January 21, 2020

448 words 3 mins read

Security + design * data science: A bot story

Security + design * data science: A bot story

The security industry continues to struggle with alert fatigue as the talent shortage grows. Security has yet to fully embrace the power of UX to help security workers do more with less. Bobby Filar and Rich Seymour explain how they developed a chatbot, combining machine learning within an intuitive UI to expedite data search and discovery and enhance detection and response to security threats.

Talk Title Security + design * data science: A bot story
Speakers Bobby Filar (Endgame), Richard Seymour (Endgame)
Conference O’Reilly Security Conference
Conf Tag Build better defenses
Location New York, New York
Date October 30-November 1, 2017
URL Talk Page
Slides Talk Slides
Video

The security industry faces a workforce shortage, with an estimated deficit of 1–2 million workers in the coming years. In security operations centers, this shortage is compounded by nonintuitive interfaces and complex query languages that further impede the capabilities of the current security workforce. Researchers tackling this problem have focused more on augmenting analysts through standardized analytic processes, such as collaboration and information sharing, and less on providing user-friendly capabilities to help inexperienced and experienced analysts alike. Assistive technologies, such as conversational interfaces (e.g, chatbots), could fundamentally shift the way defenders interact with and wrangle the increasingly complex and growing data challenges. Conversational interfaces and other assistive technologies have increasingly been employed in use cases that have big data problems along with users who lack the time, resources, or skills to analyze the data. These intelligent assistants can provide best practices guidance and recommended paths to desired actions within an intuitive, natural language interface. Could intelligent assistants similarly help security professionals defend their networks? To answer this question, Bobby Filar and Rich Seymour conducted user-experience research across diverse roles, behaviors, and workflows employed during day-to-day operations and documented many of the key pain points of experienced and inexperienced analysts, including alert fatigue, data overload, and complex user interfaces. Bobby and Rich explain how they used this research to develop a chatbot, combining machine learning within an intuitive UI to expedite data search and discovery and enhance detection and response to security threats. They offer an overview of the research and development process—including the user-centric research and personas that scoped the problem, the findings from the study, and the design requirements generated—and lead a case study dissection of Artemis, their conversational interface to reduce alert fatigue through natural language search, workflow recommendations, and guided triage. Along the way, they discuss the challenges they encountered (and some solutions) and stress the importance of the feedback loop and user testing that helped them hone a conversational interface that fits within but also augments the current workflow, expediting detection and discovery for security professionals.

comments powered by Disqus