Scaling Defenses Amidst Evolving Threat Landscape

Security services that defend against malicious or fraudulent traffic operate in an unpredictable and constantly evolving threat landscape. The dynamic nature of attack traffic means that as attacks evolve, our defenses must evolve too. Existing rules, ML models and/or security configurations may stop being effective with time and would need to be either tuned or deprecated. In the absence of right design decisions, tooling and metrics, the operations component of such services can become tedious, challenging and time consuming. It is important to think about how to build and scale an observability ecosystem alongside such services that fosters agility to respond quickly to emerging threats.

At Netflix, we think deeply about how to build and scale an observability ecosystem for our services. This allows us to continuously observe, learn and adapt our defenses in an evolving threat landscape. In this talk, I will talk about what design choices we made early on during service development that were crucial to scaling operations later on. I will also talk about how we built an observability ecosystem for our services that allowed us to scale operations, improve visibility and accelerate investigations. The audience will walk away with clear articulation of considerations and design ideas for building a defense ecosystem in a continuously evolving threat landscape.


Speaker

Aditi Gupta

Staff Security Software Engineer @Netflix

Aditi Gupta is currently a Staff security software engineer at Netflix where she leads the anti-DDoS efforts and builds scalable services to address the fraud and abuse landscape at Netflix. She holds a PhD from Purdue University in the field of system security and has built several scalable and resilient systems to solve security problems in her previous roles.

Read more

From the same track

Session

A Big Dashboard of Problems

We have all heard "an ounce of prevention is worth a pound of cure" in medicine, but the security industry isn't so sure. This talk explores the forefront of simple and effective preventative strategies.

Travis McPeak

Founder and CEO @ResourcelyInc

Session

Practical Security Presentation 3

Details coming soon.

Session

Practical Security Presentation 4

Details coming soon.