Modern cybersecurity tools can detect even the most subtle sign of suspicious activity in a company’s network, but administrators often don’t have time to check up on every alert. Dropbox Inc. set out to elevate the problem today by open-sourcing a chatbot that aims to automate much of the repetitive communications involved in the chore.

Like so many other of the collaboration giant’s projects, the agent was originally created to address an internal requirement. The Dropbox engineering team first got the idea after stumbling across a blog post that was published on Slack Inc.’s developer blog last February. In the piece, Slack outlined a homegrown virtual assistant that automatically reaches out to its workers when they perform a potentially malicious action to save information technology administrators the hassle of following up on their own.

Securitybot, as Dropbox calls its new creation, serves the same basic purpose. The agent can plug into a company’s threat detection infrastructure and quickly spot when someone raises the alarms. A few moments later, the worker in question receives a customized chat message asking them to confirm whether the person is responsible for the action.

The verification process relies on a two-factor authentication mechanism that requires users to submit a specific answer via the chat window and open a push notification sent to their mobile device. According to Dropbox, the idea is to help security professionals quickly detect when a hacker is exploiting stolen credentials to access internal data.

If a user verifies his or her identity, the response and the corresponding security alert will be merged into the administrative team’s log stream as normal. In the event that the process is not completed successfully, however, Securitybot will bump the incident to the top of the list so to ensure that the issue is addressed as quickly as possible.

Dropbox says that the entire workflow is managed in a way that aims to minimize the disruption for end-users. Among others, the agent suspends prompts for a certain period of time after an action is cleared to prevent overwhelming workers who frequently perform sensitive tasks as part of their work.  This feature should be a particularly big convenience for IT personnel and developers who interact with their company’s backend infrastructure on a regular basis.

The source code for Securitybot is available immediately on GitHub. While originally built for Slack, the agent is based on a modular architecture that Dropbox says can be ported to other messages services with relatively little work. 

Image courtesy of Dropbox