Fortinet is tapping machine learning (ML) and offering a human-based security operations center-as-a-service (SOCaaS) model and talent training to close the security skills gap and support short-handed teams.

The vendor’s recent cybersecurity skills gap report showed half of IT and cybersecurity leaders cited security operations as one of the most challenging roles to fill and 42% of organizations are in need of security operation analysts. This came as 80% of surveyed organizations also experienced at least one breach they attributed to a lack of properly trained employees.

Organizations are finding it harder to attract and retain SOC employees due to burnout, Karin Shopen, VP of cybersecurity solutions and services at Fortinet, told SDxCentral. “Actually, the SOC is one of the places that suffer the most due to the level of specificity as well as the unique and dedicated capabilities that they need to have to scale.”

Fortinet is trying to tackle this issue by offering SOCaaS, which combines the FortiGuard Labs security experts with SOC technologies based on artificial intelligence (AI) and ML capabilities. The service offers a cloud-based dashboard that aggregates alerts.

“We're building a lot of automation and machine learning into the product and technology that serves the SOC team,” Shopen said. “We're also unifying the management and security framework with our fabric to allow them to have less screen and create unification of data to help them get the streamline of detection all the way to remediation and mitigation.”

She used Fortinet’s own SOC operation as an example. The team usually sees around nine million events every day, and the SOC service narrows those down to seven to eight events and then offloads to the local SOC team for further investigation while giving them recommendations on next steps.

Shopen noted more customers are opting in for SOCaaS, which covers the entire infrastructure and overarches almost all of Fortinet’s services for network, endpoint, cloud security, and secure access service edge (SASE).

“We build SOC-as-a-service, which is actually a higher level that oversees the entire portfolio, the entire product set, and augments the SOC team. So they're outsourcing all of their tier-one analysis to us,” she added.

On top of enhancing SOCaaS, Fortinet also introduced a new outbreak detection service and added cybersecurity readiness services as part of its incident response offering.

Shopen explained that more than 500 FortiGuard Labs researchers are dedicated to ML model development while providing services for SOCaaS, incident response service and managed detection and response (MDR).

Fortinet also plans to invest in training to help close the skills gap. The vendor previously pledged to train one million people through its cybersecurity training, certification, career growth, and employment-assistance programs.

Rob Rashotte, VP of global training and technical field enablement at Fortinet, said the vendor trained 220,000 people last year, surpassing its previous goal to train 200,000 unique individuals per year.

Fortinet has increased access to advanced technical training, including the Network Security Expert (NSE) Certification program, partnering with Women in Cybersecurity (WiCyS) to support women professionals, and help for students to develop security skills. The vendor has also changed its curriculum to adapt to today’s security developments and challenges.

“Our curriculum over the last few years has changed an awful lot so we've developed a lot more solution-level training where we're looking at all the parts and pieces of a fabric … and certainly AI and machine learning is a big part of that," Rashotte said. “We've got some very advanced training courses that focus in those areas in very significant ways. And our FortiGuard Labs are very involved in helping us develop that curriculum."