Exploring AI-Enabled Cybersecurity Frameworks: Deep-Learning Techniques,

GPU Support, and Future Enhancements

TOBIAS BECHER and SIMON TORKA, DAI-Lab, Technische Universität Berlin, Germany
Traditional rule-based cybersecurity systems have proven highly effective against known malware threats. However, they face
challenges in detecting novel threats. To address this issue, emerging cybersecurity systems are incorporating AI techniques, specifically
deep-learning algorithms, to enhance their ability to detect incidents, analyze alerts, and respond to events. While these techniques
offer a promising approach to combating dynamic security threats, they often require significant computational resources. Therefore,
frameworks that incorporate AI-based cybersecurity mechanisms need to support the use of GPUs to ensure optimal performance.
arXiv:2412.12648v1 [[Link]] 17 Dec 2024

Many cybersecurity framework vendors do not provide sufficiently detailed information about their implementation, making
it difficult to assess the techniques employed and their effectiveness. This study aims to overcome this limitation by providing an
overview of the most used cybersecurity frameworks that utilize AI techniques, specifically focusing on frameworks that provide
comprehensive information about their implementation. Our primary objective is to identify the deep-learning techniques employed
by these frameworks and evaluate their support for GPU acceleration. We have identified a total of two deep-learning algorithms that
are utilized by three out of 38 selected cybersecurity frameworks. Our findings aim to assist in selecting open-source cybersecurity
frameworks for future research and assessing any discrepancies between deep-learning techniques used in theory and practice.

Additional Key Words and Phrases: Cybersecurity Framework, Intrusion Detection, Endpoint Protection, Identity Access Management

1 INTRODUCTION
As cybersecurity threats become more prevalent [6], cybersecurity tools must retain the ability to keep systems safe.
Traditionally, cyber threats have been combated using a rules-based approach that involves investigating detected
incidents, classifying attack vectors, and defining a custom solution to mitigate the threat. For example, part of the
initial strategy to stop one of the first computer worms, the Morris Worm, was to put simple rules in place. In this case,
disabling the FINGER-Daemon that the worm relied on eliminated one of the three ways it could infect a system [26].
Over time, threats have become increasingly complex, and of course, security solutions must adapt [4].
Cybersecurity vendors now offer a myriad of different tools and platforms to handle security, privacy, and safety
concerns. By examining the market’s key players, as we describe in Section 3.1, it is possible to uncover any potential
gap between theory and practice, especially in their use of novel techniques. However, assessing the technical details
of cybersecurity products can be a challenging task. Publicly available documentation is often insufficient, making
it difficult to conduct a thorough evaluation. In the materials we reviewed to evaluate cybersecurity products from
the major vendors in the marketplace, we encountered several instances where a lack of detail made it difficult to
determine the underlying technical specifications of a product. For example, the product materials for Fortinet1 and
SentinelOne2 , two multinational cybersecurity companies that are significant vendors in the market, do not provide
enough detail for a thorough review. Fortinet offers products categorized as network, application, and endpoint security,
among others. However, it is not immediately clear how these solutions operate internally, as Fortinet does not provide
implementation details to the public [20]. The publicly available resources for the AI-powered security tool Singularity,
offered by SentinelOne, include references to a mix of a rules-based and an AI-powered approach [59]. Since most
cybersecurity frameworks are closed-source, private software solutions, it is difficult to gain more detailed insight into
their inner workings.
1 [Link]
2 [Link]

1
 Tobias Becher and Simon Torka

Despite often not providing technical detail, available product information makes it evident that marketing campaigns
are now emphasizing the AI features of software solutions [59, 76, 50, 1, 20]. This serves as another indication that,
although the traditional approach still holds value, recent advances in artificial intelligence have opened new avenues for
combating cyber threats. This is particularly true in the areas of intrusion detection, phishing and spam detection, threat
intelligence, and user behavior analysis [28]. Intrusion detection, for example, can use machine-learning algorithms
to distinguish between normal and abnormal traffic on a network. With a well-trained machine learning model and
high-quality network data, modern cybersecurity systems should be able to detect the spread of a novel virus without
having seen similar malware before. A Morris Worm redux, i.e., an entirely novel malware threat, should be detected
and acted upon preemptively. Additionally, the use of AI could also improve a cybersecurity product’s ability to detect
modern, complex multi-step attacks through semantic analysis [35].
Of course, this solution is not without challenges or caveats. Typically, these systems include the potential for a high
rate of false alarms [79] and can be very computationally intensive, especially for deep-learning methods [62]. While
this approach may be deemed appropriate for security-critical infrastructure that has ample resources, it is a concern
for a variety of other use cases. This is especially true for private individuals and small and medium-sized enterprises,
which often lack the infrastructure to provide sufficient computing resources for larger deep-learning models. To make
the most efficient use of hardware, cybersecurity solutions that rely on deep learning must use GPUs for training and
inference [62].
Naturally, this raises the question of what solutions currently exist, what deep-learning capabilities they have, and
whether they make efficient use of hardware, i.e., whether they enable GPU-supported deep learning. The relevance
for both researchers and security vendors is thus clear, as answering these questions can provide a clear direction for
future improvements.
This leads us to the central questions for this study.

RQ1. What information is available about the techniques employed by the most used cybersecurity frameworks?
RQ2. Which frameworks are open-source and could be used in academic research?
RQ3. What deep learning techniques are used in existing cybersecurity frameworks? How is their use supported by
GPU resources?

