Blog
/
AI
/
September 23, 2024

How AI can help CISOs navigate the global cyber talent shortage

The global cybersecurity skills gap is widening, leaving many organizations vulnerable to increasing cyber threats. This blog explores how CISOs can implement AI strategies to make the most of their existing workforce through automation, consolidation and education.
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
The Darktrace Community
Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
23
Sep 2024

The global picture

4 million cybersecurity professionals are needed worldwide to protect and defend the digital world – twice the number currently in the workforce.1

Innovative technologies are transforming business operations, enabling access to new markets, personalized customer experiences, and increased efficiency. However, this digital transformation also challenges Security Operations Centers (SOCs) with managing and protecting a complex digital environment without additional resources or advanced skills.

At the same time, the cybersecurity industry is suffering a severe global skills shortage, leaving many SOCs understaffed and under-skilled. With a 72% increase in data breaches from 2021-20232, SOCs are dealing with overwhelming alert volumes from diverse security tools. Nearly 60% of cybersecurity professionals report burnout3, leading to high turnover rates. Consequently, only a fraction of alerts are thoroughly investigated, increasing the risk of undetected breaches. More than half of organizations that experienced breaches in 2024 admitted to having short-staffed SOCs.4

How AI can help organizations do more with less

Cyber defense needs to evolve at the same pace as cyber-attacks, but the global skills shortage is making that difficult. As threat actors increasingly abuse AI for malicious purposes, using defensive AI to enable innovation and optimization at scale is reshaping how organizations approach cybersecurity.

The value of AI isn’t in replacing humans, but in augmenting their efforts and enabling them to scale their defense capabilities and their value to the organization. With AI, cybersecurity professionals can operate at digital speed, analyzing vast data sets, identifying more vulnerabilities with higher accuracy, responding and triaging faster, reducing risks, and implementing proactive measures—all without additional staff.

Research indicates that organizations leveraging AI and automation extensively in security functions—such as prevention, detection, investigation, or response—reduced their average mean time to identify (MTTI) and mean time to contain (MTTC) data breaches by 33% and 43%, respectively. These organizations also managed to contain breaches nearly 100 days faster on average compared to those not using AI and automation.5

First, you've got to apply the right AI to the right security challenge. We dig into how different AI technologies can bridge specific skills gaps in the CISO’s Guide to Navigating the Cybersecurity Skills Shortage.

Cases in point: AI as a human force multiplier

Let’s take a look at just some of the cybersecurity challenges to which AI can be applied to scale defense efforts and relieve the burden on the SOC. We go further into real-life examples in our white paper.

Automated threat detection and response

AI enables 24/7 autonomous response, eliminating the need for after-hours SOC shifts and providing security leaders with peace of mind. AI can scale response efforts by analyzing vast amounts of data in real time, identifying anomalies, and initiating precise autonomous actions to contain incidents, which buys teams time for investigation and remediation.  

Triage and investigation

AI enhances the triage process by automatically categorizing and prioritizing security alerts, allowing cybersecurity professionals to focus on the most critical threats. It creates a comprehensive picture of an attack, helps identify its root cause, and generates detailed reports with key findings and recommended actions.  

Automation also significantly reduces overwhelming alert volumes and high false positive rates, enabling analysts to concentrate on high-priority threats and engage in more proactive and strategic initiatives.

Eliminating silos and improving visibility across the enterprise

Security and IT teams are overwhelmed by the technological complexity of operating multiple tools, resulting in manual work and excessive alerts. AI can correlate threats across the entire organization, enhancing visibility and eliminating silos, thereby saving resources and reducing complexity.

With 88% of organizations favoring a platform approach over standalone solutions, many are consolidating their tech stacks in this direction. This consolidation provides native visibility across clouds, devices, communications, locations, applications, people, and third-party security tools and intelligence.

