Scaling Defenses Amidst Evolving Threat Landscape

Security services that defend against malicious or fraudulent traffic operate in an unpredictable and constantly evolving threat landscape. The dynamic nature of attack traffic means that as attacks evolve, our defenses must evolve too. Existing rules, ML models and/or security configurations may stop being effective with time and would need to be either tuned or deprecated. In the absence of right design decisions, tooling and metrics, the operations component of such services can become tedious, challenging and time consuming. It is important to think about how to build and scale an observability ecosystem alongside such services that fosters agility to respond quickly to emerging threats.

At Netflix, we think deeply about how to build and scale an observability ecosystem for our services. This allows us to continuously observe, learn and adapt our defenses in an evolving threat landscape. In this talk, I will talk about what design choices we made early on during service development that were crucial to scaling operations later on. I will also talk about how we built an observability ecosystem for our services that allowed us to scale operations, improve visibility and accelerate investigations. The audience will walk away with clear articulation of considerations and design ideas for building a defense ecosystem in a continuously evolving threat landscape.

Interview:

What's the focus of your work these days?

I am a security software engineer on the Customer Trust team at Netflix. I build scalable systems that defend against harmful acts, which have the potential to adversely impact either our users or our service, such as DDoS attacks.

What's the motivation for your session?

I build systems that defend against malicious traffic. I noticed that when you build something new and deploy it, the defenses are very effective initially in blocking bad traffic, and you're doing great. But over time the traffic that you're defending against evolves to evade these defenses. So the effectiveness goes down over time. This leads to increased operational burden. I’ve found myself there in the past and in this talk I wanted to put together all these different concepts that I've encountered over time on how to keep the defenses effective without constantly being in firefighting mode. That's the motivation of the talk.

How would you describe the persona and level of the target audience for your talk?

I think anyone who is interested in learning about building defense systems and also people who actually build such systems will find this talk useful. Engineers who may be struggling in the same space by finding themselves knee-deep in operations with no time to actually improve their service. Some of the concepts that are shared here will help that audience. But I think in general anyone who loves to build scalable systems would find some good takeaways from this talk.

You've touched on this a little bit already, but what would you like the persona to walk away with after watching your presentation? Are there any highlights in particular?

I did mention it a bit before as well, when you start building these systems, you have to think beyond just the core service, just beyond the secret sauce on how to block bad traffic. The secret sauce will be effective initially, but it wouldn't be effective in the long run. So what additional components do you build into your defense ecosystem so that you continue to stay effective? What are some of the things that you can think of doing early on to reduce the operational burden later on? That's what I hope for the audience to take away from this presentation.  

 


Speaker

Aditi Gupta

Staff Security Software Engineer @Netflix

Aditi Gupta is currently a Staff security software engineer at Netflix where she leads the anti-DDoS efforts and builds scalable services to address the fraud and abuse landscape at Netflix. She holds a PhD from Purdue University in the field of system security and has built several scalable and resilient systems to solve security problems in her previous roles.

Read more

Date

Wednesday Oct 26 / 11:50AM PDT ( 50 minutes )

Location

Seacliff ABC

Topics

Security Scaling Defenses Design Choices Service Development Defense Ecosystem

Share

From the same track

Session Security

A Big Dashboard of Problems

Wednesday Oct 26 / 10:35AM PDT

We have all heard "an ounce of prevention is worth a pound of cure" in medicine, but the security industry isn't so sure. This talk explores the forefront of simple and effective preventative strategies.

Speaker image - Travis McPeak

Travis McPeak

Founder and CEO @ResourcelyInc, previously @Netflix & @Databricks

Session Security

Vulnerability Inbox Zero

Wednesday Oct 26 / 01:40PM PDT

You have a vulnerability problem. You run a scanner. Now you have two problems - vulnerabilities and a mess of scanner results to process.

Speaker image - Alex Smolen

Alex Smolen

Director of Security @LaunchDarkly, previously Engineering Manager @Clever, Engineer @Twitter, Security Consultant @Foundstone

Session Security

Privacy-First Re-Architecture

Wednesday Oct 26 / 04:10PM PDT

The tech industry grew organically the last few decades. We built new innovations on top of old. We evolved systems and technologies to meet new challenges. Decisions of the past became assumptions of today.

Speaker image - Nimisha Asthagiri

Nimisha Asthagiri

Principal Consultant @Thoughtworks, Previously Chief Architect & Senior Director of Engineering @edX

Session

Panel: Practical Security

Wednesday Oct 26 / 02:55PM PDT

Join us to continue the conversation around the track theme of practical security, the panel discusses current and future challenges and security issues facing security engineers, practitioners and organizations.

Speaker image - Aditi Gupta

Aditi Gupta

Staff Security Software Engineer @Netflix

Speaker image - Travis McPeak

Travis McPeak

Founder and CEO @ResourcelyInc, previously @Netflix & @Databricks

Speaker image - Nimisha Asthagiri

Nimisha Asthagiri

Principal Consultant @Thoughtworks, Previously Chief Architect & Senior Director of Engineering @edX

Speaker image - Alex Smolen

Alex Smolen

Director of Security @LaunchDarkly, previously Engineering Manager @Clever, Engineer @Twitter, Security Consultant @Foundstone