Four Ways Chatbots Are Transforming Cybersecurity

Editor’s Note: Elastic joined forces with Endgame in October 2019, and has migrated some of the Endgame blog content to See Elastic Security to learn more about our integrated security solutions.

As attacks become more targeted and unique, it’s critical that security teams are equipped with the tools required to stop attacks before information theft. Even if teams have the right tools, however, they often lack sufficient resources or expertise to decode the massive number of security alerts hitting their screens daily from multiple point products.

This problem is not going away anytime soon: the cybersecurity workforce gap is on track to reach 1.8 million by 2020. While there’s an urgent need for people to solve the talent problem, there’s also an urgent need to solve for the ‘automation’ problem. How do we equip inexperienced analysts with the power to accelerate attack detection and response?


You may have read about Endgame’s chatbot Artemis™ before, but if you haven’t, Artemis is an intelligent assistant that automates security analyst actions and guides users of any skill level to detect and respond to attacks through a simple conversational interface. Just as digital assistants like Siri or Alexa proved their ability to give time back to our day by tackling complex tasks, Artemis automatically combs through millions of data points in Endgame’s endpoint protection platform to provide users with definitive answers required to stop attacks faster and earlier than with legacy endpoint products.

We know we’re biased, but we believe that chatbots have the ability to help solve for the talent and automation problems in our industry by dramatically simplifying complex tasks for security teams. We’ve outlined four ways that chatbots are transforming cybersecurity.


Chatbots are powered with natural language processing, a subset of machine learning, that allows them to translate and interpret human language input. Endgame Artemis goes one step further - by pairing natural language understanding (NLU) with security domain expertise to identify analyst intent and guide user workflow. As a result, users of any skill level can ask Artemis simple questions and receive definitive answers without learning complex and proprietary syntax of multiple point products.


Defeating today’s attacks requires analysts to detect malicious behavior across millions of running processes. For inexperienced analysts, this requires them to spend hours - if not days - combing through data and identifying malicious patterns. With Artemis, analysts can ask “what is suspicious in my network today?” and Artemis will digest millions of events across endpoints in seconds and provide the user with malicious activities on the network. Artemis will then guide the user on what to do next to either stop or kill the process. By preemptively suggesting the most urgent information to the user, Artemis empowers less-experienced Tier 1 analysts to behave at the similar level of sophistication as a Tier 3.


Imagine you work for a large enterprise, and you’ve just signed a partnership with a company in the UK that requires you to connect them with your company network. Your CEO has just seen the WannaCry ransomware attack in the news, and wants to ensure that the partner has not been compromised with the attack.

With Artemis, you can ask:

  • "Have we seen any ransomware alerts in the past 24 hours?"
  • "Do these alerts show up anywhere else on my network?”
  • "Have these processes communicated outside my network?


While we believe that AI-powered chatbots are helping to simplify security operations, we know that it’s not a silver bullet to solving all challenges in the industry. We also know that machine learning models have limitations, which is why Artemis has built-in domain expertise from our team here at Endgame. As our customers continue to use Artemis, the bot will learn and adapt to user needs over time. We’re constantly iterating and improving Artemis to understand context and patterns in language, and look forward to further feedback from the community.

You can see Artemis in action by requesting a demo, meeting our data scientists at a conference, or visiting us Black Hat 2017 at Booth #1360. You can also check out a video on Artemis with Senior Data Scientist Bobby Filar.