Security news that informs and inspires

Inside the Development of Netflix Stethoscope

SAN FRANCISCO--One of the major challenges facing many organizations, even technically sophisticated ones with mature security groups, is securely configuring endpoints and ensuring they stay that way. There are some tools that can handle that task, but they tend to require extensive privileges and take a one-size-fits all approach. That doesn’t fly in many enterprises, including Netflix, so a small team of engineers there decided to build a new tool that could handle those tasks with a light touch.

The result of the effort is the Stethoscope app, which began its life as a web-based tool that can check a machine’s security configurations and make recommendations for how to correct any problems. The tool would check settings such as the personal firewall, the patch level, whether disk encryption was enabled, and whether automatic updates were turned on. But the web-based method meant that individuals would have to go back to the site on a regular basis to check their devices. Humans being human, that can wind up being too much friction.

So the Netflix team set out to build a native app that would perform the same tasks and run continuously on Windows and macOS machines. But the engineers didn’t want the app to be intrusive or require administrative rights and, most importantly, be usable for Netflix’s extensive set of partners and third-party contractors.

“I don’t trust systems management software for a number of reasons, and the main one is risk. This is third-party software running on your machine with admin privileges and installing kernel extensions. If it wasn’t ostensibly security software, would you even allow it to run on your machine? Probably not,” said Andrew White, part of the team that developed the Stethoscope app.

“We needed a way to securely configure these machines without installing what amounts to a rootkit. This is read-only, it doesn’t phone home and it doesn’t talk to any other systems, so you can just hand it out to people.”

Stethoscope allows people to run on-demand scans of their devices and gives them immediate feedback when they make changes to correct an issue. The app also has server functionality that enables other processes on the machine to do health checks and either grant or deny access to a given app based on the results. Internally, Netflix has integrated the Stethoscope app into its single sign-on flow to handle conditional access to apps and other resources.

“We believe in context, not control. We think that giving people context leads them to make the right security decisions."

“It will query the Stethoscope app and and allow you to block access to sensitive apps if the machine isn’t configured right,” White said during a talk on the app at the Enigma conference here Wednesday.

“So you can use it as part of a zero trust strategy because you have an assurance of the device’s security posture.”

When the Stethoscope app was rolled out initially inside Netflix, the team used a gradual approach, putting it in front of one internal app at a time. Given that Netflix has upwards of a thousand internal apps, this was no small task. But White said the approach allowed the team to see how things were working as the rollout progressed.

“It allowed us to gather data from each app and see how we were changing people’s behavior on security,” he said.

One of the keys to modifying people’s choices around security is giving them information about why one choice is better than another without shaming or intimidating them. White said the Netflix team kept this philosophy in mind while building the Stethoscope app.

“We believe in context, not control. We think that giving people context leads them to make the right security decisions,” he said. “Making changes for users is antithetical to what we’re trying to do with Stethoscope.”

Netflix has released Stethoscope as open source and White said the company has proof-of-concept apps for both iOS and Android.