents and data breaches, and it’s one of the core principles driving our approach to corporate information security,” the firm explains in a blog post.
So simply put Netflix wants to lessen the amount of breaches that happen at a user level because they aren’t installing critical updates on their devices.
The trick with Stethoscope however is that the software seeks to educate rather than enforce.
To do that the software suggests that a user takes specific actions so that the firm is more secure. More than that Stethoscope also explains why an action needs to be taken and how to do it.
“It’s important to us that people understand what simple steps they can take to improve the security state of their devices, because personal devices–which we don’t control–may very well be the first target of attack for phishing, malware, and other exploits,” explained Netflix.
Stethoscope is mobile friendly and currently looks for disk encryption, firewalls, automatic updates, up-to-date software, and screen locks. The software will also check whether an iPhone is jailbroken and an Android phone is rooted.
Each of these “practices” (as Netflix calls them) is given a rating which will tell a user how important the issue is.
A rather clever feature of Stethoscope is that it doesn’t have its own database to draw from. Instead the software queries other data sources and collates this information into one, easily understood view.
Netflix has said that it is working with other organisations to extend the data sources Stethoscope can draw from.
Stethoscope is currently available on GitHub and it includes the ability to run the front end with sample data or run the full app with the help of Docker.[Image CC by 2.0 – Mike K]