Stethoscope - An OpenSource, User Focused Security Tool By NetFlix

Stethoscope is an opensource web application security tool by netflix which stresses on User Focussed Security and various innovative features

Introduction


Stethoscope is a web-based tool that gives Netflix employees a view into the security state of their devices, with specific recommendations regarding disk encryption, firewalls, and other device settings. The website, in conjunction with email alerts, gives Netflix employees a straightforward way to see what actions they should take to remain safe.

User Focused Security


Users cause most of the security incidents like data breaches and mass cyber attacks. Usually, big corporates and financial establishments will have a lot of security policies and tools which are enforced on the users and controlled centrally. But User Focused Security is formulated to change this approach. This approach of user-focused security largely depends on the direct action by the users to thwart cyber threats instead of a single point controlled security system. It relies on the user's knowledge and awareness about the possible security issues they might come across in their day to day work. This is achieved by informing the user about the potential security issues on the go as they continue doing their daily work. It is designed considering the true context of people’s work.

Netflix Stethoscope Security Tool
Image Credits: netflix.com

How Stethoscope implements User Focused Security


Stethoscope tool continuously monitors user activities and gives suggestions to users directly. These include a short description of the security threat so that the user can understand why it is being suggested and the importance of it. Below is an example of one such suggestion. It tells about the importance of updating an Android device to the latest available software version.

Stethoscope Security Tool User Focused Security
Image Credits : netflix.com

What Security Elements are monitored?


The following device configurations are monitored by the Stethoscope security tool and these are known as 'practices'
  • Disk encryption
  • Firewall
  • Automatic updates
  • Up-to-date OS/software
  • Screen lock
  • Not jailbroken/rooted
  • Security software stack (e.g., Carbon Black) 
These are rated based on the importance and criticality.

Implementation of Stethoscope security Tool


Netflix Stethoscope Security Tool
Image Credits: Netflix.com
Stethoscope security tool is powered by a Python back-end and a React front end. It doesn't have its own data storage feature, instead, it directly fetches device information by querying various data sources and then merges that data for the final output. The data sources here are implemented as plugins which can be added easily. Currently, the following are supported- LANDESK (for Windows), JAMF (for Macs), and Google MDM (for mobile devices).

Notification option by Stethoscope security Tool


Stethoscope security Tool provides a dashboard for notifications and alerts. One can directly respond to notifications from there. An example notification is shown below.
Netflix Stethoscope Security Tool
Image Credits: Netflix.com

Conclusion


Stethoscope is an innovative approach to security monitoring. It relies on the end users and their awareness to fight security threats. A normal SIEM implementation or an IDS/IPS has centralized consoles from where every security events and incidents are monitored and handled. The end user has little or no roles to play. Other than staying vigilant maximum he can do is to follow the instructions sent by the IT department in case of a security incident. Stethoscope security Tool works upon the motto of "Prevention Is Better Than Cure". Moreover, Stethoscope Security tool has a mobile friendly interface and this further makes the process of notifying users easy even if they are not at their desk.

Stethoscope Tool is available on Netflix Github.