Upskilling your existing talent in AI

As revealed in the State of AI Cybersecurity Survey 2024, only 26% of cybersecurity professionals say they have a full understanding of the different types of AI in use within security products.6

Understanding AI can upskill your existing staff, enhancing their expertise and optimizing business outcomes. Human expertise is crucial for the effective and ethical integration of AI. To enable true AI-human collaboration, cybersecurity professionals need specific training on using, understanding, and managing AI systems. To make this easier, the Darktrace ActiveAI Security Platform is designed to enable collaboration and reduce the learning curve – lowering the barrier to entry for junior or less skilled analysts.  

However, to bridge the immediate expertise gap in managing AI tools, organizations can consider expert managed services that take the day-to-day management out of the SOC’s hands, allowing them to focus on training and proactive initiatives.

Conclusion

Experts predict the cybersecurity skills gap will continue to grow, increasing operational and financial risks for organizations. AI for cybersecurity is crucial for CISOs to augment their teams and scale defense capabilities with speed, scalability, and predictive insights, while human expertise remains vital for providing the intuition and problem-solving needed for responsible and efficient AI integration.

If you’re thinking about implementing AI to solve your own cyber skills gap, consider the following:

  • Select an AI cybersecurity solution tailored to your specific business needs
  • Review and streamline existing workflows and tools – consider a platform-based approach to eliminate inefficiencies
  • Make use of managed services to outsource AI expertise
  • Upskill and reskill existing talent through training and education
  • Foster a knowledge-sharing culture with access to knowledge bases and collaboration tools

Interested in how AI could augment your SOC to increase efficiency and save resources? Read our longer CISO’s Guide to Navigating the Cybersecurity Skills Shortage.

And to better understand cybersecurity practitioners' attitudes towards AI, check out Darktrace’s State of AI Cybersecurity 2024 report.

References

  1. https://www.isc2.org/research  
  2. https://www.forbes.com/advisor/education/it-and-tech/cybersecurity-statistics/  
  3. https://www.informationweek.com/cyber-resilience/the-psychology-of-cybersecurity-burnout  
  4. https://www.ibm.com/downloads/cas/1KZ3XE9D  
  5. https://www.ibm.com/downloads/cas/1KZ3XE9D  
  6. https://darktrace.com/resources/state-of-ai-cyber-security-2024
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
The Darktrace Community

More in this series

No items found.

Blog

/

Network

/

June 2, 2025

Darktrace Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

Man using darktrace security software on computerDefault blog imageDefault blog image

Darktrace has been recognized as a Leader in the first ever Magic Quadrant™ for Network Detection and Response (NDR).

A Gartner Magic Quadrant is a culmination of research in a specific market, giving you a wide-angle view of the relative positions of the market’s competitors. CIOs and CISOs can use this research to make informed decisions about NDR, which is evolving to offer broader threat detection. We encourage our customers to read the full report to get the complete picture.

Darktrace has also received accolades in other recent NDR leadership evaluations including IDC named as market share leader, and  KuppingerCole’s heralding us as an Overall Leader, Product Leader, Market Leader and Innovation Leader. We believe we have continued to be identified as a Leader due to the strength of our capabilities in NDR, driven by our unique application of AI in cybersecurity, continuous product innovation, and our ability to execute on a global scale to meet the evolving needs of our customers.

We’re proud of Darktrace’s unrivaled market, and ability to execute effectively in the network security market, reflecting our commitment to delivering high-quality, reliable solutions that meet the evolving needs of our customers.

Gartner MQ for NDR, NDR mq, Gartner NDR, Gartner best NDR solution
Gartner MQ for NDR

Why is Darktrace the market share leader and undisputed force in NDR?

Transforming network security and shifting to an AI-led SOC

Darktrace’s Self-Learning AITM understands normal for your entire network, intelligently detecting anomalies and containing sophisticated threats without historical attack data. This approach, based on advanced, unsupervised machine learning, enables Darktrace to catch novel, unknown and insider threats that traditional tools miss and other NDR vendors can’t detect. Darktrace has identified and contained attempted exploits of zero-day vulnerabilities up to 11 days before public disclosure.

