In our personal lives, we ask Google to turn on our lights, Siri to text our friend, and Alexa to purchase more trash bags. Those assistants are part of our daily lives. It is no surprise that these kinds of programmable tasks are also starting to help us at work as well.
With the popularity of chat programs like Slack, it is only a matter of time before companies communicate with the majority of their critical business applications in a very conversational way through bots. That bot trend is now extending into the security market.
True believers include AlgoSec, a provider of security policy management solutions. The company recently launched AlgoBot, an intelligent chatbot for network security tasks. This chatbot is a new feature in AlgoSec’s Security Policy Management Solution. The company claims that AlgoBot answers users’ questions, submitted in plain English, and personally assists with security policy change management processes -- without requiring manual inputs or additional research.
Users are able to communicate with AlgoBot via a self-service interface, such as Slack or Skype for Business, which can be accessed from a chatroom or mobile app. Through the bot, administrators can trigger a number of daily maintenance tasks, and get status updates and reports on various issues.
Some of the answers AlgoBot can provide include:
- Whether traffic is currently allowed between IP addresses, servers, and applications
- The status of a change request
- If a business application has a network connectivity problem
- Which applications are associated with a specific IP address
- What applications are impacted by a security incident and activate containment
The AlgoBot can also help firewall and network administrators access the AlgoSec Security Management Solution, to quickly take care of security policy management maintenance tasks.
The tasks AlgoBot can trigger include:
- Troubleshoot network connectivity issues and security incidents
- Check the status of security policy change requests and approve changes
- Identify business applications affected by routine server or firewall maintenance, or server migrations
- Identify all applications associated with a specific IP address, together with the relevant contact people for each application and other application-specific information
- Isolate a compromised server from the network in response to an ongoing security incident
Although specific account access is not clear from the news, it appears that it would be possible to give access to specific users to be able to trigger specific tasks. For example, it might be possible to allow someone to check statuses, but not be able to change policy. Being able to check on the status of various applications or incidents through a chat program without having to be trained on the security systems themselves can be extremely helpful for stakeholders.
Executives who need to know about various security incidents and issues, but don't know how to obtain the information themselves can certainly see a benefit in asking a robot to check for them, instead of pulling the administrator away from other work to find out. In the middle of a security incident, time to resolution is especially important. Without needing to constantly update the rest of the team, administrators can potentially get to work on resolving the issue quickly.
AlgoBot is generally available for AlgoSec customers, and currently supports Slack and Skype for Business, in both English and French. Support for additional languages and collaboration platforms will follow in 2018.