 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
When you hear the term “chatbot,” your mind may at first turn to things like robotic customer support services on retail websites — a relatively mundane use case for chatbots and one that is probably hard to get excited about if you’re a security engineer.
But the fact is that chatbots can do much more than provide customer support. They can also do things like streamline security automations and help teams work together more efficiently when identifying, researching and reacting to threats.
If that’s not exciting to security engineers, we don’t know what is.
Keep reading for details on how chatbots can help security teams work smarter and faster, while also maximizing the benefits of other security automation tooling they have in place.
A chatbot is an automation tool that can disseminate information, facilitate conversations and/or undertake actions in response to commands.
Some chatbots are designed to simulate human actors, meaning they are supposed to be able to have conversations that are similar to those you could have with an active human. However, not all chatbots work in this way, (and those used for security automation usually don’t). In a more generic sense, a chatbot is any type of tool that helps to streamline conversations, not necessarily a tool designed to simulate human conversational intelligence.
In the context of security operations, chatbots can be deployed to initiate and manage conversations among human actors about security activity.
For example, a security chatbot could be configured to announce in a Slack channel that a security risk has been detected. From there, engineers who are part of the Slack channel could ask the chatbot for further information about the threat, such as which logs are associated with it or what the severity level of the threat is. In some cases, they may also be able to issue commands to the chatbot to direct it to take automated actions, like blocking an offending IP address.
When chatbots are used in this way, they enable a ChatOps approach to security operations. ChatOps is a practice that uses automated chats — meaning conversations between human and machine actors — to streamline workflows and the sharing of information.
By leveraging chatbots in this way, security teams gain a range of benefits:
In all of these ways, chatbots and ChatOps effectively serve as a front door to security automation. Although chatbots on their own don’t enable full security automation (for that, you need a security automation framework), they provide a centralized, user-friendly interface that stakeholders can use to request information or trigger automated security workflows.
What makes chatbots even better in the context of security is that they are relatively easy to set up. And if you have a security automation tool like Torq, you can take advantage of built-in integrations with chat platforms like Slack or Teams to deploy bots in just a few steps.
Once deployed into the chat system of your choice, chatbots provide a frontend for interacting with the rest of your security automation framework. You can also configure custom commands (like Torq slash commands), which your team can then use to trigger whichever actions they want from your chatbot.
You don’t need a chatbot to take advantage of security automation. But chatbots can help you to take maximum advantage of other security automation tools you’ve deployed. They centralize security operations and maximize visibility, no matter which communication tools your team uses.