We change SOC dynamics with our Cyber AI AnalystTM, which eliminates manual triage and investigation by contextualizing all relevant alerts across your environment, including third-party alerts, and performing end-to-end investigations at machine speed. Cyber AI Analyst gives your team the equivalent of 30 extra full time Level 2 analysts without the hiring overhead2, so you can shift your team away from manual, reactive workflows and uplift them to focus on more proactive tasks.

When combined, Darktrace Self-Learning AI and Cyber AI Analyst go far beyond the capabilities of traditional NDR approaches to completely transform your network security and help your teams operate at the speed and scale of AI.

Coverage across the extended IT enterprise and all-important OT devices

We believe the report validates the business-centric approach that Darktrace uses to deploy AI locally and train it solely on each unique environment, giving our customers tailored security outcomes without compromising on privacy.

This contrasts with other NDR vendors that require cloud connectivity to either deliver full functionality or to regularly update their globally trained models with the latest attack data. This capability is particularly sought after by organizations who are no longer just on-premise, have operational technology (OT) networks, or those that operate in classified environments.

Darktrace serves these organizations and industries by extending IT and unifying OT security within a single solution, reducing alert fatigue and accelerating alert investigation in industrial environments.

With Darktrace / NETWORK you can achieve:

  • Full visibility across your modern network, including on-premises, virtual networks, hybrid cloud, identities, remote workers and OT devices
  • Precision threat detection across your modern network to identify known, unknown and insider threats in real-time without relying on rules, signatures or threat intelligence,
  • 10x accelerated incident response times with agentic AI that uplifts your team and enables them to focus on more proactive tasks
  • Containment of threats with the first autonomous response solution proven to work in the enterprise, stopping attacks from progressing at the earliest stages with precise actions that avoid business disruption

Going beyond traditional NDR to build proactive network resilience

Darktrace does not just stop at threat detection, it helps you prevent threats from occurring and increase your resiliency for when attacks do happen. We help discover and prioritize up to 50% more risks across your environment and optimize incident response processes, reducing the impact of active cyber-attacks using an understanding of your data.

Attack path modeling: By leveraging attack path modeling and AI-driven risk validation, customers can close gaps before they’re exploited, focusing resources where they’ll have the greatest impact.

AI-driven playbooks and breach simulations: With AI-driven playbooks and realistic breach simulations, Darktrace helps your team practice response, strengthen processes, and reduce the impact of real-world incidents. You’re not just reacting; you’re proactively building long-term resilience.

Continued innovation in network security

Darktrace leads innovation in the NDR market with more than 200+ patents and active filings, covering a range of detection, response and AI techniques. Our AI Research Center is foundational to our ongoing innovation, including hundreds of R&D employees examining how AI can be applied to real-world problems and augment human teams.

Trusted by thousands of customers globally

Our commitment to innovation and patented Self-Learning AITM has protected organizations in all industries from known and novel attacks since 2013, bolstering network security and augmenting human teams for our 10,000 active customers across 110 countries. These organizations place a great deal of trust in Darktrace’s unique approach to cybersecurity and application of AI to detect and respond to threats across their modern network.

A new standard for NDR

Darktrace / NETWORK is not just another NDR tool; we are the most advanced network security platform in the industry that pushes beyond traditional capabilities to protect thousands of organizations against known and novel threats.

From real-time threat detection and autonomous response to proactive risk management, we’re transforming network security from reactive to resilient.

[related-resource]

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

References

1, 3 Gartner, Magic Quadrant for Network Detection and Response, by Thomas Lintemuth, Esraa ElTahawy, John Collins, Charanpal Bhogal, 29 May, 2025

2 Darktrace Cyber AI Analyst fleet data, 2023

Continue reading
About the author
Mikey Anderson
Product Marketing Manager, Network Detection & Response

Blog

/

Email

/

May 29, 2025

Why attack-centric approaches to email security can’t cope with modern threats

Default blog imageDefault blog image

What’s the problem with an attack-centric mindset?

For decades, traditional email security strategies have been built around an attack-centric mindset. Secure Email Gateways (SEGs) and other legacy solutions operate on the principle of identifying and blocking known threats. These systems rely heavily on predefined threat intelligence – blacklists, malware signatures, and reputation-based analysis – to filter out malicious content before it reaches the inbox.

