Story image

Exclusive: How AI and quantum computing are changing cybersecurity

21 Aug 18

The advancement of artificial intelligence (AI) and quantum computing technology have brought equal parts excitement and trepidation to the cybersecurity industry.

New technologies have a way of impacting existing industries in unexpected ways and AI and quantum computing represent major leaps forward. 

SecurityBrief spoke to LogRhythm product marketing director Seth Goldhammer about how current security trends will be affected by these emerging technologies.

How are developments in artificial intelligence affecting security information and event management (SIEM) and behavioural analytics solutions?

Reduced costs in storage and compute have allowed greater accessibility for machine learning and the promise of AI to solve security use cases. 

While machine learning and artificial intelligence will provide users with greater ability to recognise previously unknown threats and reduce investigative time with prescriptive guidance, they are not a silver bullet for security. 

Applying machine learning and artificial intelligence introduces new challenges.  

These include:

  • With unstructured search, analysts can avoid data cleanliness issues. However, machine learning algorithms require a complete and normalised view of data to be able to draw insights.
  • Supervised machine learning can become operationally unmanageable. How does an analyst train algorithms to understand what a threat is or isn’t? What about threat types that have not been seen in training data?
  • For known Indicators of compromise (IOC) and Tactics, Techniques, and Procedures (TTPs), a deterministic model is preferred over machine learning and artificial intelligence to make more near real-time recognitions.

Developments in the cloud create challenges in visibility for organisations as the perimeter erodes. 

More attention is required in terms of data collection since Infrastructure-as-a-Service and Software-as-a-Service vendors have no standard in how to collect data or what type of audit data is even available. 

How can developments in quantum computing strengthen trust?

Due to the excessive amount of computational power provided by quantum computing, there are already interesting discussions over “renting” quantum computing access even for calculating sensitive data, encrypting quits instead of your standard binary data.

Presumably, we still require secret key input for cryptology which includes the same risks as binary encrypted data. 

How will developments in quantum computing benefit businesses today?

Quantum computing’s computational power has a means of driving machine learning and artificial intelligence considerably forward to enable algorithms asking many more questions of the data, with a greater variety of data or data types, over longer periods of time, in order to determine anomalies, known threat models, and then to corroborate these discovered activities together to better understand security relevance. 

The result will be reduced false positives and negatives, and with better accuracy of threat recognition, a better ability to automate/prescriptively co-ordinator response processes.

For example, let’s say, machine learning algorithms determine there is 67% chance of threat type A is occurring and can get to over 85% if additional data from the endpoint’s memory is retrieved and added to the analysis.  

When applied with AI, the result (was a threat actually found or not) automatically retrains threat model algorithms for better accuracy automatically next time. Imagine this applied against a global set of customers all collecting and interacting with the data, along with the computational power to keep pace, this now enables a highly effective mechanism for faster response to new threat types even at regional and vertical market industry levels.

How do you see SIEM evolving in the coming years and why?

SIEM has already evolved into a full security operation platform for performing threat detection and orchestrating response. 

SIEMs will continue to evolve by:

  • Performing more types of automation, both in terms of platform administration (automatic recognition of new systems/onboarding new data types) and security orchestration (gathering contextual data associated to a threat activity, performing countermeasures)
  • Convergence of user and entity behavioural analytics (UEBA), network-focused analytics, and security, operations, analytics, and response (SOAR) into the SIEM platform
  • Application of machine learning and artificial intelligence into SOAR to provide prescriptive analytics
How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.