Create A Stronger Cyber Workforce with AI
Recent estimates by leading industry analysts show that the cybersecurity workforce gap is approximately 850,000 in the United States and over 3 million globally.123 To close this gap in the United States, the Cybersecurity Infrastructure Security Agency (CISA) and the Department of Energy (DOE) have instituted programs to train and bolster the cybersecurity workforce. Private sector cybersecurity training and certification companies are instituting skills and retraining programs for people to return to the workforce in a cyber capacity. Unfortunately, these efforts alone will not be enough as nation states and criminals continue to employ cyber capabilities that can damage critical infrastructure, freeze assets, hold companies hostage with ransomware, and destroy economies. At DataRobot, we seek to shrink the cybersecurity skills gap by using Augmented Intelligence and Machine Learning to decrease employee decision cycles and shorten the time to respond.
Industry polling shows that most companies are using between 15 to 130 cybersecurity products to protect their cyber landscape. Even 15 products create an enormous amount of data logs and traffic for security teams—usually understaffed and under-resourced—to constantly monitor and triage. The DataRobot AI Cloud platform enables the security team to minimize the time it takes to assess the disparate logs and speed up decision-making through machine learning algorithms that predict possible outcomes. This process occurs by aggregating and fusing data from historic log files and making predictions on ongoing and future log events through the use of advanced algorithms. After the data predictions, DataRobot can autoroute information as needed or provide advice for analysts to act upon.
Let’s look at how a current Security Operations Center (SOC) functions. Cybersecurity engineers install endpoint detection capabilities, network monitoring software, privilege access controls, and more. These systems are the baseline security tools to keep the enterprise safe. On the most basic levels, these systems provide indicators and warnings through ticketing and alerts. SOC analysts respond to these alerts by investigating them, routing from for further action, or closing them. Multiple alerting mechanisms will frequently trigger based on the same event and generate excess, redundant data for an analyst to review. For instance, an outbound request for a malicious website may trigger an endpoint detection, a network monitoring detection, and a user-based alert. Analysts then have to visually correlate the events or investigate them all individually, requiring time and energy which is scarce in the SOC.
DataRobot’s AI enables the SOC to automatically predict that the various events are connected, provide prediction explanations for why they are connected, and predict the best follow-on course of action to investigate the cause of the outbound request. Using API and other common connectors, DataRobot can push these results to existing dashboards, Security Incident and Event Management (SIEMs), and common operating pictures (COPS) to minimize user screen requirements.
Our experience with one-third of the Fortune 500 shows that over time, AI-enabled decision-making can provide confidence and shorten the decision cycle for even the most experienced analysts. This is where DataRobot excels—our mission to democratize AI and training programs specifically designed for Citizen Data Scientists enable SOC analysts and cybersecurity experts to build, review, test, and deploy their own models quickly.While there isn’t an immediate solution to the cybersecurity workforce gap, DataRobot can help maximize the security you already have in place.
Related Sources for Workforce Augmentation: