Our team recently took part in a few financial services (a.k.a. finserv) security events in the US and EMEA. After two and a half years of only meeting security leaders over Zoom, it was great to get together in-person and learn about the transformation of the industry and the new challenges security leaders are facing in banking, mortgage and insurance.
A few themes I noticed that are worth paying attention to for security vendors like Hunters, as we try to better serve the needs of the industry:
1 - Some banks and other financial services organizations are struggling to find the right combination of internal and external resources to manage their security operations. Many of the banks have difficulty hiring and retaining skilled SOC analysts. As a result, they can’t build up the in-house expertise they need and the analysts they have aren’t skilled enough to deal with significant incidents.
2 - A lot of these organizations have outsourced their SOC via an MSSP and have a small number of in-house analysts. (Those who don’t have MSSPs, don’t have enough resources to run 24x7 operations.) The organizations that do work with MSSPs run into communications challenges where information isn’t being transmitted properly to the organization. Balls get dropped. There’s a lot of “we thought you already knew” type conversations where not all relevant information makes it to the right source from the MSSP to the organization’s people managing technical and business responses.
3 - And there are data concerns. Some of that relates to audit requirements. They also feel frustration with their ability to access their historical data and transactional data in order to observe potential fraudulent activity. Storing data in more traditional systems like Splunk means massive data costs and access to all of their data can be time-consuming and tricky. As a result, it’s tough to be proactive.
At Hunters, we have seen that there is a huge opportunity to disrupt the way security operations are run, due to the massive overhead it requires for its day-to-day operations, even for mid-size or smaller organizations. Some things differ by industry, but the bottom line is that most organizations are finding they can’t keep up with their security needs with the technology and tools they had five – or even three – years ago.
It’s time to rethink SOC workflows and technology so they better serve security teams.