Palo Alto Networks today updated its security operations center (SOC) platform that makes it possible for cybersecurity teams to build their own machine learning (ML) models.

In addition, version 2.0 of the Cortex XSIAM platform provides a command center for tracking incidents and monitoring how data is being collected, a dashboard for tracking threats based on the MITRE ATT&CK framework and a free text search tool.

Finally, Palo Alto Networks has added the ability to detect macOS ransomware, Kubernetes and master boot records (MBRs) threats, along with additional attack surface management policies.

Navneet Singh, vice president of network security marketing for Palo Alto Networks, said that while there are already ML models embedded within Cortex XSIAM, it’s clear that cybersecurity teams will use their own data to create additional ones. The company is now making it possible to build those models using Jupyter tools that access data that can be imported into the data lake embedded in the Cortex XSIAM platform.

It’s not clear how many cybersecurity teams will be building their own ML models, but the more an ML model is trained on data that is in the IT environment, the more accurate the results will be. Palo Alto Networks is trying to reduce the complexity of building those models by opening up its data lake, said Singh. In effect, Palo Alto Networks is enabling a bring-your-own ML (BYOML) approach, he added.

Palo Alto Networks has been making a case for XSIAM as a next-generation security information event management (SIEM) platform that comes with integrations and a data lake already built in. The goal is to reduce the overall amount of integration effort cybersecurity teams encounter when operationalizing SIEM platforms, said Singh.

Overall, there’s a lot more focus on SIEM platforms as cybersecurity teams engage in an artificial intelligence (AI) arms race with cybercriminals—many of whom have the resources and expertise needed to leverage AI to increase both the volume and sophistication of the cyberattacks they launch. Most cybersecurity teams are not going to be able to find and retain enough cybersecurity talent to combat these threats, so the only alternative is to rely more on AI and other forms of automation.

In theory, at least, those advances should provide the added benefit of helping to reduce staff turnover as it becomes simpler to identify and remediate threats as they are discovered faster. There may even come a day soon when the most talented cybersecurity professionals are not going to want to work for organizations that can’t provide them with the tools they need to succeed.

The issue, of course, is finding the budget resources required to either fund upgrades or outright replace existing cybersecurity platforms. In the face of ongoing economic headwinds, cybersecurity leaders are under more pressure than ever to contain costs.

Fortunately, business and IT leaders are now being exposed to AI at almost every turn, so it should become easier for them to comprehend how it might be applied to cybersecurity challenges that are becoming too complex for humans to resolve on their own.