In exploring answers to these questions, our contribution is twofold. First, we provide an overview of the techniques
used in current cybersecurity frameworks. Second, we aid researchers in selecting cybersecurity frameworks for future
studies. Although we try to provide a wide range of techniques and frameworks, we do not claim to be exhaustive. This
is due to two facts. First, the cybersecurity landscape is constantly evolving, and commercial solutions generally do
not provide enough information to be thoroughly vetted. Second, there are recent studies that, while not focusing on
cybersecurity frameworks, analyze the cybersecurity market and its players, providing a more complete overview of
the market. We will discuss these in Section 2.
In this paper, we adopt a systematic approach to exploring cybersecurity frameworks, with particular attention to
their support for GPU acceleration and possible enhancements. We begin with a thorough examination of publicly
available documentation for existing cybersecurity frameworks, including various types of cybersecurity solutions such
as Security Information and Event Management (SIEM) systems, Intrusion Detection Systems (IDSs), and other related
software. Our goal is to gain insight into the techniques used by these frameworks in handling various security tasks.
We also investigate the extent to which GPUs are supported in training, testing, and inference of deep-learning-based
algorithms in these frameworks. Exploring cybersecurity frameworks with GPU support allows us to understand the
2
Exploring AI-Enabled Cybersecurity Frameworks

state of the art and propose practical enhancements bridging the gap between theory and practice. Ultimately, this
research holds significant importance as it represents a step toward developing resilient cybersecurity solutions. By
leveraging the right deep-learning solutions, we can contribute to the development of robust and resilient cybersecurity
solutions that can better protect organizations and individuals from cyberattacks.
This paper is structured as follows. Section 2 lays out related research in the field and differences to our work are
pointed out. Next, in Section 3, we will cover our methodology for selecting and reviewing relevant information, as well
as discuss related terminology and the challenges of using deep learning for cybersecurity. Afterward, we will move on
to Section 4, where we will delve into the various frameworks we have studied and the techniques they employ. Finally,
in Section 5 we conclude and provide a brief outlook on future research on this topic.

2 STATE OF THE ART

To discuss the current state of the art, we divide the related research into two parts. The first part, Cybersecurity
Systems, addresses current implementations of various cybersecurity tools, such as antivirus suites, as well as proposed
implementations from research. In the second part, we review research that provides an overview of current deep-
learning techniques in cybersecurity. As far as we are aware, there is no recent work that addresses GPU support for
AI-based cybersecurity tools.
Concerning our study, the first part gives us an overview of market solutions but does not explicitly examine
the (deep-learning) techniques used among them. Often, the tools are discussed in a market context and less from a
technical point of view. Compared to the papers in Part Two, which presented deep-learning techniques, we focus on
the implementation of these techniques in current cybersecurity software and how well these frameworks can execute
them effectively and efficiently.

Cybersecurity Systems. In 2020, Tselios et al. conducted a technical survey investigating the cybersecurity market.
They categorized existing cybersecurity solutions into 13 categories, such as Intrusion Detection and Prevention Systems,
Endpoint Detection and Response, or Identity and Access Management. They concluded that the current cybersecurity
market does not offer a product that is capable of holistically covering all capabilities to be effective in all security
categories, but that every framework must adopt the latest innovations [74].
A study by González-Granadillo et al. focused on the analysis of the SIEM market. They compiled a list of current
commercial solutions and classified them according to their functionality and market position. Especially noteworthy
are their remarks on the use of machine learning in these SIEMs. They state that, while machine learning approaches
should be used more often, only a few current software solutions include them [23].

Overview of Deep-Learning Techniques in Cybersecurity. The work of Berman et al. gives a thorough overview of
deep-learning techniques in cybersecurity research through January 2019. They describe the techniques and collect
usage statistics in the surveyed work. They see the limitations of the field primarily in the lack of quality datasets for
training and evaluation, and the fact that these techniques are only used in isolation, i.e., they do not consider the entire
attack lifecycle [4].
Other studies have listed various deep-learning algorithms for cybersecurity [57, 32, 31, 16, 79], either adding works
that are not included in the survey by Berman et al. or discussing other aspects, such as adversarial learning [32].
For example, Dixit and Silakari added the category of reinforcement learning algorithms and their use in cybersecurity,
while also extending the included research to papers published before May 2020 [16]. Taken together, there is a wide
range of deep learning techniques being applied to cybersecurity problems.
3
 Tobias Becher and Simon Torka

3 BACKGROUND
Before discussing cybersecurity frameworks, we want to clarify the most important terms used in this paper, our
methodology, and finally give a short overview of GPU support in AI-based software.

3.1 Methodology
Since this work reviews various cybersecurity frameworks, it is important to discuss the selection method of software
solutions.
According to Haleliuk [24], IT-Harvest Dashboard, the largest cybersecurity vendor database, counts more than
3,200 companies in the cybersecurity market. The market, while containing several key players, is not dominated by
one company [66]. Therefore, we want to provide our methodology for selecting a representative sample for our survey.
We reviewed the products of the key players in the market and any vendors listed in the categories Intrusion Detection
and Prevention Systems, Endpoint Detection and Response, and Identity and Access Management in the survey by Tselios
et al. [74]. Additionally, we conducted a Google and Google Scholar search using combinations of the term “cybersecurity
framework” and one of the terms “solution”, “platform”, “IDS”, “SIEM”, and “SOAR” and their unabbreviated versions.
We limited our results to the first three pages of the Google search results and the first page of the Google Scholar
results. We selected all results that demonstrated the potential to fit our definition of cybersecurity frameworks, as
defined in Section 3.2. Products that did not provide cybersecurity solutions in the aforementioned fields were discarded.
Research works that did not provide implementations were discarded as well. Combining the results from our search
with the list of vendors from the survey and market statistics, we arrived at a list of 38 vendors and no research works.
The lack of research is not necessarily surprising, as cybersecurity frameworks, such as those described in a study by
Luh et al. [35], do not meet our criteria for cybersecurity frameworks, primarily because of their lack of extensibility.
The selected vendors’ websites were searched for product information, such as white papers and technical doc-
umentation, and reviewed for machine- and deep-learning features. It is important to be aware of the fact that the
analysis presented here is based on information that may not have been specifically crafted for a scientific or technically
proficient audience. As a result, there is a possibility that the reviewed materials, including marketing materials, may
not accurately convey all of the technical aspects of the product, potentially resulting in different interpretations and
decreased reliability. However, given the lack of other research on the topic, we find this to be the best available method
for analyzing these products.

3.2 Terminology
First, we want to disambiguate the term cybersecurity framework from related vocabulary. Then, we give brief definitions
for the three categories of cybersecurity systems.
In this study, we use the terms cybersecurity framework and cybersecurity platform interchangeably to describe an
extensible software framework that is tasked with achieving one or more of the cybersecurity goals of confidentiality,
integrity, and availability. Our definition is not to be confused with the commonly accepted meaning of the term in the
context of organizational security. There, cybersecurity frameworks are often also referred to as cybersecurity risk
management frameworks, as e.g., examined by Taherdoost [69], and represent a distinct area of study and practice.

