Exclusive Q&A: National City’s CSO Gareth Webley on Protecting Today’s Bank How the U.S.’s eighth largest bank is solving modern challenges and converging securityÂ
http://www.securityinfowatch.com/online/The-Latest/Exclusive-Q-and-A–National-Citys-CSO-Gareth-Webley-on-Protecting-Todays-Bank/9898SIW306Â
Geoff Kohl, editor
SecurityInfoWatch.com SecurityInfoWatch.com recently caught up with Gareth Webley, the CSO for National City, the eight largest financial services company in the U.S. As Webley puts it, “We’re the biggest bank you’ve never heard of.” National City has close to 1,600 branches in eight states, and with its brokerage and mortgage divisions, the company has a virtual national presence, despite the fact that the Ohio-based bank is still somewhat regional in focus.Â
SIW: It seems that when we go through the risks you mention - network attacks, phishing attacks, robberies, life-safety of employees - they still silo out to either network security or physical security. Is that the case, or can you treat the risk group areas in a converged manner? We are actually in the process of designing and building a new command center where we will treat alarms or alerts from both worlds in the same way. There will be a security operator in our security command center which will be manned 24/7. They will be looking at alerts from burglar alarms, robbery, and tuned things coming off our networks IDS’s. It will also be making sure that those IP-enabled security devices (alarm panels, DVRs) are network accessible.Â
We now view it as an even more critical need. We believe that if we’ve got an alarm panel out there, it needs to be able to communicate through the network. We’ll also have a redundant dial system. We’re starting to see more and more devices that are IP enabled. For example, if you have a door lock that is controlled by IP traffic, and someone is able to spoof that contact or cause that device through an electronic hack to open, or at the same time interrupt a video service, then someone could perhaps pick that lock, and gain access to the facility. We’re really starting to see that as more security devices get IP enabled, attacks against organizations are going to start to converge as well. Some of the romanticized views of crimes in the movies are actually going to become more real as people get more sophisticated. We’ve also seen a shift from network attacks done by what we call “strip kitties” (people just doing it for the glory) to it being backed by organized crime. And eventually, I think those investments by organized crime are going to be made and they’ll have skills to attack network controls and network security devices as well as the old brute force through the door.Â
SIW: This is a very progressive idea, this idea of the converged command center. You’ll have alerts coming in on intrusion alarms, alerts on network attacks, and maybe they’ll have different priorities, but they’ll be coming into one view. Can you tell us more about how this will operate? Our command center will be monitored 24/7. Our geeks that monitor our firewalls, phishing alerts and all those sorts of things typically work during the day. They need to go home at night. So a lot of these alerts would be set to go to pagers or e-mail queues, and there pagers are going off so much that they tend to get desensitized to that. So for us, it’s important to have a security officer that we can train to look at these alerts and ask, “Should I get the firewall engineer out of bed?” So we’re thinking very hard about that so we can have work flows and queues that they can set up to be reviewed by a subject matter expert the next day if they feel this is a medium priority. But having someone who can watch the trending happen is a tremendous benefit, and it’s a better use of the resources.Â
It’s very exciting to think through and design it. And hopefully by the end of 2007 we will have it up and running, at least in its pilot stages.Â
Recent Comments