Netflix announced on Monday the open source release of its automated system developed to recognize, identify and respond to network security incidents.
The program is called FIDO, or Fully Integrated Defense Operation, and it works by simultaneously monitoring multiple detection systems such as firewalls, anti-malware systems and intrusion detection systems. When the system detects an event it automatically gathers information by querying internal data sources and external threat feeds, and then it determines if the event is a false positive or a serious threat.
FIDO scores threats based on severity – it can be programmed to send notifications when a threat is detected or even to act proactively by closing network ports, disabling accounts or ending VPN sessions, if necessary. FIDO also has the ability to recognize if a threat has already been addressed by an existing control.