Definition 3.1. A cybersecurity framework refers to a software system designed to manage and safeguard digital assets
from potential threats and attacks. It serves as a foundational architecture that incorporates various cybersecurity tools.
Therefore, it can contain capabilities of more specific cybersecurity tools of categories such as Endpoint Detection
4
Exploring AI-Enabled Cybersecurity Frameworks

and Response, Intrusion Detection System, Security Information and Event Management, and Security Orchestration
Automation and Responses, allowing for their seamless integration and collaborative utilization to enhance overall
security.

Hence, our chosen definition of the term cybersecurity framework is a flexible one to encompass a variety of different
approaches to cybersecurity, if they can be extended by additional techniques. For example, we do not consider a
traditional firewall a cybersecurity framework, since it is typically not possible to extend its capabilities without it
becoming a different cybersecurity solution, e.g., an Endpoint Detection and Response (EDR) tool. A cybersecurity
solution can be any kind of cybersecurity-related software solution and therefore includes cybersecurity frameworks as
well.

3.3 GPU Support for Machine-Learning Algorithms

Typically, deep-learning algorithms require GPUs to compute efficiently, with GPUs achieving up to a 10-times
acceleration of training time and/or inference [3]. Popular deep-learning frameworks, like TensorFlow3 and PyTorch4
provide native GPU support.
While popular Machine Learning (ML) frameworks, such as Scikit-learn5 , do not always provide GPU support, this
can often be mitigated by third-party libraries. A prominent example is the RAPIDS6 ecosystem by NVIDIA, which
provides libraries for executing data science code on GPUs while keeping the same API. For example, to use an ML
algorithm included in the Scikit-learn library with GPU acceleration, cuML7 can be used. According to research from
2022, the RAPIDS algorithms are currently not performing as well as their Scikit-learn counterparts when used with
default settings but can still provide satisfactory results when the hyperparameters are tuned accordingly [41].

3.4 Challenges of Deep Learning in Cybersecurity

The challenges for applying deep learning are similar across computer science domains and contain aspects such as the
quality of input data, data representation in feature space, training time, inference performance, and more. Focusing on
aspects that are relevant to the use of deep-learning algorithms in cybersecurity frameworks, we briefly discuss the
distinctions these challenges have in cybersecurity over other disciplines.

Datasets. Quality data are a pillar of effective machine learning in every domain. To obtain training data for a
cybersecurity machine-learning approach, researchers are presented with a choice: collect the data from real computer
systems and/or networks, synthesize a dataset, or use an existing public dataset. Unfortunately, all of these options
come with significant challenges, and obtaining enough quality data remains one of the major concerns in cybersecurity
research that makes use of machine learning.
First, collecting real data requires permission from a sufficiently large institution to monitor their activities. This
often entails various concerns, such as privacy concerns or concerns over interference with normal operations. This
approach is only feasible for projects that require only a very limited scope of data, such as monitoring the network
traffic of one device in an isolated network. This way, concerns can be handled on an individual basis.

3 [Link]
4 [Link]
5 [Link]
6 [Link]
7 [Link]

5
 Tobias Becher and Simon Torka

Second, synthesizing cybersecurity data is not a trivial task, as it requires extensive knowledge and resources to
mimic realistic data. The latest approaches try to synthesize attack data from existing public datasets [81, 5], and have
therefore similar concerns to the third option, using public datasets. Works that aim to emulate blue and red team
behavior, i.e., the behavior of defenders and attackers, can contribute to creating these datasets [2, 82]. But, as far as we
are aware, no complete datasets have been synthesized using these techniques.
Lastly, using public datasets is the most common choice for researchers [18]. Even though there are at least 31
published cybersecurity datasets, according to a study by Ferrag et al., most research uses only four of them [18].
This includes the popular KDD Cup 1999 dataset [27], which has been criticized since its inception [37, 63], as well
as the NSL-KDD [70], UNSW-NB15 [43] and CICIDS2017 [60] datasets. Criticisms include the recency of the data, as
cybersecurity is a fast-evolving field and attacks and defenses are constantly changing, as well as criteria such as data
balancing [64, 42, 61].

Performance. While not all cybersecurity tasks must prove temporal adequacy, specific tasks must react in real-time.
For example, while the analysis of presumed malware allows for a more lenient time allotment, the reaction to a network
attack, like a Denial-Of-Service attack, must be immediate to avoid system failure. If machine-learning algorithms are
used to detect such attacks, their inference must fit this demand. The time complexity of the chosen algorithm should
therefore be taken into consideration [61].

Continual Learning. Cybersecurity is highly dynamic, with new threats, known as zero-day exploits, emerging in
rapid succession. If an algorithm is not able to continuously learn to detect new threats, it will quickly become obsolete
and ineffective. If training consumes a lot of resources, as is typically the case with deep-learning techniques, it is
infeasible to train new iterations of the model from scratch. Models must therefore be able to incrementally update
their knowledge throughout their lifetime.

Federated Learning. To preserve privacy [40] and allow rapid access to real-time data for fast model training [8], the
security infrastructure can be distributed onto multiple components. Distribution can also improve and ensure failure
safety. However, solving issues such as efficient node connection and communication is a challenging task and central
to the success of the distributed machine-learning system [8].

Result Visualization. Results generated by the various algorithms must ultimately inform a human analyst. The level
of trust in a cybersecurity system is expected to remain relatively unaltered, even with the implementation of more
effective automation, as the maximum extent of trust that can be placed in the system is inherently limited. This is
because, security systems can also be targets of attacks, such as adversarial attacks on a neural network tasked with
classifying network traces as normal or anomalous. Therefore, analysts have to be able to understand the path from
raw network data to intermediate representation in the model’s feature space, to the classification as an alert.
Cyber visualizations are being criticized as either too complicated or too basic, as well as too rigid to adapt to different
scenarios [65]. Though the research on visualizations has grown and approaches have been categorized, a standard for
cybersecurity visualization has not yet been created [29].

4 CYBERSECURITY FRAMEWORKS
We reviewed publicly available information on cybersecurity products from 38 different vendors and one research paper
and grouped them into six categories, which can be found in Table 1.
6
Exploring AI-Enabled Cybersecurity Frameworks

Table 1. Categories of cybersecurity product information.

Category Description
Rules-based The product information hints at using a rules-based approach instead of an ML approach.
ML The product information mentions the use of machine learning.
DL The product information mentions the use of deep learning.
AI The product information clearly states the use of AI but does not elaborate further.
Other The product was initially selected but later discarded.
No info The product information does not contain information pertaining to the use of AI.

