Bridging Cybersecurity Gaps in Small Business Security Operation Centers (SOCs) Using Artificial Intelligence (AI)-Enabled Tools

The Cybersecurity and Information Systems Information Analysis Center (CSIAC) was tasked with researching cybertools and technologies to differentiate between various cyberevents and behaviors. CSIAC identified common cybersecurity shortcomings of small businesses, with the correlation between the size of an organization and its access to viable cybertools, technologies, and intelligence. CSIAC also identified how artificial intelligence (AI)-driven behavioral analytics can assist in enabling security operation center (SOC) analysts and cybersecurity professionals with protecting their threat environment and making informed decisions. CSIAC identified cybertools and software commonly used in SOCs, their known limitations, and Cybersecurity & Infrastructure Security Agency use cases of AI cybersecurity solutions. The cyberlandscape is always changing with the constant addition of new software, hardware, vulnerabilities, cyberthreats, and malware. As cyberadversaries continue to innovate new, more sophisticated malware and intrusion methods, small organizations increasingly rely on information technology products and services to run operations and store, transmit, and process data. With the U.S. Department of Defense’s efforts to bring more small businesses into the defense industry and its emphasis on eliminating cybersecurity gaps and protecting government information systems, small businesses will need viable, practical, and actionable cybersecurity guidance, solutions, and intelligence that enable them to cost effectively address cybersecurity risks.