Did you mean to type “rm -rf /” or should we be concerned?
“One of the hardest, most time-consuming parts of security monitoring is manually reaching out to employees to confirm their actions,” said Alex Bertsch, formerly a Dropbox intern and now a teaching assistant at Brown University, in a blog post. “Despite already spending a significant amount of time on reach-outs, there were still alerts that we didn’t have time to follow up on.”
Securitybot has all the time in the world and the sort of slavish devotion you only get through code. With no interests outside of work and no relationships or other responsibilities to speak of, Dropbox’s distributed chatbot can focus on the one thing it’s been trained to to: ask Dropbox employees to explain themselves and then report back to the mothership.
The bot, inspired by a similar one used at Slack, gets its marching orders from Dropbox’s incident detection and alert system and communicates over a company-wide Slack instance. When an employee interacts with an IT system in a way that has security implications – mapping the network with an
nmp command, for example, or issuing a
sudo command – the bot receives an alert and then tries to engage the employee in a chat session for an explanation that will get routed to the security team.
Bertsch suggests that building manners into Securitybot’s code has contributed to its acceptance. “If we ping you for using
sudo, there’s a good chance you may be using it again in the future,” he explains. “So, we don’t bother you for some period of time, because we can be pretty sure three
sudos in a row, in the same context, are all you.”
Securitybot’s capacity to be polite extends beyond knowing when to remain silent. As spelled out in the its YAML configuration file, the bot also includes enthusiastic use of exclamation points and affirmations like “Great” and “Awesome,” the sort of emotional engineering employed to boost engagement in mobile games. Evidently, this is more heartening than interaction with weary IT professionals.
The bot’s appeal is further enhanced by its acceptance of command-line terseness, curt interaction that might seem rude were someone from IT to visit in person.
Composed of Python code, the bot requires a MySQL database, Slack integration, and access to the API offered by Duo, a security firm. Apart from dependence on SQL, the bot is modular enough that it can be adapted to work with other chat platforms, authentication providers, and security alert providers. ®