Fig. 1. Categorization distribution of reviewed cybersecurity solutions.

Out of the 38 frameworks, we categorized two as AI, three as DL, nine as ML, and nine as Rules-based, while 13
provided not enough information. Two were discarded after further review. Figure 1 shows a graphical representation
of the categorization results, while further details can be found in the appendix in Table 3. The three products classified
as Deep Learning are examined in more detail in Section 4.1 to provide an answer to RQ3.

4.1 Cybersecurity Frameworks Using Deep Learning

To assess the state of deep learning in cybersecurity frameworks, we examine the three frameworks we identified for
using deep learning: NVIDIA Morpheus, Vectra AI, and Check Point’s R81. Following a brief introduction in this section,
we look at the techniques these frameworks employ in Section 4.2.

NVIDIA Morpheus. NVIDIA Morpheus [46] is an open-source cybersecurity framework that utilizes various machine-
learning and deep-learning methods to enhance cybersecurity. It enables developers to create optimized AI pipelines for
real-time data processing, classification, and threat detection. Morpheus integrates various tools, including pre-trained
AI capabilities and telemetry analysis, to facilitate quick development and deployment of cybersecurity solutions. They
claim, that with real-time telemetry and GPU acceleration, Morpheus can efficiently capture and act upon threats that
were previously undetectable, providing valuable insights for immediate response. Morpheus makes use of the RAPIDS
libraries for preprocessing, as discussed in Section 3.3.
7
 Tobias Becher and Simon Torka

Morpheus lists several use cases for its AI approach: Digital Fingerprinting, Phishing Detection, Sensitive Information
Detection, Crypto-Mining Malware Detection, Ransomware Detection, and Fraudulent Transaction and Identity Detec-
tion. For this, Morpheus offers users the possibility of deploying their own models using NVIDIA’s Triton Inference
Server8 , which supports a variety of deep-learning frameworks, such as TensorFlowfootnote 3 or PyTorchfootnote 4 [47].
Currently, NVIDIA provides five pre-trained models each responsible for one cybersecurity task. Table 2 shows the list
of tasks and short descriptions, including used frameworks like XGBoost9 and GraphSAGE10 .

Table 2. NVIDIA Morpheus pre-trained models utilized for various cybersecurity tasks [45].

Task Description
Anomalous Behavior Profiling XGBoost model that classifies GPU behavior as normal or anomalous
(e.g., crypto mining).
Digital Fingerprinting Ensemble learning model consisting of an Autoencoder and fast Fourier
transform reconstruction to detect changes in user behavior.
Fraud Detection GraphSAGE along with XGBoost for fraud detection in a credit card
transaction graph.
Ransomware Detection Random Forest model that classifies processes as ransomware or
benign using volatile memory data.
Flexible Log Parsing Parsing of HTTP server logs with an undisclosed model.

While no explicit information about the datasets used to train, or federated learning capabilities is available in
the documentation, Morpheus does stress the performance benefits stemming from the use of underlying NVIDIA
technology. This includes aforementioned software, like Tritonfootnote 8, but also NVIDIA hardware products NVIDIA
BlueField Data Processing Units11 , for which their products are optimized. Furthermore, Morpheus provides a rich
graphical user interface, that aims to give the user a quick overview of imminent threats, detected by, for example, their
digital fingerprinting methods.

Vectra AI.. Vectra [76] is a cybersecurity platform that leverages AI for advanced threat detection and response. Its
approach focuses on identifying attacker methods, employing tactics, techniques, and procedures rather than isolated
exploits. By optimizing AI models and leveraging streaming data analysis, Vectra enables real-time threat detection,
allowing security teams to respond effectively. The platform’s correlation algorithms analyze behaviors across various
domains, attributing them to stable anchors like accounts or host machines. This so-called security-led approach
enhances incident analysis, aiding in the identification and prioritization of progressing attacks. Vectra claims its
methodology provides businesses with resilient and comprehensive protection against diverse cyber threats.
Vectra has presented three distinct applications of AI in their software through their whitepaper. These include threat
correlation, detection of Command-and-Control (C2) channels, and identifying instances of privilege credential abuse.
Threats are correlated from various artifacts collected from network metadata to identify attacks, while C2 channels are
detected by examining the shape of network traffic. To detect privilege credential abuse, they build up user profiles
8 [Link]
9 [Link]
10 [Link]
11 [Link]

8
Exploring AI-Enabled Cybersecurity Frameworks

and compare historic interactions with current user interactions flagging strong discrepancies as potential security
violations. They also equip their software with a dedicated UI that shows details on the various cybersecurity tasks.

Check Point Quantum Cyber Security Platform R81. The Quantum Cyber Security Platform R81 [53] is a cybersecurity
framework that claims to be “the industry’s most advanced Threat Prevention and security management software” [53].
Its autonomous threat prevention system, Infinity Threat Prevention, seeks to reduce administrative overhead while
enhancing an organization’s security posture. By providing tailored policy profiles and enabling centralized security
administration, R81 aims to ensure a unified view of security across networks, endpoints, mobile devices, IoT devices,
and various cloud environments. Their release article states that the platform contains “AI Deep Learning [that] prevents
5x more DNS attacks in real-time” [52]. However, a more detailed description of these deep-learning techniques is not
found.

4.2 Employed Deep-Learning Techniques

After carefully reviewing the documentation and product description, we have identified a total of two deep-learning
algorithms that are utilized by the three cybersecurity frameworks. For instance, for NVIDIA Morpheus’ digital
fingerprinting task, an Autoencoder algorithm is employed. Similarly, Vectra makes use of a Long Short-term Memory
(LSTM) model to efficiently detect C2 channels.
All other techniques used by the frameworks are either not further disclosed, e.g., deep-learning approaches
by the Checkpoint Quantum Cyber Security Platform R81, or are considered ML techniques, e.g., Vectra’s use of
Hierarchical Density-Based Spatial Clustering of Applications with Noise (HDBSCAN), which is a hierarchical clustering
algorithm [7].

5 CONCLUSION & OUTLOOK

In conclusion, our research on cybersecurity software frameworks reveals several key findings and insights. Firstly, we
have observed that only a limited subset of cybersecurity solutions provides public information or technical details,
which hinders transparency and collaboration in the field. This lack of openness restricts the broader community from
fully understanding and evaluating the effectiveness of these solutions. Furthermore, our investigation indicates that
Deep Learning (DL) is not widely adopted in existing cybersecurity frameworks, and neither is GPU support. While
there are promising ideas and research focusing on the utilization of DL techniques such as Convolutional Neural
Networks (CNNs) [30, 51], and Deep Neural Networks [80], their practical implementation and real-world viability
remain uncertain. Deep-learning methods, although exhibiting potential, have not yet been proven ready for deployment
in real-life environments due to underlying challenges, such as the availability of quality cybersecurity datasets or
training and inference speed. Extensive testing and evaluation are necessary to determine if methods presented in
research [4] have efficacy and advantages over traditional methods.
Looking ahead, future work in DL methods for use in cybersecurity frameworks should consider focusing on
addressing foundational problems within specific areas of cybersecurity, such as Intrusion Detection. For example, by
providing better datasets for the training of ML algorithms, it becomes possible to compare new approaches and train
deeper models effectively. While DL holds promise for enhancing cybersecurity, further research is needed to refine and
adapt these techniques to address the unique challenges of the field. While overcoming issues such as interpretability,
model explainability, and adversarial attacks is crucial to demonstrating the readiness of deep learning for deployment
in real-life environments, researchers should also consider evaluating the operational viability of their approach. This
9
 Tobias Becher and Simon Torka

includes metrics such as inference speed and hardware requirements, among others, and ensures that more theoretical
solutions can be used in practice.

6 ACKNOWLEDGEMENT
<blinded>

REFERENCES
[1] Rachel Allen and Gorkem Batmaz. 2021. Fingerprinting every network user and asset with NVIDIA morpheus. NVIDIA Technical Blog. (Dec. 1,
2021). Retrieved June 8, 2023 from [Link]
[2] Andy Applebaum, Doug Miller, Blake Strom, Chris Korban, and Ross Wolf. 2016. Intelligent, automated red team emulation. In Proceedings of the
32nd Annual Conference on Computer Security Applications (ACSAC ’16). Association for Computing Machinery, New York, NY, USA, (Dec. 5,
2016), 363–373. isbn: 978-1-4503-4771-6. doi: 10.1145/2991079.2991111.
[3] Saide Isilay Baykal, Deniz Bulut, and Ozgur Koray Sahingoz. 2018. Comparing deep learning performance on BigData by using CPUs and GPUs.
In 2018 Electric Electronics, Computer Science, Biomedical Engineerings’ Meeting (EBBT). 2018 Electric Electronics, Computer Science, Biomedical
Engineerings’ Meeting (EBBT). (Apr. 2018), 1–6. doi: 10.1109/EBBT.2018.8391429.
[4] Daniel S. Berman, Anna L. Buczak, Jeffrey S. Chavis, and Cherita L. Corbett. 2019. A survey of deep learning methods for cyber security. Information,
10, 4, (Apr. 2019), 122. 303 citations (Semantic Scholar/DOI) [2023-06-07] Number: 4 Publisher: Multidisciplinary Digital Publishing Institute. doi:
10.3390/info10040122.
[5] Stavroula Bourou, Andreas El Saer, Terpsichori-Helen Velivassaki, Artemis Voulkidis, and Theodore Zahariadis. 2021. A review of tabular data
synthesis using GANs on an IDS dataset. Information, 12, 9, (Sept. 2021), 375. Number: 9 Publisher: Multidisciplinary Digital Publishing Institute.
doi: 10.3390/info12090375.
[6] Bundeskriminalamt. 2021. Filed cyber crime cases germany 2021. Statista. Retrieved June 8, 2023 from [Link]
/cyber-crime-cases-recorded-police-germany/.
[7] Ricardo J. G. B. Campello, Davoud Moulavi, and Joerg Sander. 2013. Density-based clustering based on hierarchical density estimates. In Advances
in Knowledge Discovery and Data Mining (Lecture Notes in Computer Science). Jian Pei, Vincent S. Tseng, Longbing Cao, Hiroshi Motoda, and
Guandong Xu, (Eds.) Springer, Berlin, Heidelberg, 160–172. isbn: 978-3-642-37456-2. doi: 10.1007/978-3-642-37456-2_14.
[8] Mingzhe Chen, Deniz Gündüz, Kaibin Huang, Walid Saad, Mehdi Bennis, Aneta Vulgarakis Feljan, and H. Vincent Poor. 2021. Distributed learning
in wireless networks: recent progress and future challenges. IEEE Journal on Selected Areas in Communications, 39, 12, (Dec. 2021), 3579–3605.
Conference Name: IEEE Journal on Selected Areas in Communications. doi: 10.1109/JSAC.2021.3118346.
[9] Cisco. 2021. Cisco SecureX data sheet. Cisco. (Aug. 3, 2021). Retrieved June 8, 2023 from [Link]
ty/securex/[Link].
[10] Claroty. 2022. Claroty xDome. (2022). Retrieved June 18, 2023 from [Link]
[11] CrowdStrike. 2023. Network detection services: delivering complete network visibility, detection and threat hunting as a service. (2023). Retrieved
June 15, 2023 from [Link]
[12] CyberArk. [n. d.] Identity security: why it matters and why now. (). Retrieved June 15, 2023 from [Link]
ntity-security.
[13] Darktrace. 2023. Reducing cyber risk through preventative cyber security. (2023). Retrieved June 14, 2023 from [Link]
om/626ff4d25aca2edf4325ff97/63e0ea6d755b43767078407c_Reducing%20Cyber%20Risk%20Through%20Preventation%20White%[Link].
[14] Datadog. [n. d.] Detection rules. Datadog Infrastructure and Application Monitoring. Retrieved June 8, 2023 from [Link]
urity/detection_rules/.
[15] Defendify. [n. d.] Cybersecurity as a posture, not a project: defendify streamlines cybersecurity through its all-in-one cybersecurity® approach,
award-winning platform, proactive protection, and superior support. Defendify. Retrieved Aug. 18, 2023 from [Link]
works/.
[16] Priyanka Dixit and Sanjay Silakari. 2021. Deep learning algorithms for cybersecurity applications: a technological and status review. Computer
Science Review, 39, (Feb. 1, 2021), 100317. 57 citations (Semantic Scholar/DOI) [2023-06-07]. doi: 10.1016/[Link].2020.100317.
[17] ExtraHop. 2021. ExtraHop reveal(x): cloud-native network detection & response. (2021). Retrieved June 8, 2023 from [Link]
atasheets/[Link].
[18] Mohamed Amine Ferrag, Leandros Maglaras, Sotiris Moschoyiannis, and Helge Janicke. 2020. Deep learning for cyber security intrusion detection:
approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, (Feb. 1, 2020), 102419. 403 citations (Semantic
Scholar/DOI) [2023-06-28]. doi: 10.1016/[Link].2019.102419.
[19] FireEye. 2014. HX series: endpoint threat prevention platform that detects, analyzes, and resolves security incidents on the endpoint. (2014).
Retrieved June 28, 2023 from [Link]
[20] Fortinet. 2023. FortiGate® virtual appliances. (Feb. 8, 2023). Retrieved June 19, 2023 from.