COMMENTS

Name

Ad Network,3,adb,1,adblocker,1,Adblocker alternative,1,Adobe Flash Zero Day,1,Adware,1,Android,2,Android Reverse Engineering,1,Android vulnerability,3,Anonymous,1,Anonymous Browsing,2,Apple Hacking,2,Arp Poisoning,1,authentication bypass,1,Automated Tank Guage,1,Automatic Footprinting tool,1,backdoor credentials,1,BadWinmail,1,Banking trojan,1,bcmon,1,Best Adblocker,1,Best free cloud storage,1,Best Password Manager,1,Best TOR Alternative,1,Best VPN Provider,1,best VPN Rating,1,Bettercap,1,Bettercap tutorial,1,BitTorrent,1,BitTorrent Protocols,1,Browse safely,1,Car Hacking,1,Carbanak,1,ChatGPT,1,CIA,1,Circuit Fingerprinting.,2,cleartext cloud API,1,CloudFlare,2,Cobalt Strike,1,Covert Pentesting,1,Cracking Encryption,1,Cracking HTTPS,1,crapware,1,Credential Stealing,1,Credentials Sniffing,1,CreeHack,1,CryptDB,1,cryptography,2,cSploit,1,CSRF,1,custom recovery,1,Cydia,1,cygwin,1,Cypher System,1,Data Breach,1,Data Exfiltration,1,DDoS,2,DDoS Attack,3,Decrypting Tor traffic,1,Deep Web,1,DEF CON 23,2,disk encryption,1,DLL Injection Attacks,1,Dnstool,1,download torrents directly,2,DrDoS,1,DriveDroid,1,DuckHunter HID,1,Elevation Of Privilege,1,encryption,2,Ettercap,1,Exitmap,1,Exploitation,2,Fanny Worm,1,Financial APT,1,Flash Alternative,1,Forgot Windows Password.,1,fraud,1,Free Cloud Storage,1,Free LastPass Premium,1,Free Uptobox Premium Account,1,Free VPN,1,Free Zbigz Premium Account,2,Freedom App,1,GasPot,1,GenAI,1,GitHub,1,Giveaways,4,Hack Android,3,Hack Android Games,2,Hack Android In-App Purchase Non Root,1,Hack Cave,18,Hack Clash Of Clans,1,Hack Email,1,Hack Outlook,1,Hack Subway Surfer,1,Hack WiFi Android Without bcmon,1,Hack Windows 10,1,hacking android,6,hacking android pattern lock,1,Hacking Android PIN,1,Hacking Android Through Sound Waves,1,Hacking Cloudflare,1,Hacking CryptDB,1,Hacking electronics,1,Hacking embedded systems,1,Hacking Fridge,1,Hacking Gmail,1,Hacking IoT,1,Hacking KeePass,1,Hacking News,3,Hacking PayPal,1,Hacking Refrigerator,1,Hacking Team,1,Hacking tools,3,Hacking Tricks Android,5,Hacking WiFi With Android,3,Hacking Windows,4,Hacking Windows Password,1,HardSploit,1,HID Attack,1,Homomorphic Encryption,1,Honeypot,1,HORNET,3,How to hack baby monitors,1,How to hack gmail?,1,How to hack IoTs,1,How to hack MAC OS X,1,How To Hack WhatsApp,1,how to install kali nethunter on any android device,1,How Tor Works,1,HTML5,1,ICS,1,Immobilizer,1,Increase Download Speed,1,Information Gathering,1,Install NetHunter,1,Install NetHunter for any Device,1,Internet Of Things,1,Internet Privacy,2,Introduction To Penetration Testing,1,iOS 9,2,iOS hacked,1,IoT,3,IoT Security Audit Tool,1,Jailbreaking,1,Kali Linux,2,kali linux nethunter for android,1,Kali NetHunter,4,Kali NetHunter Nexus 5x,1,Kali NetHunter Sony,1,kali nethunter windows installer,1,KeeFarce,1,Kemoge,1,LastPass Premium Giveaway,1,LastPass Premium Subscription 2016,1,lenavo,1,LinkedIn,1,Lizard Squad,1,Lizard Stressor,1,LLama3,1,LSE,1,Mabouia,1,Mac OS X Hacking,1,Malicious JavaScript,1,Malware,4,Man In The Middle Attack,4,MANA Wireless Toolkit,1,Megamos Crypto Transponder,1,MITM,5,Mount Manager Bug,1,Mozilla Firefox,1,MSOffice,1,Netflix,2,Netflix Stethoscope tool,1,NetHunter Devices,1,nethunter install guide,1,NetHunter Nexus 