SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Exclusive: How AI and quantum computing are changing cybersecurity
Tue, 21st Aug 2018
FYI, this story is more than a year old

The advancement of artificial intelligence (AI) and quantum computing technology have brought equal parts excitement and trepidation to the cybersecurity industry.

New technologies have a way of impacting existing industries in unexpected ways and AI and quantum computing represent major leaps forward.

SecurityBrief spoke to LogRhythm product marketing director Seth Goldhammer about how current security trends will be affected by these emerging technologies.

How are developments in artificial intelligence affecting security information and event management (SIEM) and behavioural analytics solutions?

Reduced costs in storage and compute have allowed greater accessibility for machine learning and the promise of AI to solve security use cases.

While machine learning and artificial intelligence will provide users with greater ability to recognise previously unknown threats and reduce investigative time with prescriptive guidance, they are not a silver bullet for security.

Applying machine learning and artificial intelligence introduces new challenges.

These include:

  • With unstructured search, analysts can avoid data cleanliness issues. However, machine learning algorithms require a complete and normalised view of data to be able to draw insights.
  • Supervised machine learning can become operationally unmanageable. How does an analyst train algorithms to understand what a threat is or isn't? What about threat types that have not been seen in training data?
  • For known Indicators of compromise (IOC) and Tactics, Techniques, and Procedures (TTPs), a deterministic model is preferred over machine learning and artificial intelligence to make more near real-time recognitions.

Developments in the cloud create challenges in visibility for organisations as the perimeter erodes.

More attention is required in terms of data collection since Infrastructure-as-a-Service and Software-as-a-Service vendors have no standard in how to collect data or what type of audit data is even available.

How can developments in quantum computing strengthen trust?

Due to the excessive amount of computational power provided by quantum computing, there are already interesting discussions over “renting” quantum computing access even for calculating sensitive data, encrypting quits instead of your standard binary data.

Presumably, we still require secret key input for cryptology which includes the same risks as binary encrypted data.

How will developments in quantum computing benefit businesses today?

Quantum computing's computational power has a means of driving machine learning and artificial intelligence considerably forward to enable algorithms asking many more questions of the data, with a greater variety of data or data types, over longer periods of time, in order to determine anomalies, known threat models, and then to corroborate these discovered activities together to better understand security relevance.

The result will be reduced false positives and negatives, and with better accuracy of threat recognition, a better ability to automate/prescriptively co-ordinator response processes.

For example, let's say, machine learning algorithms determine there is 67% chance of threat type A is occurring and can get to over 85% if additional data from the endpoint's memory is retrieved and added to the analysis.

When applied with AI, the result (was a threat actually found or not) automatically retrains threat model algorithms for better accuracy automatically next time. Imagine this applied against a global set of customers all collecting and interacting with the data, along with the computational power to keep pace, this now enables a highly effective mechanism for faster response to new threat types even at regional and vertical market industry levels.

How do you see SIEM evolving in the coming years and why?

SIEM has already evolved into a full security operation platform for performing threat detection and orchestrating response.

SIEMs will continue to evolve by:

  • Performing more types of automation, both in terms of platform administration (automatic recognition of new systems/onboarding new data types) and security orchestration (gathering contextual data associated to a threat activity, performing countermeasures)
  • Convergence of user and entity behavioural analytics (UEBA), network-focused analytics, and security, operations, analytics, and response (SOAR) into the SIEM platform
  • Application of machine learning and artificial intelligence into SOAR to provide prescriptive analytics