10
Exploring AI-Enabled Cybersecurity Frameworks

[21] Fujitsu. [n. d.] Intelligence-led cyber security. Fujitsu Global. Retrieved Aug. 18, 2023 from [Link]
.html.
[22] Iman Ghanizada and Anton Chuvakin. [n. d.] Autonomic security operations. (). Retrieved June 14, 2023 from.
[23] Gustavo González-Granadillo, Susana González-Zarzosa, and Rodrigo Diaz. 2021. Security information and event management (SIEM): analysis,
trends, and usage in critical infrastructures. Sensors, 21, 14, (Jan. 2021), 4759. 16 citations (Semantic Scholar/DOI) [2023-06-07] Number: 14
Publisher: Multidisciplinary Digital Publishing Institute. doi: 10.3390/s21144759.
[24] Ross Haleliuk. 2023. Why there are so many cybersecurity vendors, what it leads to and where do we go from here. (Jan. 9, 2023). Retrieved
June 26, 2023 from [Link]
[25] IBM. 2023. QRadar suite threat management. (June 1, 2023). Retrieved June 8, 2023 from [Link]
0?topic=overview-qradar-suite-threat-management.
[26] Akshay Jajoo. 2021. A study on the morris worm. (Dec. 14, 2021). Retrieved June 8, 2023 from [Link] arXiv: 2112.07647[cs].
[27] KDD. [n. d.] KDD cup 1999 : computer network intrusion detection. Retrieved June 28, 2023 from [Link]
99/Data.
[28] Johnson Kinyua and Lawrence Awuah. 2021. AI/ML in security orchestration, automation and response: future research directions. Intelligent
Automation & Soft Computing, 28, 2, 527–545. doi: 10.32604/iasc.2021.016240.
[29] Adrian Komadina, Željka Mihajlović, and Stjepan Groš. 2022. Analysis of the design space for cybersecurity visualizations in VizSec. In 2022 IEEE
Symposium on Visualization for Cyber Security (VizSec). 2022 IEEE Symposium on Visualization for Cyber Security (VizSec). ISSN: 2639-4332. (Oct.
2022), 1–11. doi: 10.1109/VizSec56996.2022.9941422.
[30] Kim-Hung Le, Minh-Huy Nguyen, Trong-Dat Tran, and Ngoc-Duan Tran. 2022. IMIDS: an intelligent intrusion detection system against cyber
threats in IoT. Electronics, 11, 4, (Jan. 2022), 524. 14 citations (Semantic Scholar/DOI) [2023-06-29] Number: 4 Publisher: Multidisciplinary Digital
Publishing Institute. doi: 10.3390/electronics11040524.
[31] Guangjun Li, Preetpal Sharma, Lei Pan, Sutharshan Rajasegarar, Chandan Karmakar, and Nicholas Patterson. 2021. Deep learning algorithms for
cyber security applications: a survey. Journal of Computer Security, 29, 5, (Jan. 1, 2021), 447–471. 3 citations (Semantic Scholar/DOI) [2023-06-08].
doi: 10.3233/JCS-200095.
[32] Jian-hua Li. 2018. Cyber security meets artificial intelligence: a survey. Frontiers of Information Technology & Electronic Engineering, 19, 12, (Dec. 1,
2018), 1462–1474. 88 citations (Semantic Scholar/DOI) [2023-06-07]. doi: 10.1631/FITEE.1800573.
[33] Lookout. 2023. Lookout mobile endpoint security. (2023). Retrieved June 28, 2023 from [Link]
[Link].
[34] Lookout. 2023. Lookout secure cloud access. (2023). Retrieved June 28, 2023 from [Link]
[Link].
[35] Robert Luh, Stefan Marschalek, Manfred Kaiser, Helge Janicke, and Sebastian Schrittwieser. 2017. Semantics-aware detection of targeted
attacks: a survey. Journal of Computer Virology and Hacking Techniques, 13, (Feb. 1, 2017). 1 citations (Semantic Scholar/DOI) [2023-06-07]. doi:
10.1007/s11416-016-0273-3.
[36] McAffee. [n. d.] Live confidently online with McAfee total protection. McAffee. Retrieved Aug. 18, 2023 from [Link]
virus/[Link].
[37] John McHugh. 2000. Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as
performed by lincoln laboratory. ACM Transactions on Information and System Security, 3, 4, (Nov. 1, 2000), 262–294. doi: 10.1145/382912.382923.
[38] Trend Micro. 2023. Trend micro service one™. (2023). Retrieved Aug. 18, 2023 from [Link]/en_us/business/services/[Link]
ml?modal=s1a-hero-btn-datasheet-056c02.
[39] Microsoft. 2023. What is microsoft sentinel? (Mar. 14, 2023). Retrieved June 8, 2023 from [Link]
[40] Payman Mohassel and Yupeng Zhang. 2017. SecureML: a system for scalable privacy-preserving machine learning. In 2017 IEEE Symposium on
Security and Privacy (SP). 2017 IEEE Symposium on Security and Privacy (SP). ISSN: 2375-1207. (May 2017), 19–38. doi: 10.1109/SP.2017.12.
[41] Michal Motylinski, Áine MacDermott, Farkhund Iqbal, and Babar Shah. 2022. A GPU-based machine learning approach for detection of botnet
attacks. Computers & Security, 123, (Dec. 1, 2022), 102918. 1 citations (Semantic Scholar/DOI) [2023-06-29]. doi: 10.1016/[Link].2022.102918.
[42] Nour Moustafa and Jill Slay. 2016. The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the
comparison with the KDD99 data set, (Jan. 11, 2016), 1–14. doi: 10.1080/19393555.2015.1125974.
[43] Nour Moustafa and Jill Slay. 2015. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data
set). In 2015 Military Communications and Information Systems Conference (MilCIS). 2015 Military Communications and Information Systems
Conference (MilCIS). (Nov. 2015), 1–6. doi: 10.1109/MilCIS.2015.7348942.
[44] Palo Alto Networks. 2022. Cortex XDR: breaking the security silos for detection and response. (2022). Retrieved June 14, 2023 from [Link]
[Link]/uploads/2022/09/[Link].
[45] NVIDIA. 2023. Morpheus models. NVIDIA Docs. (Aug. 1, 2023). Retrieved Aug. 18, 2023 from [Link]
[Link].
[46] NVIDIA. 2023. NVIDIA morpheus technical documentation. NVIDIA Docs. (Apr. 19, 2023). Retrieved Aug. 18, 2023 from [Link]
/morpheus/[Link].