5x,1,NetHunter Tutorial Nexus 5x,1,nethunter tutorial pdf,1,Nord VPN,1,nsISpeculativeConnect,1,NTP Vulnerability,1,Offensive Security,1,Office Exploit,1,OLE,1,Onion Encryption,1,Onion Routing,1,OpenSource,2,Outlook Exploit,1,Overt,1,Penetration Testing,1,Penetration Testing Tutorial,1,Penetration Testing With KaliLinux,1,Penetration Testing With Metasploit,1,Pentest Report,1,Phases Of PenTesting,1,Phishing,1,PINlogger,1,Post Exploitation,1,PowerMemory,1,PowerShell,1,pre-fetch,1,Prevent In-App purchase hacks,1,Privacy,1,Private VPN,1,privilege escalation,2,Python,1,Quantum Cryptographic Communication,1,quantum physics,1,ransomware,2,read forbes with adblock,1,read toi with adblock,1,Reaver,1,Reflected File Download Vulnerability,1,Reflective,1,Reflective DDoS Attack,1,Remote Code Execution,2,Remote exploit,2,remove ads toi,1,RfA,1,RFD,1,RFID,1,RIFFLE Tor Alternative,1,RIPv1 Protocol,1,Root Nexus 5x,1,Rooting,2,Rootkit,1,Router Keygen,1,SCADA,1,SEA,1,Searchsploit,1,Security News,40,Security Tools,5,Selfhosted,2,Shodan,1,SilverPush,1,Sleepy Puppy,1,Smartphone Sensor hack,1,Smartphones,4,Smartphones hacking,1,soft and hard brick,1,speculative connect API,1,SpiderFoot,1,Sponsored,1,StageFright,2,StageFright 2.0,1,stethoscope tool implimentation,1,Stored XSS,2,StuxNet,1,Superfish,1,surveillance,1,Task hijacking Attack,1,TCP injection.,1,The Basics Of Penetration Testing,1,The Hacking Team,1,Threat Modeling,1,Tor,3,TOR Alternative,4,Tor Exit Relay,1,Tor Guard,1,Tor Hacked,3,torrent to direct converter,2,torrent to IDM,1,tow factor authentication,1,Trend Micro,1,Tutorial,11,TWRP,1,TWRP Nexus 5x,1,Types Of Pentest,1,Types Of XSS Vulnerability,1,uBlock,1,Unlock Bootloader guide,1,Unlock Bootloader Nexus 5x,1,unlock pattern lock android,2,User Focused security,1,VPN Reviews,1,Vulnerability,3,Vulnerability Analysis,1,Vulnerability scanners,1,What is Kali NetHunter,1,WhatsApp Encryption,1,WhatsApp Hacking,1,Whatsapp phishing,1,WhatsApp Vulnerability.,1,WikiLeaks,1,Windows Backdoor,1,Windows Debuggers,1,XcodeGhost,1,Xss,3,XSS Scanner,1,XTEA,1,Zbigz cookie generator,1,Zbigz premium account no survey,1,Zimperium,1,
ltr
item
Hack Cave | Hacks unveiled: Stethoscope - An OpenSource, User Focused Security Tool By NetFlix
Stethoscope - An OpenSource, User Focused Security Tool By NetFlix
Stethoscope is an opensource web application security tool by netflix which stresses on User Focussed Security and various innovative features
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfz26ejDUnWbTshkpkQxJB-jypEv7ks_3rF-UqTVGbAX9Yw-zlZ34Z0LJQeZwPSoEs5DPQXR9vNGq4neopIhDTduGE5U1kNLytg5YfynXfOYgU6BLdiCUjSMOI4gCiBPRRomM9iN6bo8M/s640/Stethoscope+ShmooCon+2017.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfz26ejDUnWbTshkpkQxJB-jypEv7ks_3rF-UqTVGbAX9Yw-zlZ34Z0LJQeZwPSoEs5DPQXR9vNGq4neopIhDTduGE5U1kNLytg5YfynXfOYgU6BLdiCUjSMOI4gCiBPRRomM9iN6bo8M/s72-c/Stethoscope+ShmooCon+2017.png
Hack Cave | Hacks unveiled
http://www.hackcave.net/2017/02/netflix-stethoscope-opensource-user-focused-security-tool.html
http://www.hackcave.net/
http://www.hackcave.net/
http://www.hackcave.net/2017/02/netflix-stethoscope-opensource-user-focused-security-tool.html
true
398744729202641828
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content