The advancement of artificial intelligence (AI) and quantum computing technology have brought equal parts excitement and trepidation to the cybersecurity industry.
New technologies have a way of impacting existing industries in unexpected ways and AI and quantum computing represent major leaps forward.
SecurityBrief spoke to LogRhythm product marketing director Seth Goldhammer about how current security trends will be affected by these emerging technologies.
Reduced costs in storage and compute have allowed greater accessibility for machine learning and the promise of AI to solve security use cases.
While machine learning and artificial intelligence will provide users with greater ability to recognise previously unknown threats and reduce investigative time with prescriptive guidance, they are not a silver bullet for security.
Applying machine learning and artificial intelligence introduces new challenges.
Developments in the cloud create challenges in visibility for organisations as the perimeter erodes.
More attention is required in terms of data collection since Infrastructure-as-a-Service and Software-as-a-Service vendors have no standard in how to collect data or what type of audit data is even available.
Due to the excessive amount of computational power provided by quantum computing, there are already interesting discussions over “renting” quantum computing access even for calculating sensitive data, encrypting quits instead of your standard binary data.
Presumably, we still require secret key input for cryptology which includes the same risks as binary encrypted data.
Quantum computing’s computational power has a means of driving machine learning and artificial intelligence considerably forward to enable algorithms asking many more questions of the data, with a greater variety of data or data types, over longer periods of time, in order to determine anomalies, known threat models, and then to corroborate these discovered activities together to better understand security relevance.
The result will be reduced false positives and negatives, and with better accuracy of threat recognition, a better ability to automate/prescriptively co-ordinator response processes.
For example, let’s say, machine learning algorithms determine there is 67% chance of threat type A is occurring and can get to over 85% if additional data from the endpoint’s memory is retrieved and added to the analysis.
When applied with AI, the result (was a threat actually found or not) automatically retrains threat model algorithms for better accuracy automatically next time. Imagine this applied against a global set of customers all collecting and interacting with the data, along with the computational power to keep pace, this now enables a highly effective mechanism for faster response to new threat types even at regional and vertical market industry levels.
SIEM has already evolved into a full security operation platform for performing threat detection and orchestrating response.
SIEMs will continue to evolve by: