Presented By
O’Reilly + Cloudera
Make Data Work
March 25-28, 2019
San Francisco, CA

Building and scaling a security detection platform: A Netflix Original

John Bennett (Netflix), Siamac Mirzaie (Netflix)
2:40pm3:20pm Thursday, March 28, 2019
Average rating: ***..
(3.33, 3 ratings)

Who is this presentation for?

  • Data engineers and architects, data scientists, analysts, and program managers

Level

Intermediate

Prerequisite knowledge

  • Familiarity with ETL pipeline development

What you'll learn

  • Learn how Netflix built a robust platform that enables developers to quickly and easily build detection pipelines that accommodate batch and streaming data processing

Description

The combination of Netflix’s culture of freedom and responsibility and the sheer size of its worldwide operations sets a unique stage for enterprise security. The need to detect potentially malicious activity along a growing attack surface has become paramount. This in turn translates into the need for greater velocity to deploy end-to-end data-driven detection pipelines across a wide range of endpoints that produce actionable insights for security analysts.

John Bennett and Siamac Mirzaie share an approach that enables Netflix teams to deploy brand-new detection pipelines using a variety of analytical techniques, ranging from simple rules to machine learning, in a matter of hours with relatively minimal code work. John and Siamac discuss some of the business considerations that propelled the project forward before exploring some of the rationale behind the architecture of this platform. They then dive deeper into the capabilities of the system with technical insights into the implementation itself. They conclude by reflecting on the lessons learned throughout this journey.

Photo of John Bennett

John Bennett

Netflix

John Bennett leads the data engineering efforts within Netflix’s cloud infrastructure analytics team with a focus on security. For the past three years, he has built large-scale data processing systems that provide anomaly detection, network visibility, and dependency insights. John has been writing code for almost 20 years. His previous roles include stints at Blizzard and IGN. John is currently developing a template-driven platform that enables engineers to rapidly build streaming and batch ETL pipelines for detection purposes.

Photo of Siamac Mirzaie

Siamac Mirzaie

Netflix

Siamac Mirzaie is a senior analytics engineer at Netflix, where he builds end-to-end anomaly detection systems for corporate security. Siamac is an applied machine learning practitioner in the security space. Previously, he was a data scientist at Facebook and director of analytics at Everquote. He holds a master’s degree in EECS from Ecole Supérieure d’Electricité and in financial engineering from the University of Michigan.