Skip to content

SYSTEM Cited by 1 source

Netflix Security Monkey

Security Monkey is the Simian Army member dedicated to security-posture drift detection. Described by the 2011 TechBlog post as "an extension of Conformity Monkey", it finds security violations or vulnerabilities and terminates the offending instances. Source: sources/2026-01-02-netflix-the-netflix-simian-army.

Purpose

"Security Monkey is an extension of Conformity Monkey. It finds security violations or vulnerabilities, such as improperly configured AWS security groups, and terminates the offending instances. It also ensures that all our SSL and DRM certificates are valid and are not coming up for renewal."

Role in the Simian Army

Security Monkey is a drift detector specialised for security invariants. Two failure domains are named in the 2011 post:

  • Instance-level security misconfiguration — e.g. improperly-configured AWS security groups. Enforcement action: terminate the offending instance, mirroring systems/netflix-conformity-monkey.
  • Certificate lifecycle — SSL and DRM certificates must be valid and not near renewal. Enforcement action: surface upcoming expirations before they bite.

Architectural shape

The 2011 post frames Security Monkey as "an extension of Conformity Monkey" — same terminate-the-offender shape, same rule-engine design, different rule domain. The generalisation is that security policy is a form of operational best-practice policy and can be enforced by the same fleet-of-agents architecture.

Lineage

Netflix later open-sourced a broader tool also called "Security Monkey" (github.com/Netflix/security_monkey) that grew beyond the 2011 scope into a full account-scanning + policy-evaluation platform. The 2011 blog post is the taxonomic origin of that tool — this stub captures only the 2011 design intent; deeper architectural details should live on future ingests of later Netflix Security Monkey material.

Implementation gaps in the 2011 post

  • Rule authoring / deployment flow undocumented.
  • Certificate-rotation integration undocumented.
  • Grace period / notification flow undocumented.
  • False-positive-suppression mechanism undocumented.
  • Interaction with AWS Config / other audit tools not mentioned (pre-AWS-Config era).

Operational numbers

None disclosed.

Seen in

Last updated · 319 distilled / 1,201 read