• United States




Security chatbot empowers junior analysts, helps fill cybersecurity gap

Aug 31, 20173 mins
CareersIT JobsIT Skills

Endgame's Artemis eliminate syntax or query language, allowing junior analysts to communicate with the network more intuitively to find security issues.

chatbots chatbot bot
Credit: Thinkstock

The alarming number of unfilled jobs in information security has many leaders in the industry wondering how to solve the manpower problem. Awareness is part of the problem — in that the pipelines aren’t getting filled fast because many young people don’t know about jobs in security.

A second problem of awareness, though, is the inherent problem in a majority of security operation centers (SOCs) — programming language. New people require training. As a result, the N00bs often start off in a basic workflow where they sit and stare at a screen. When a green light turns red, they then turn that over to an experienced analyst.

Bobby Filar, a senior data scientist in the Threat Research and Adversary Prevention Unit at Endgame, said they need to empower analysts sooner. To that end, he talked with me about Artemis, a language-agnostic platform that provides a more natural interface.

Endgame’s Alexa integration — which they believe is a first in the security industry —utilizes natural language understanding to let security analysts simply ask their network what’s going on. They can ask anything from a general check-in to specific queries about attack types, and execute commands to keep their system safe.

The idea is that junior analysts can sit, ask questions, and take actionable steps without being crippled because of syntax or query language.

“We wanted to tackle the problem of learning language,” Filar said. “It’s a good way to help move up to a senior analyst more quickly.”

Though, I did wonder how it would be possible to move up to a senior analyst without learning the programming language.

“What we try to do,” Filar said, “is provide a framework that can grow with the experience of the analyst. We support a query that is a little more yes/no or why. Those are the questions you are thinking about when starting off.”

Essentially, the analyst grows both through and with the flexibility and intuitive nature of the platform.

“A more senior person who has had experience that is more syntax driven can still employ that language into the framework, and Artemis will pick up that language,” said Filar.

Artemis: A security chatbot

Natural language understanding looks for entities or concepts and pulls those out to surmise their intent. It’s a chatbot with a distinction. While there are a limited number of ways to say “book me a flight,” Filar said analysts create queries that are a lot more complex.

“There are all the different verticals and user levels, ranging from hunters to managers and tier 2 and tier 3. The goal is to encourage the user to use natural language as much as they want,” he said.

With Artemis as an Alexa integration, Endgame is trying to increase the work flows analysts employ.

“If they see an alert, they do a, b, and c. But for new hires, that can be difficult to determine. They end up having limited roles until they’ve gained experience,” Filar said.

As a tool to help narrow the skills gap, Artemis aims to empower less-experienced analysts in a more intuitive way so that they can move up the experience ladder faster. That’s a power the industry really needs moving forward. 


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author