Story image

Exclusive: How AI and quantum computing are changing cybersecurity

21 Aug 2018

The advancement of artificial intelligence (AI) and quantum computing technology have brought equal parts excitement and trepidation to the cybersecurity industry.

New technologies have a way of impacting existing industries in unexpected ways and AI and quantum computing represent major leaps forward. 

SecurityBrief spoke to LogRhythm product marketing director Seth Goldhammer about how current security trends will be affected by these emerging technologies.

How are developments in artificial intelligence affecting security information and event management (SIEM) and behavioural analytics solutions?

Reduced costs in storage and compute have allowed greater accessibility for machine learning and the promise of AI to solve security use cases. 

While machine learning and artificial intelligence will provide users with greater ability to recognise previously unknown threats and reduce investigative time with prescriptive guidance, they are not a silver bullet for security. 

Applying machine learning and artificial intelligence introduces new challenges.  

These include:

  • With unstructured search, analysts can avoid data cleanliness issues. However, machine learning algorithms require a complete and normalised view of data to be able to draw insights.
  • Supervised machine learning can become operationally unmanageable. How does an analyst train algorithms to understand what a threat is or isn’t? What about threat types that have not been seen in training data?
  • For known Indicators of compromise (IOC) and Tactics, Techniques, and Procedures (TTPs), a deterministic model is preferred over machine learning and artificial intelligence to make more near real-time recognitions.

Developments in the cloud create challenges in visibility for organisations as the perimeter erodes. 

More attention is required in terms of data collection since Infrastructure-as-a-Service and Software-as-a-Service vendors have no standard in how to collect data or what type of audit data is even available. 

How can developments in quantum computing strengthen trust?

Due to the excessive amount of computational power provided by quantum computing, there are already interesting discussions over “renting” quantum computing access even for calculating sensitive data, encrypting quits instead of your standard binary data.

Presumably, we still require secret key input for cryptology which includes the same risks as binary encrypted data. 

How will developments in quantum computing benefit businesses today?

Quantum computing’s computational power has a means of driving machine learning and artificial intelligence considerably forward to enable algorithms asking many more questions of the data, with a greater variety of data or data types, over longer periods of time, in order to determine anomalies, known threat models, and then to corroborate these discovered activities together to better understand security relevance. 

The result will be reduced false positives and negatives, and with better accuracy of threat recognition, a better ability to automate/prescriptively co-ordinator response processes.

For example, let’s say, machine learning algorithms determine there is 67% chance of threat type A is occurring and can get to over 85% if additional data from the endpoint’s memory is retrieved and added to the analysis.  

When applied with AI, the result (was a threat actually found or not) automatically retrains threat model algorithms for better accuracy automatically next time. Imagine this applied against a global set of customers all collecting and interacting with the data, along with the computational power to keep pace, this now enables a highly effective mechanism for faster response to new threat types even at regional and vertical market industry levels.

How do you see SIEM evolving in the coming years and why?

SIEM has already evolved into a full security operation platform for performing threat detection and orchestrating response. 

SIEMs will continue to evolve by:

  • Performing more types of automation, both in terms of platform administration (automatic recognition of new systems/onboarding new data types) and security orchestration (gathering contextual data associated to a threat activity, performing countermeasures)
  • Convergence of user and entity behavioural analytics (UEBA), network-focused analytics, and security, operations, analytics, and response (SOAR) into the SIEM platform
  • Application of machine learning and artificial intelligence into SOAR to provide prescriptive analytics
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.