Dropbox is set to deliver open source automated security at scale with the newest bot to hit the market – Securitybot.
Built for Slack but designed to be transferable to other platforms, Securitybot automatically grabs alerts from security monitoring tools and verifies incidents with employees. Security teams, therefore, can sort through alerts much faster as they do not need to manually reach out to employees to verify access.
The bot is tied into Dropbox’s detection and alerting system, as well as its company-wide Slack instance.
Securitybot is designed to speed up the detection process and deliver the speed that security incidents warrant.
“One of the hardest, most time-consuming parts of security monitoring is manually reaching out to employees to confirm their actions,” said Dropbox in a blog.
“Despite already spending a significant amount of time on reach-outs, there were still alerts that we didn’t have time to follow up on. We wanted to implement a system that would reach more users while allowing us to spend more time on other things, like building better detection tools and proactively hunting for bad actors.”
How Securitybot Works
After an alert is triggered via the detection and alerting system, the employee in question receives a message asking to confirm whether or not they performed the potentially malicious action. Responses, which are secured via two-factor authentication, are logged and later sent to the security team. Alert rollups are later augmented with employees’ responses to the bot.
“In the event where an employee reports that they did not perform an action, the security team is alerted immediately. This is meant to keep most alerting in the background but to surface the alerts that truly require prompt attention and follow-up,” explains Dropbox.
“Rather than spending their time repeatedly reaching out, our security engineers now have more time to work on foundational projects that improve our overall security posture.”
The file hosting giant claims that SecurityBot not only offers benefits to the security team, but to all of its employees.
“Securitybot not only helps the security team, but all Dropbox employees. Responding to a polite chat bot is much easier than responding, in full sentences at that, to a member of the security team,” Dropbox said in its blogpost.
“It not only saves our security engineers time but also all of our employees. (After all, it’s not just production engineers — with the bot we can alert on anomalous events within employees’ e-mail and Dropbox accounts as well unusual activities on their laptops.)”
As a founding member of the TODO Group, short for Talk Openly, Develop Openly, Dropbox is open sourcing Securitybot in the hopes, as Dropbox said, ‘that other companies can benefit from what we’ve built.”
This article is from the CBROnline archive: some formatting and images may not be present.