Ask Me Anything: A Conversational Interface to Augment Information Security Workers
This addresses the challenge for information security workers, especially inexperienced ones, by simplifying threat analysis, though it is incremental as it builds on existing conversational interface concepts applied to a specific domain.
The paper tackles the problem of security tools overwhelming users with alerts and complex interfaces by introducing Artemis, a conversational interface for endpoint detection and response data, which helps inexperienced workers understand and act on security threats through guided workflows.
Security products often create more problems than they solve, drowning users in alerts without providing the context required to remediate threats. This challenge is compounded by a lack of experienced personnel and security tools with complex interfaces. These interfaces require users to become domain experts or rely on repetitive, time consuming tasks to turn this data deluge into actionable intelligence. In this paper we present Artemis, a conversational interface to endpoint detection and response (EDR) event data. Artemis leverages dialog to drive the automation of complex tasks and reduce the need to learn a structured query language. Designed to empower inexperienced and junior security workers to better understand their security environment, Artemis provides an intuitive platform to ask questions of alert data as users are guided through triage and hunt workflows. In this paper, we will discuss our user-centric design methodology, feedback from user interviews, and the design requirements generated upon completion of our study. We will also present core functionality, findings from scenario-based testing, and future research for the Artemis platform.