Security alert overload, a source of frustration for bank security departments for some time, appears to have careened out of control.
A survey of bank security chiefs by the research firm Ovum documents how high the daily volume of messages about possible security incidents has grown. A third of the respondents were from banks in North America.
Over a third (37%) of banks, it turns out, receive more than 200,000 security alerts a day.
In the research report, released Thursday, Ovum analyst Rik Turner called this a “signal-to-noise ratio” problem.
It’s too much for humans to cope with, even at banks with the largest security teams. Adding more operators isn’t the solution, the problem needs to be solved through automation, Rich Baich, chief information security officer at Wells Fargo, said in an interview.
“Volumes of alerts will continue to climb until organizations implement the appropriate technology and overlay them with operational innovations that allow the organization to rapidly sift through the mountains of data to find the actionable alerts,” Baich said.
Raj Samani, chief technology officer of the security software firm McAfee, also sees these volumes as unmanageable.
“There’s no way any organization can do the necessary analysis on 200,000 events a day,” he said in an interview. “Even if we take it back a touch, 61% of organizations receive in excess of 100,000 events a day. It’s far too much to deal with in a practical fashion. A number of those events will simply be ignored.”
The surveyed bank security executives seem to agree: Thirty-five percent said the ability to monitor and report security threats is their top security operational pain point. Further down the list are the worries of dealing with resource constraints, obtaining a skilled workforce, managing security workload and managing security threats of new technology such as cloud and mobile.
The survey also asked the security heads how many security tools they’re using. More than a third (36%) said they are using between 51 and 100. This is another challenge to managing security, though the respondents noted that having multiple, disparate security systems improves their overall security posture.
“The challenge is that most organizations are running more than 25 tools,” Samani said. “I was with a client last week and told them we’ve got some tools that let you check bitcoin wallet addresses. Their response to me was, ‘God, no, not another dashboard.’ ”
The disparate nature of the many security software packages banks use is the weakest link in bank security, Samani said. Interoperability between security software programs would help.
But Baich noted that such security tech complexity is unavoidable.
“As organizations move from maturing their cybersecurity program from a static program to one that is proactive and preemptive, that requires a greater portfolio of tools,” he said. “To meet the growing demand of the complex threat environment, organizations need to stay current with the latest solutions and often become system integrators synergizing disparate technologies to work together to solve the toughest problems. Thus, the quantity of tools required to accomplish these goals continues to grow."