11
 Tobias Becher and Simon Torka

[47] NVIDIA. 2023. NVIDIA triton inference server. (June 22, 2023). Retrieved July 6, 2023 from [Link]
server/user-guide/docs/[Link].
[48] OpenText. 2022. OpenText™ EnCase™ endpoint security. (Sept. 1, 2022). Retrieved June 28, 2023 from [Link]
s/en-US/pdf/[Link].
[49] Oracle. [n. d.] Oracle CASB cloud service. Oracle Help Center. Retrieved Aug. 18, 2023 from [Link]
[Link].
[50] OSSEC. [n. d.] Get OSSEC. OSSEC. Retrieved June 8, 2023 from [Link]
[51] Anson Pinhero, Anupama M l, Vinod P, C. A. Visaggio, Aneesh N, Abhijith S, and AnanthaKrishnan S. 2021. Malware detection employed by
visualization and deep neural network. Computers & Security, 105, (June 1, 2021), 102247. doi: 10.1016/[Link].2021.102247.
[52] Check Point. 2023. Check point quantum r81.20 (titan) release. (June 19, 2023). Retrieved July 6, 2023 from [Link]
/sk/sk173903.
[53] Check Point. 2022. R81 cyber security platform: threat prevention and management software for the new normal. (2022). Retrieved June 28, 2023
from [Link]
ROyGuPacMuAwm641P57QgviL_I-C22jfR1mTXNosYhXCp7-BzHgVdO_XJSxx3KCTo5PhZb1hv7pP4h0J4Q8g9ZfU2jiS-eX712VSeT2XzFg.
[54] Progress. 2022. Using WhatsUp gold to discover and monitor flowmon and LoadMaster devices - progress community. (Feb. 17, 2022). Retrieved
June 8, 2023 from [Link]
[55] Rapid7. [n. d.] InsightIDR feature: embedded threat intelligence. Rapid7. Retrieved June 8, 2023 from [Link]
/features/embedded-threat-intelligence/.
[56] RSA. 2017. RSA ECAT integration guide. (Dec. 1, 2017). Retrieved June 14, 2023 from.
[57] Iqbal H. Sarker. 2021. Deep cybersecurity: a comprehensive overview from neural network and deep learning perspective. SN Computer Science, 2,
3, (Mar. 20, 2021), 154. 0 citations (Semantic Scholar/DOI) [2023-06-07]. doi: 10.1007/s42979-021-00535-6.
[58] Skyhigh Security. 2022. Skyhigh security cloud access security broker (CASB). (Mar. 1, 2022). Retrieved June 28, 2023 from [Link]
[Link]/wp-content/uploads/2023/01/[Link].
[59] SentinelOne. [n. d.] SentinelOne storyline active response (STAR)™. SentinelOne Inc. Retrieved May 18, 2023 from [Link]
/storyline-active-response.
[60] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. 2018. Toward generating a new intrusion detection dataset and intrusion traffic
characterization: in Proceedings of the 4th International Conference on Information Systems Security and Privacy. 4th International Conference
on Information Systems Security and Privacy. SCITEPRESS - Science and Technology Publications, Funchal, Madeira, Portugal, 108–116. isbn:
978-989-758-282-0. doi: 10.5220/0006639801080116.
[61] Kamran Shaukat, Suhuai Luo, Vijay Varadharajan, Ibrahim A. Hameed, Shan Chen, Dongxi Liu, and Jiaming Li. 2020. Performance comparison and
current challenges of using machine learning techniques in cybersecurity. Energies, 13, 10, (Jan. 2020), 2509. Number: 10 Publisher: Multidisciplinary
Digital Publishing Institute. doi: 10.3390/en13102509.
[62] Ajay Shrestha and Ausif Mahmood. 2019. Review of deep learning algorithms and architectures. IEEE Access, 7, 53040–53065. 677 citations
(Semantic Scholar/DOI) [2023-06-29] Conference Name: IEEE Access. doi: 10.1109/access.2019.2912200.
[63] Kamran Siddique, Zahid Akhtar, Farrukh Aslam Khan, and Yangwoo Kim. 2019. KDD cup 99 data sets: a perspective on the role of data sets in
network intrusion detection research. Computer, 52, 2, (Feb. 2019), 41–51. Conference Name: Computer. doi: 10.1109/MC.2018.2888764.
[64] Robin Sommer and Vern Paxson. 2010. Outside the closed world: on using machine learning for network intrusion detection. In 2010 IEEE
Symposium on Security and Privacy. 2010 IEEE Symposium on Security and Privacy. ISSN: 2375-1207. (May 2010), 305–316. doi: 10.1109/SP.2010.25.
[65] Diane Staheli, Tamara Yu, R. Jordan Crouser, Suresh Damodaran, Kevin Nam, David O’Gwynn, Sean McKenna, and Lane Harrison. 2014.
Visualization evaluation for cyber security: trends and future directions. In Proceedings of the Eleventh Workshop on Visualization for Cyber Security
(VizSec ’14). Association for Computing Machinery, New York, NY, USA, (Nov. 10, 2014), 49–56. isbn: 978-1-4503-2826-5. doi: 10.1145/2671491.267
1492.
[66] Statista. [n. d.] Cybersecurity - worldwide. Statista. Retrieved June 26, 2023 from [Link]
[67] Suricata. 2023. Suricata user guide. (Aug. 7, 2023). Retrieved Aug. 18, 2023 from [Link]
[68] Symantec. 2020. Symantec content analysis. (May 29, 2020). Retrieved June 14, 2023 from.
[69] Hamed Taherdoost. 2022. Understanding cybersecurity frameworks and information security standards—a review and comprehensive overview.
Electronics, 11, 14, (Jan. 2022), 2181. 8 citations (Semantic Scholar/DOI) [2023-06-07] Number: 14 Publisher: Multidisciplinary Digital Publishing
Institute. doi: 10.3390/electronics11142181.
[70] Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani. 2009. A detailed analysis of the KDD CUP 99 data set. In 2009 IEEE Symposium
on Computational Intelligence for Security and Defense Applications. 2009 IEEE Symposium on Computational Intelligence for Security and Defense
Applications. ISSN: 2329-6275. (July 2009), 1–6. doi: 10.1109/CISDA.2009.5356528.
[71] Snort Team. [n. d.] SNORT users manual 2.9.16. Retrieved Aug. 18, 2023 from [Link]
[72] Trellix. 2023. Trellix network detection and response. (2023). Retrieved June 14, 2023 from [Link]
[Link].
[73] Tripwire. [n. d.] Tripwire enterprise SCM security for all IT environments. Retrieved June 14, 2023 from [Link]
sheets/tripwire-enterprise.
12
Exploring AI-Enabled Cybersecurity Frameworks

