Artificial Intelligence provides a way to augment and assist cybersecurity professionals. The advent of the Co-Pilot is an example of this. Human pilots and AI co-pilots is a nice analogy. But what isn’t communicated in this analogy is that flying airplanes takes a lot more than pilots. You may have other members of the flight crew, air traffic control, aircraft maintenance, ramp support, etc.. It takes the entire team (or collective) of people and their unique knowledge and tools to keep airplanes flying.
AI focused on making a specific task, or even a set of cybersecurity tasks is definitely needed, but it isn’t realistic to think that humans will be able to manage all the AI’s workloads. Imagine a single human SOC analyst working with multiple AI’s and their tools to accomplish tasks. Yes, each in their own right might be improved, but that poor SOC user is going to struggle to keep up with managing all those helpers.
Instead, we need to capture what makes us powerful – teamwork. So rather than co-pilots alone, we envision a future where humans and AI’s collaborate to accomplish work together. This doesn’t mean that co-pilots are not needed. We absolutely need co-pilots or task oriented AI. What is needed however is something to tie all those co-pilots together so that they can work with each other and any other AI’s that would be beneficial.
Why, you might ask. Imagine a world where all the co-pilots have their own programming to accomplish one or more tasks. Now imagine there being hundreds or even thousands of co-pilots. If you need a single task accomplished or are doing something entirely in the wheelhouse of the co-pilot, then great it can do your bidding (or support you). Otherwise, the SOC analyst must coordinate the process across multiple co-pilots. I don’t know about you, but I had hoped the future was fewer products an analyst needed to use to do their jobs, not just a different way of interacting with each.
Bricklayer embodies the vision of not just humans and AI, but also AI and AI working hand in hand. In order to do this, we need to think about how tasks can be orchestrated across multiple SOC specialist roles. How each thinks about and accomplishes their tasks, but how the overall procedure (multiple tasks) is thought through, planned, and coordinated.
Bricklayer is the first AI platform to allow multiple independent AIs to collaborate and use their tools to accomplish complex cybersecurity procedures. Not only can Bricklayer support multiple AI’s working together, but their human counterparts can also be part of the team. By providing a platform that allows AI’s and humans to collaborate together we model the type of teamwork or collective intelligence that is extremely powerful in nature.
Let’s walk you through the process of bringing your artificial SOC team together in Bricklayer.
First, navigate to the Specialists configuration area in settings. Specialists are autonomous AI trained to perform tasks and make decisions. Think of a Specialist as a member of a team, with specific skills and a job to do. Specialists can have different roles like SOC Analyst, Incident Responder, or Intel Analyst, each unique and contributing to the larger goals of the team.
Next you “hire” or configure your Specialists to take on responsibilities inside your organization.
The difference between Bricklayer Specialists and Organizational Specialists is the customization that happens when you “onboard” them into your organization and they are given access to your organization’s resources and toolkit.
Onboarding a Specialist requires configuration of ‘Tools’. Tools, like the human world, are capabilities that specialists can use to perform actions, gather information, and interact with external systems. Bricklayer Tools are broken down into 4 categories:
- Plugins – API-based integrations (XDR, TIP, SOAR and anything that has an API)
- Public Sources – Public data that has been aggregated by Bricklayer (cybersecurity blogs, industry standards, best practices)
- Data Stores – Private organizational data (Internal operating guides, policies and procedures, Intel reports, incident databases, books, etc.)
- Services – Internal tools used for various miscellaneous purposes (sending email, notifications, etc.)
That’s it. You have now onboarded for your first Specialist. Repeat this for any other specialists you want to onboard. Once done, you can go back to the conversation user interface, open a new conversation, and select the specialists and tools you wish to interact with.