Story image

Exclusive: How AI and quantum computing are changing cybersecurity

21 Aug 18

The advancement of artificial intelligence (AI) and quantum computing technology have brought equal parts excitement and trepidation to the cybersecurity industry.

New technologies have a way of impacting existing industries in unexpected ways and AI and quantum computing represent major leaps forward. 

SecurityBrief spoke to LogRhythm product marketing director Seth Goldhammer about how current security trends will be affected by these emerging technologies.

How are developments in artificial intelligence affecting security information and event management (SIEM) and behavioural analytics solutions?

Reduced costs in storage and compute have allowed greater accessibility for machine learning and the promise of AI to solve security use cases. 

While machine learning and artificial intelligence will provide users with greater ability to recognise previously unknown threats and reduce investigative time with prescriptive guidance, they are not a silver bullet for security. 

Applying machine learning and artificial intelligence introduces new challenges.  

These include:

  • With unstructured search, analysts can avoid data cleanliness issues. However, machine learning algorithms require a complete and normalised view of data to be able to draw insights.
  • Supervised machine learning can become operationally unmanageable. How does an analyst train algorithms to understand what a threat is or isn’t? What about threat types that have not been seen in training data?
  • For known Indicators of compromise (IOC) and Tactics, Techniques, and Procedures (TTPs), a deterministic model is preferred over machine learning and artificial intelligence to make more near real-time recognitions.

Developments in the cloud create challenges in visibility for organisations as the perimeter erodes. 

More attention is required in terms of data collection since Infrastructure-as-a-Service and Software-as-a-Service vendors have no standard in how to collect data or what type of audit data is even available. 

How can developments in quantum computing strengthen trust?

Due to the excessive amount of computational power provided by quantum computing, there are already interesting discussions over “renting” quantum computing access even for calculating sensitive data, encrypting quits instead of your standard binary data.

Presumably, we still require secret key input for cryptology which includes the same risks as binary encrypted data. 

How will developments in quantum computing benefit businesses today?

Quantum computing’s computational power has a means of driving machine learning and artificial intelligence considerably forward to enable algorithms asking many more questions of the data, with a greater variety of data or data types, over longer periods of time, in order to determine anomalies, known threat models, and then to corroborate these discovered activities together to better understand security relevance. 

The result will be reduced false positives and negatives, and with better accuracy of threat recognition, a better ability to automate/prescriptively co-ordinator response processes.

For example, let’s say, machine learning algorithms determine there is 67% chance of threat type A is occurring and can get to over 85% if additional data from the endpoint’s memory is retrieved and added to the analysis.  

When applied with AI, the result (was a threat actually found or not) automatically retrains threat model algorithms for better accuracy automatically next time. Imagine this applied against a global set of customers all collecting and interacting with the data, along with the computational power to keep pace, this now enables a highly effective mechanism for faster response to new threat types even at regional and vertical market industry levels.

How do you see SIEM evolving in the coming years and why?

SIEM has already evolved into a full security operation platform for performing threat detection and orchestrating response. 

SIEMs will continue to evolve by:

  • Performing more types of automation, both in terms of platform administration (automatic recognition of new systems/onboarding new data types) and security orchestration (gathering contextual data associated to a threat activity, performing countermeasures)
  • Convergence of user and entity behavioural analytics (UEBA), network-focused analytics, and security, operations, analytics, and response (SOAR) into the SIEM platform
  • Application of machine learning and artificial intelligence into SOAR to provide prescriptive analytics
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.