How Dreamworks prevents multi-million dollar spoilers
Kung Fu Panda 3 is the most ambitious movie DreamWorks Animation has ever produced. Four years in the making, the film required a huge amount of sophisticated animation and computer-rendering, in part because an unprecedented second version of the movie was created for the Chinese market. Studio animators in Glendale, Calif., and Shanghai, China, separated by more than 6,000 miles and 15 hours, simultaneously crafted versions in English and Mandarin. This required not only different voices and facial movements, but also different jokes to resonate with audiences in different cultures.
From the launch of its first feature film in 1998, Antz, through megahits such as Shrek and How to Train Your Dragon, DreamWorks Animation has taken pride in marrying storytelling excellence with groundbreaking technical work. But as much as each movie is a creative endeavor, the studio is still running a business. Hence, DreamWorks Animation invests heavily in information security.
“If an unofficial version of our movie—or even snippets of it—were to leak a week before opening, it could potentially have a serious negative impact,” explains Jeff Wike, chief technology Officer at DreamWorks Animation. This type of leak could affect box office performance and the brand. “An early version of our film may not be characteristic of our final product. We wouldn’t want an unfinished version of the film causing a misperception of the quality of our film.”
The challenge of protecting DreamWorks Animation’s intellectual property from accidental disclosure and theft has grown with its business. Productive collaboration between studio facilities in the United States and China requires a high level of secure file sharing. And the studio does about 10 percent of its movie rendering—the compute-intensive process of combining individual components into complete animated scenes—via an offsite private cloud service.
In creating Kung Fu Panda 3, which comprises 118,000 computer-generated frames, the studio generated 475 terabytes of data in 600 million digital files. Each of its 240 billion pixels, of course, needed to be protected at every stage of development.
Gaining visibility into that all that data while adequately protecting it across a worldwide network isn’t trivial. No human security analyst can make sense of that volume of data in a timely manner.
Like many enterprises, DreamWorks Animation utilized baseline security products such as anti-malware, data loss prevention and intrusion detection systems. But these monitoring systems create their own data deluge, and as volume scales up, it becomes easier for clues of unwanted network or system behavior to slip through the cracks.
Esekiel “Zeke” Jaggernauth, director of information security at DreamWorks Animation, says the studio saw a need for a system that would connect the dots across its existing security products.
“Information security is critical to our movie making processes and we need to continually analyze large volumes of data in a timely manner to be effective,” he says. “Even with the most highly talented and trained staff, this simply isn't possible without the right tools.”
The studio needed “as much automation as possible,” Jaggernauth says, “to filter out all the noise, and focus our analysts’ work on the most important activity.”
If the stakes weren’t high enough already, news headlines in late 2014 helped increase the urgency, as industry giant Sony Pictures Entertainment (SPE) suffered a massive, high-profile data breach. At least five forthcoming Sony films were subsequently leaked on free file-sharing sites. The incident helped to raise and maintain awareness across the industry, including DreamWorks Animation.
When Sony gets hacked, that’s like having your neighbor’s house broken into.
“There tends to be a false sense of distance when attacked companies aren’t in the same industry," says Jaggernauth, who previously managed penetration-testing services at a large consulting firm. "Breaches within healthcare and retail may not resonate as well within media and entertainment. However, when SPE was successfully attacked, it was like having your neighbor’s house broken into,”
“The day after the public disclosure of the SPE breach, everybody turned to Zeke and asked the normal question: ‘Are we okay? Could this happen to us?’” Wike recalls.
At the time, the company already had a security roadmap for 2015 that included the deployment of a security information and event management correlation system. “But did the Sony news help this security project go through budgeting without a hitch? It probably didn’t hurt,” Wike says with a laugh.
In May 2015, Jaggernauth kicked off the search for a solution. He started by clearly defining “use cases,” or specific tasks needed to help the business achieve its objectives.
Jaggernauth describes a key use case as the need to correlate events between security and network-monitoring systems—for example, a secure Web gateway and the malware scanner.
“If a machine on the network sends thousands of requests over the network to an outside IP address in a matter of seconds, he says, “we know it’s not humanly possible that the user is making those requests, and those requests may be going to a command-and-control system that’s part of a botnet. So we quarantine that machine.”
Not all malicious communications are so obvious. Correlating outbound network traffic with information from the malware scanner can help identify more subtle cases. But with DreamWorks Animation’s ever-growing data flow, human analysts can’t keep up. You need an automated system and work flow to correlate the data effectively.
“If you don’t invest the time to identify the real use cases, then you will likely ingest everything into the system and automate noise,” Jaggernauth says.
DreamWorks Animation installed a security information and event management (SIEM) and analytics platform to connect the dots and identify suspicious events across its global network. The new platform dramatically cuts down the time to detect and respond to threats.
The DreamWorks Animation SIEM platform correlates events from a network monitoring system, a malware scanner, a secure web gateway product, an intrusion detection system, and more. It can capture and analyze as many as 400,000 events per second.
Kung Fu Panda 3 opened in U.S. markets on January 16, 2016. By mid-July, it had grossed more than $500 million dollars worldwide, with $150 million or more grossed in China.
The collaboration with Shanghai has been a roaring success, but there’s little time to celebrate because DreamWorks Animation is already hard at work on films it plans to release over the next few years.
Jaggernauth says the new security platform improves the studio’s ability to protect intellectual property and reduce the risk of data loss across international borders. The company now has much greater visibility into what’s happening on the network, and it can automatically correlate events across multiple devices and systems.
“We try to be as automated as we can.” he says. “For example, with quarantining potentially infected systems, ultimately, we want to get to a place of autonomous containment to stop widespread infection in a timely manner.”
As the company continues to grow, generating more data per movie and increasing its international collaboration, Jaggernauth says, its network traffic and security needs will expand.
“Our standing approach has been about continuous improvement,” he says. “So we will continue to align the information security program to business objectives. More often than not, new business activities will translate into a set of technical requirements” that HPE ArcSight and other systems can address.
The studio aims to hold to that approach as the complexity of the threat landscape—and the business landscape—continues to grow.
Jaggernauth says it’s all in a day’s work. The team has to strike the right balance of controls with the need of the animators to work when and how their job requires. “We don’t say ‘no’ to our animators,” he says. “We say ‘let me show you how.’”
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.