Project Monterey: Automating Security Testing in Cloud Deployments

Explore the innovative Project Monterey, a solution developed by Netflix's Cloud Security Team to automate security testing in a large-scale cloud deployment. Learn how this framework enables the deployment and execution of traditional security tools like OWASP Zap, NMAP, and Nessus in a distributed and scalable manner. Discover how Monterey's plugin interface allows security professionals to easily integrate their own tools and chain them together for enhanced functionality. Understand how the system adapts to Netflix's dynamic deployment process, automatically detecting new applications, code pushes, and internet-exposed services. Gain insights into Netflix's use cases for Monterey, its potential for open-sourcing, and future expansion ideas. This conference talk, presented by Kevin Glisson at AppSecUSA 2014, includes a demonstration of Monterey and discusses its role in streamlining security operations in cloud environments.

Intro
Developer Enablement
Automating Processes
Netflix Environment
Why Project Monitoring
Monterey Overview
Scaling Traditional Tools
Third Power Tools
Open Source Tools
Chronos
Monterey Roadmap
Take Aways
Security Monkey
Use Cases