[74] Christos Tselios, George Tsolis, and Manos Athanatos. 2020. A comprehensive technical survey of contemporary cybersecurity products and
solutions. In Computer Security (Lecture Notes in Computer Science). Apostolos P. Fournaris et al., (Eds.) 4 citations (Semantic Scholar/DOI)
[2023-06-07]. Springer International Publishing, Cham, 3–18. isbn: 978-3-030-42051-2. doi: 10.1007/978-3-030-42051-2_1.
[75] Vectra. 2021. Fit for purpose or behind the curve? uncovering how today’s organisations are tackling complex, modern cyberthreats. (2021).
Retrieved June 14, 2023 from [Link]
[76] Vectra. 2022. The AI behind vectra AI. (2022). Retrieved June 14, 2023 from [Link]
_ai_behind_vectra_ai.pdf.
[77] VMware. 2020. Datasheet for VMware carbon black. (2020). Retrieved June 28, 2023 from [Link]
/vmware/en/pdf/docs/[Link].
[78] VMware. 2022. VMware contexa™ — the threat intelligence cloud. (2022). Retrieved June 14, 2023 from.
[79] Yang Xin, Lingshuang Kong, Zhi Liu, Yuling Chen, Yanmiao Li, Hongliang Zhu, Mingcheng Gao, Haixia Hou, and Chunhua Wang. 2018. Machine
learning and deep learning methods for cybersecurity. IEEE Access, 6, 35365–35381. 546 citations (Semantic Scholar/DOI) [2023-06-07] Conference
Name: IEEE Access. doi: 10.1109/ACCESS.2018.2836950.
[80] Teng Xu et al. 2021. Deep entity classification: abusive account detection for online social networks. In 30th USENIX Security Symposium (USENIX
Security 21).
[81] Qiao Yan, Mingde Wang, Wenyao Huang, Xupeng Luo, and F. Richard Yu. 2019. Automatically synthesizing DoS attack traces using generative
adversarial networks. International Journal of Machine Learning and Cybernetics, 10, 12, (Dec. 1, 2019), 3387–3396. doi: 10.1007/s13042-019-00925-6.
[82] Jeong Do Yoo, Eunji Park, Gyungmin Lee, Myung Kil Ahn, Donghwa Kim, Seongyun Seo, and Huy Kang Kim. 2020. Cyber attack and defense
emulation agents. Applied Sciences, 10, 6, (Jan. 2020), 2140. Number: 6 Publisher: Multidisciplinary Digital Publishing Institute. doi: 10.3390/app100
62140.
[83] Zeek. 2023. Zeek documentation. (Aug. 11, 2023). Retrieved Aug. 18, 2023 from [Link]
[84] Zscaler. 2023. Zscaler internet access. (2023). Retrieved June 28, 2023 from [Link]
.pdf.
[85] Zscaler and Vectra. 2021. Solution brief - securing zero trust access for a remote workforce. (2021). Retrieved June 28, 2023 from [Link]
[Link]/resources/solution-briefs/[Link].

13
 Tobias Becher and Simon Torka

A OVERVIEW OF REVIEWED FRAMEWORKS

Framework Category Source

Claroty Rules-based [10]
Crowdstrike Network Detection Rules-based [11]
Datadog Rules-based [14]
IBM Cloud Pak for Security QRadar Suite Threat Management Rules-based [25]
Microsoft Sentinel Rules-based [39]
Rapid7 InsightIDR Feature Embedded Threat Intelligence Rules-based [55]
Snort Rules-based [71]
Suricata Rules-based [67]
Zeek Rules-based [83]
ExtraHop Reveal(x) ML [17]
OSSEC OSSEC+ ML [50]
Progress WhatsUp Gold ML [54]
Palo Alto Networks Cortex XDR ML [44]
Skyhigh Security Cloud Access Security Broker (CASB) ML [58]
Symantec Content Analysis ML [68]
Trellix Network Detection and Response ML [72]
VMware Contexa ML [78]
Zscaler ML [85, 84]
Check Point Quantum Cyber Security Platform: R81 DL [52, 53]
NVIDIA Morpheus DL [1, 46, 45, 47]
Vectra AI DL [76, 75]
Darktrace AI [13]
SentinelOne Complete & Ranger AI [59]
GCP Chronicle Other [22]
Oracle CASB Cloud Service Other [49]
Cisco SecureX No info [9]
Cyberark No info [12]
Defendify No info [15]
Fortinet FortiGate No info [20]
Fotra Tripwire Enterprise No info [73]
Fujitsu Enterprise Cyber Security Solutions No info [21]
FireEye Endpoint Threat Prevention HX Series (FireEye Security Platform) No info [19]
Lookout No info [33, 34]
McAfee Antivirus No info [36]
OpenText EnCase Endpoint Security No info [48]
RSA ECAT No info [56]
Trend Micro Service One No info [38]
VMware Carbon Black No info [77]
Table 3. Reviewed cybersecurity frameworks.

14