Security chatbot empowers junior analysts, helps fill cybersecurity gap

The alarming number of unfilled jobs in information security has many leaders in the industry wondering how to solve the manpower problem. Awareness is part of the problem — in that the pipelines aren’t getting filled fast because many young people don’t know about jobs in security.

A second problem of awareness, though, is the inherent problem in a majority of security operation centers (SOCs) — programming language. New people require training. As a result, the N00bs often start off in a basic workflow where they sit and stare at a screen. When a green light turns red, they then turn that over to an experienced analyst.

Bobby Filar, a senior data scientist in the Threat Research and Adversary Prevention Unit at Endgame, said they need to empower analysts sooner. To that end, he talked with me about Artemis, a language-agnostic platform that provides a more natural interface.

Endgame’s Alexa integration — which they believe is a first in the security industry —utilizes natural language understanding to let security analysts simply ask their network what’s going on. They can ask anything from a general check-in to specific queries about attack types, and execute commands to keep their system safe.

The idea is that junior analysts can sit, ask questions, and take actionable steps without being crippled because of syntax or query language.

“We wanted to tackle the problem of learning language,” Filar said. “It’s a good way to help move up to a senior analyst more quickly.”

Though, I did wonder how it would be possible to move up to a senior analyst without learning the programming language.

“What we try to do,” Filar said, “is provide a framework that can grow with the experience of the analyst. We support a query that is a little more yes/no or why. Those are the questions you are thinking about when starting off.”

Essentially, the analyst grows both through and with the flexibility and intuitive nature of the platform.

“A more senior person who has had experience that is more syntax driven can still employ that language into the framework, and Artemis will pick up that language,” said Filar.

Artemis: A security chatbot

Natural language understanding looks for entities or concepts and pulls those out to surmise their intent. It’s a chatbot with a distinction. While there are a limited number of ways to say “book me a flight,” Filar said analysts create queries that are a lot more complex.

“There are all the different verticals and user levels, ranging from hunters to managers and tier 2 and tier 3. The goal is to encourage the user to use natural language as much as they want,” he said.

With Artemis as an Alexa integration, Endgame is trying to increase the work flows analysts employ.

“If they see an alert, they do a, b, and c. But for new hires, that can be difficult to determine. They end up having limited roles until they’ve gained experience,” Filar said.

As a tool to help narrow the skills gap, Artemis aims to empower less-experienced analysts in a more intuitive way so that they can move up the experience ladder faster. That’s a power the industry really needs moving forward.