Security chatbot empowers junior analysts, helps fill cybersecurity gap

The alarming number of unfilled jobs in information security has many leaders in the industry wondering how to solve the manpower problem. Awareness is part of the problem — in that the pipelines aren’t getting filled fast because many young people don’t know about jobs in security.

A second problem of awareness, though, is the inherent problem in a majority of security operation centers (SOCs) — programming language. New people require training. As a result, the N00bs often start off in a basic workflow where they sit and stare at a screen. When a green light turns red, they then turn that over to an experienced analyst.

Bobby Filar, a senior data scientist in the Threat Research and Adversary Prevention Unit at Endgame, said they need to empower analysts sooner. To that end, he talked with me about Artemis, a language-agnostic platform that provides a more natural interface.

Endgame’s Alexa integration — which they believe is a first in the security industry —utilizes natural language understanding to let security analysts simply ask their network what’s going on. They can ask anything from a general check-in to specific queries about attack types, and execute commands to keep their system safe.

The idea is that junior analysts can sit, ask questions, and take actionable steps without being crippled because of syntax or query language.

“We wanted to tackle the problem of learning language,” Filar said. “It’s a good way to help move up to a senior analyst more quickly.”