According to, Sandra Wheatley, Sr. Vice President, Marketing, Threat Intelligence and Influencer Communications, Fortinet, the first step an organization can close the cyber skills gap is to ensure that security tools don’t operate in isolation. If a security tool or sensor detects an anomalous behavior, that needs to be shared with other tools so that data can be correlated and compared against other data, as well as be cross-referenced against external threat intelligence feeds. This process is accelerated and suspicious activity can be detected faster when these tools are, by design, tightly integrated together. 

Of course, data also needs to be gathered from network devices, access control points, and other sensors to see the bigger picture. SIEM and SOAR solutions are designed to bridge the gap between these non-integrated solutions, helping to identify indicators of compromise and respond to identified threats. Behavioral analytics can baseline normal traffic to identify abnormal activities, such as data moving upstream out of the data center, or devices or applications probing the network looking for ways to connect to other devices or services that are not part of their usual domain of activity. 

While these solutions can help assess large volumes of data from a variety of locations, they still have their limitations. This is because today’s networks are in a state of constant flux. Dynamic cloud environments, remote offices, mobile workers, SaaS applications, DevOps projects, and shadow IT complicates the ability to monitor and process data. The network is not only constantly reconfiguring itself to optimize connectivity or support complex workflows, many of those connections – especially in hyperscale environments – are temporary, which means there isn’t enough time to baseline traffic and behavior or provide deep SIEM and SOAR analysis.

None of this eliminates the need for having human analysts to supervise, review, manage, and respond to events detected by this collection of distributed solutions. The cybersecurity skills gap is part of the problem. There simply aren’t enough cybersecurity professionals to fill critical roles.  

Using AI to Build a Virtual Security Analyst 

Fortunately, artificial intelligence (AI) and machine learning (ML) are poised to help resolve these issues. ML already supports things like behavioral analytics, the detection of zero day threats, and the detection of threats hidden inside correlated data. The advent of deep neural networks has improved the detection of threats comprised of billions of nodes with its mature AI capabilities. Fortinet’s FortiGuard Labs threat research team has been leveraging mature AI for years to not only detect threats in the wild, but also provide deep insights into its origins and threat vectors. 

As organizations are forced to operate exclusively in reactive mode, they position broad-brush security tools to close the most common avenues of known attacks. Sometimes having to wait until an attack was actively targeting their devices and systems in order to repel them, or far too often, clean up the mess after a stealthy attack was able to break into their system and get out with the data it was looking for.  

The skills gap remains a growing challenge for organizations. One way organizations are tackling this is by having all employees, not just IT professionals, take cybersecurity training. It’s important for everyone to have cybersecurity awareness and understand the threat landscape to minimize risks.  

In addition to having a trained and knowledgeable workforce, AI-based security stands to play an increasingly critical role in supporting the skills required by digital innovation efforts. The smart businesses, cities, and infrastructures of tomorrow will all require AI-based security analysis and response to fend off the speed and sophistication of the threats of tomorrow.