AI can give defenders the upper hand: Quorum Cyber on the future of cyber security
- Related sector Technology
- Investment status Current
- Related company Quorum Cyber
- Share it on
- 6 min
- By Amy Hunter
- Apr 23, 2024
Livingbridge invested in Microsoft-focused cyber security provider, Quorum Cyber, in 2022. Founded in 2016, the Edinburgh-based company protects over 150 customers around the world, including household-name enterprises. Quorum Cyber is able to predict and react to threats before they can cause harm and deliver peace of mind for clients. Every day, the company’s expert team leverages the latest Microsoft Security technologies to defend clients’ systems.
Quorum Cyber’s founder & CEO, Federico Charosky, is on a mission to grow the company into a global category leader – and this roadmap includes embracing artificial intelligence (AI) and its potential for turbocharging cyber defences.
Quorum Cyber has invested in machine learning for years. So when generative AI burst onto the scene, Federico made an early decision "to run at it". The CEO brought in former Microsoft in-house technical specialist, Graham Hosking, as Solutions Director for Data Security & AI, in early 2023. Since then, the company has built a stellar five-person team that acts as a "north star" for AI developments.
Our Investment Director Amy Hunter sat down with Federico and Graham to gather their insights on how AI is affecting enterprise security, and to explore how Quorum Cyber has created a winning strategy in a rapidly evolving landscape.
Amy: Generative AI is exciting, but it’s also a cause for concern for businesses around the world with regards to cyber security and hostile use of the technology. Can you explain what's happening in the sector today?
Federico: There's a perception of doom and gloom out there that AI is going to revolutionise cyber security in a bad way, which I think is misplaced. I’ve been in this industry for 20-plus years, and this is the first time that we, defenders, have a chance at having the upper hand in cyber.
If attackers want to have the upper hand, they're now going to have to invent something that is better than ‘AI + human’ at defences, and that doesn't exist yet. AI is creating an asymmetry that benefits the defenders over and above attackers, and that's providing us with an opportunity we haven't seen before. So I’m hoping that, going forward, we can use AI to finally stem the epidemic of cyber-attacks, particularly the indiscriminate, commercially-motivated cyber-attacks.
Essentially, I think if you don't run at AI, you will miss out on what's probably one of the biggest force multipliers that we're ever going to see. AI can dramatically improve our capability to fight the good fights.
Amy: How are you already using AI to help improve cyber security at Quorum Cyber?
Federico: We see AI as a force multiplier to the things we were doing before. It's enabling us to do things better, bigger, and faster – it’s not a product in itself, it's just a really cool tool to help us get the job done.
We're implementing Microsoft technology and we're doing a lot of the product design with them – we've been very close to their Copilot for Security and that universe. We've been applying it in Clarity, Quorum Cyber’s customer platform, and into Quorum Cyber’s server offerings on our own AI engines, enriching our customer data. We’re also applying it to our own workbench. AI is giving our analysts the ability to interrogate data better, and to hunt threats better.
Graham: We’re using predictive coding and machine learning to understand telemetry over time, and then augmenting that with artificial intelligence.
AI acts as an enrichment, allowing us to have a more streamlined workflow and go into an organisation’s systems and understand many different signals. In short, AI will give me the story of an attack. Where it came from, what happened, what data was affected.
Amy: Where do you see the balance between what can be fully automated in cyber security, vs augmentation of human capabilities?
Graham: It’s really important to say that in cyber security, AI cannot replace human jobs – it’s just another tool. There will always need to be a human being to check things over, to make sure the AI is going to provide our customers with the right information.
Federico: Exactly, human-in-the-loop is fundamental for us. Other companies are making claims about being the most automated supplier on the market, but to us that’s not a good thing. We believe that the magic happens at the right balance between automation and enrichment, between force multipliers and human intuition and experience and creativity. You need a human with a specialist skill set in the loop.
Amy: Given the pace of AI developments, what do you think the cyber security industry will look like in 2030?
Graham: Generative AI is the fastest growing technology I've ever seen in my career. Things have happened so quickly over the last two years, and they keep evolving.
I think by 2030 the power will be in the data, and the better understanding and comprehension that you can give to models, which we call grounding. Large language models are good because they can do language comprehension, but I don't think they are going to change massively. Further developments here are going to be based around the amount of data that we can hold and store.
Federico: I think there's going to be a massive amount of consolidation in the sector. Until now, cyber security has been very easy to sell and you didn't have to be good. These new AI capability gains will start to reveal who was just benefiting from a rising tide lifting all ships.
I also expect hyperscalers to try to catch up with Microsoft, which has shot so far ahead in terms of data security and security in general.
Amy: Can you talk about how Quorum Cyber stays ahead of the curve/builds sustainable barriers against competitors when it comes to AI developments? Does your long-standing relationship with Microsoft help here?
Federico: There’s a simplicity to our story with Microsoft, which others don't have. I don't have to spend time trying to integrate 50 other vendors, and that lack of overhead is great. This has enabled us to take risks quicker and faster and materialise benefits.
Our portfolio will evolve around AI, but we are here to help people continue to run their business while we take care of everything else. That will stay the same. Ultimately, cyber security companies don’t sell because of differences in features. If we help our customers win and fight bullies better, then we win.
Previous article
Adarma Appoints John Maynard as CEONext article
Brainlabs acquires Bengaluru-based Nabler