In a post on its technology blog, Netflix’s engineers have revealed how they have developed a platform to deal with cloud security issues.
Snare is the company’s detection, enrichment, and response platform for handling cloud security related findings.
It is responsible for receiving millions of records a minute, analysing, alerting, and responding to them, said the post. It also provides a space for the company’s security engineers to track any issues, drill down into various findings, follow their investigation flow, and ensure that findings reach their proper resolution.
The blog post explains that Snare can be broken down into the following parts: detection, enrichment, reporting and management, and remediation. The platform has been in use for the past year, and has led to “tremendous improvements while handling our cloud security findings”, as well as a major improvement in direct time savings for the company’s detection squad.
“Utilising Snare, we were able to perform more granular tuning and aggregation of findings leading to an average of 73.5 per cent reduction in our false positive finding volume across our ingestion streams,” said the engineers.
Netflix has more than doubled the number of its in-house detections, and onboarded several detection solutions from security vendors, including AWS. “The Snare framework enables us to write detections quickly and efficiently with all of the plumbing and configurations abstracted away from us,” continued the engineers. “Detection authors only need to be concerned with their actual detection logic, and everything else is handled for them.”
“We’re looking at continuing to create new, more advanced features and detections for Snare to reduce cloud security risks in order to keep up with all of the exciting things happening here at Netflix,” concluded the post.
The full blog post can be found here.