View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. AI and automation
February 22, 2017updated 24 Feb 2017 3:53pm

Dropbox delivers open source automated cyber security with new chatbot

Introducing the aptly named Securitybot.

By Ellie Burns

Dropbox is set to deliver open source automated security at scale with the newest bot to hit the market – Securitybot.

Built for Slack but designed to be transferable to other platforms, Securitybot automatically grabs alerts from security monitoring tools and verifies incidents with employees. Security teams, therefore, can sort through alerts much faster as they do not need to manually reach out to employees to verify access.

The bot is tied into Dropbox’s detection and alerting system, as well as its company-wide Slack instance.

Securitybot is designed to speed up the detection process and deliver the speed that security incidents warrant.

“One of the hardest, most time-consuming parts of security monitoring is manually reaching out to employees to confirm their actions,” said Dropbox in a blog.

READ NOW: Dropbox: Turning IT from dictators to facilitators with cloud data control

“Despite already spending a significant amount of time on reach-outs, there were still alerts that we didn’t have time to follow up on. We wanted to implement a system that would reach more users while allowing us to spend more time on other things, like building better detection tools and proactively hunting for bad actors.”

Securitybot by Dropbox

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

How Securitybot Works

After an alert is triggered via the detection and alerting system, the employee in question receives a message asking to confirm whether or not they performed the potentially malicious action. Responses, which are secured via two-factor authentication, are logged and later sent to the security team. Alert rollups are later augmented with employees’ responses to the bot.

“In the event where an employee reports that they did not perform an action, the security team is alerted immediately. This is meant to keep most alerting in the background but to surface the alerts that truly require prompt attention and follow-up,” explains Dropbox.

dropbox chatbot

“Rather than spending their time repeatedly reaching out, our security engineers now have more time to work on foundational projects that improve our overall security posture.”

The file hosting giant claims that SecurityBot not only offers benefits to the security team, but to all of its employees.

“Securitybot not only helps the security team, but all Dropbox employees. Responding to a polite chat bot is much easier than responding, in full sentences at that, to a member of the security team,” Dropbox said in its blogpost.

“It not only saves our security engineers time but also all of our employees. (After all, it’s not just production engineers — with the bot we can alert on anomalous events within employees’ e-mail and Dropbox accounts as well unusual activities on their laptops.)”

As a founding member of the TODO Group, short for Talk Openly, Develop Openly, Dropbox is open sourcing Securitybot in the hopes, as Dropbox said, ‘that other companies can benefit from what we’ve built.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.