While this approach was sufficient when email threats were relatively static and signature-based, it’s increasingly ineffective against the sophistication of modern attacks. Techniques like spear phishing, business email compromise (BEC), and supply chain attacks often bypass traditional SEG defenses because they lack obvious malicious indicators. Instead, they leverage social engineering, look-alike domains, and finely tuned spoofing tactics that are designed to evade detection.

The challenge extends beyond just legacy SEGs. Many modern email security providers have inherited the same attack-centric principles, even if they've reimagined the technology stack. While some vendors have shifted to API-based deployments and incorporated AI to automate pattern recognition, the underlying approach remains the same: hunting for threats based on known indicators. This methodology, though it’s undergone modernization using AI, still leaves gaps when it comes to novel, hyper-targeted threats that manipulate user behavior rather than deploy predictable malicious signatures. Attack-centric security will always remain one step behind the attacker.

By the way, native email security already covers the basics

One of the most overlooked realities in email security is that native solutions like Microsoft 365’s built-in security already handle much of the foundational work of attack-centric protection. Through advanced threat intelligence, anti-phishing measures, and malware detection, Microsoft 365 actively scans incoming emails for known threats, using global telemetry to identify patterns and block suspicious content before it even reaches the user’s inbox.

This means that for many organizations, a baseline level of protection against more obvious, signature-based attacks is already in place – but many are still disabling these protections in favour of another attack-centric solution. By layering another attack-centric solution on top, they are effectively duplicating efforts without enhancing their security posture. This overlap can lead to unnecessary complexity, higher costs, and a false sense of enhanced protection when in reality, it’s more of the same.

Rather than duplicating attack-centric protections, the real opportunity lies in addressing the gaps that remain: the threats that are specifically crafted to evade traditional detection methods. This is where a business-centric approach becomes indispensable, complementing the foundational security that’s already built into your infrastructure.

Introducing… the business-centric approach

To effectively defend against advanced threats, organizations need to adopt a business-centric approach to email security. Unlike attack-centric models that hunt for known threats, business-centric security focuses on understanding the typical behaviors, relationships, and communication patterns within your organization. Rather than solely reacting to threats as they are identified, this model continuously learns what “normal” looks like for each user and each inbox.

By establishing a baseline of expected behaviors, business-centric solutions can rapidly detect anomalies that suggest compromise, such as sudden changes in sending patterns, unusual login locations, or subtle shifts in communication tone. This proactive detection method is especially powerful against spear phishing, business email compromise (BEC), and supply chain attacks that are engineered to bypass static defenses. This approach also scales with your organization, learning and adapting as new users are onboarded, communication patterns evolve, and external partners are added.

In an era where AI-driven threats are becoming the norm, having email security that knows your users and inboxes better than the attacker does is a critical advantage.

Why native + business-centric email security is the winning formula

By pairing native security with a business-centric model, organizations can cover the full spectrum of threats – from signature-based malware to sophisticated, socially engineered attacks. Microsoft 365’s in-built security manages the foundational risks, while business-centric defense identifies subtle anomalies and targeted threats that legacy approaches miss.

Layering Darktrace on top of your native Microsoft security eliminates duplicate capabilities, costs and workflows without reducing functionality

Rather than layering redundant attack-centric solutions on top of existing protections, the future of email security lies in leveraging what’s already in place and building on it with smarter, behavior-based detection. The Swiss Cheese Model is a useful one to refer to here: by acknowledging that no single defense can offer complete protection, layering defenses that plug each other’s gaps – like slices of Swiss cheese – becomes critical.

This combination also allows security teams to focus their efforts more effectively. With native solutions catching broad-based, known threats, the business-centric layer can prioritize real anomalies, minimizing false positives and accelerating response times. Organizations benefit from reduced overlap, streamlined costs, and a stronger overall security posture.

Download the full guide to take the first step towards achieving your next-generation security stack.

[related-resource]

Continue reading
About the author
Carlos Gray
Senior Product Marketing Manager, Email
Your data. Our AI.
Elevate your network security with Darktrace AI