Finding the Signal through the Noise: A CISO's Guide to Modern Security Observability

It was 2003 when I felt the true cost of delayed security detection. As Technical Director of Cybersecurity at Bankinter, one of Spain's largest banks, I watched in real-time as a sophisticated phishing attack unfolded across our network. 

While our security tools diligently collected data for analysis, thousands of customers' accounts were at risk. Every minute spent waiting for our systems to process and alert was another minute the attackers had to achieve their objectives. That night fundamentally changed how I think about security operations – when you're responsible for protecting people's financial lives, waiting minutes, let alone hours, for threat detection isn't just inefficient, it's indefensible.

Fast forward to 2024, and this problem has only grown exponentially worse.

In an era of sophisticated cyber threats and expanding attack surfaces, security leaders face a critical challenge: transforming massive volumes of security data into actionable intelligence before threats materialize. According to Statista, global data creation will exceed 180 zettabytes by 2025—a 9x increase from 2020. For CISOs, this exponential growth presents both opportunity and risk.

The opportunity lies in leveraging this data for enhanced threat detection and response. The risk? Missing critical security signals buried in the noise, leading to costly breaches and compliance violations. Mean Time to Detect (MTTD) for sophisticated attacks averages 277 days (IBM's 2023 Cost of a Data Breach Report). Recent high-profile incidents tell a stark story:

• Capital One took 127 days to detect unauthorized access

• Marriott discovered their breach after 4 years

• LastPass failed to detect their initial breach for months

The harsh reality? The security tools we've trusted for years just weren't built for today's threat landscape, or the threats coming our way tomorrow. They're leaving organizations vulnerable, and the cost is staggering.

The impact of complex, inadequate systems extends far beyond immediate incident response costs, which reached 4.88M this year—a 10% increase over last year and the highest total ever (IBM). Consider these alarming statistics:

• 82% of organizations cite data storage costs as a top security budget concern (IDC), and data storage costs are increasing around 25% annually (IDC)

• Only 25% of enterprise data is used for analytics, while as much as 75% is "dark" and goes unused (Splunk)

• Only 32% of data meets quality standards for analysis (Gartner)

• 82% report infrastructure overload from data volume (Cloud Native Computing Foundation)

These numbers paint a clear picture: organizations are collecting vast amounts of data but with their current tools, they are struggling to derive meaningful value. Organizations are eating away at their budgets by storing data that never gets used. 

Legacy observability tools, with their inherent latency and skyrocketing costs, are exacerbating the problem. The fundamental issue lies in how legacy solutions handle data:

• Batch Processing Bottlenecks - Traditional SIEM solutions process data in 15-minute to 1-hour batches, with some taking up to 24 hours for complete analysis. In cybersecurity, that's an eternity.

• Unsustainable Cost Structures - Organizations spend $2,000 to $7,000 per terabyte annually for full SIEM data retention (Gartner). With data volumes exploding, this approach is economically unsustainable. 

• Alert Fatigue Reality - Security analysts are overwhelmed—with an average of 11,047 alerts per day according to Forrester's 2023 Security Analytics Platforms research. Nearly 45% of these alerts are false positives resulting in burning out from constant alert triage while critical threats slip through the cracks.

Leaders in the observability space have made incremental improvements but still fail to address these challenges. They rely on batch processing, leading to inherent latency, and they lack intelligent data prioritization, resulting in cost inefficiencies and alert fatigue. 

When we started Onum, we recognized that incremental changes weren't enough—we needed a paradigm shift to help us derive significantly more value from our data and significantly less complexity to finding it.

Onum processes and enriches data at the source, helping organizations reduce complexity, outpace ever-growing risks, and deliver customer value in milliseconds, not minutes. We’ve reimagined security observability through a modern, stream-based architecture designed for today's threat landscape and tomorrow’s security challenges. Onum delivers:

• Sub-millisecond data enrichment and analysis through stream processing

• Real-time data classification and prioritization

• Native integration with major SIEM, SOAR, and EDR platforms through REST APIs and dedicated connectors

• Automated response workflow triggers with sub-second latency

• Continuous correlation using machine learning-based threat detection

The platform's workflows integrate seamlessly with your existing security infrastructure, extending and enhancing current investments rather than replacing them. Onum unlocks immediate, impactful insights because we:

• Reduce Overhead and Operational Bottlenecks - By processing data at the edge, as close as possible to where it's generated, Onum’s Listeners capture and analyze data in real-time, before it ever reaches your SIEM or other analytical systems. This edge-first approach achieves performance that's 5x faster than traditional batch processing methods while using a fraction of the infrastructure. By handling data at the source, we dramatically reduce the processing burden on your core systems.

• Enrich and Transform Data In-Transit - Onum transforms how data moves through your security stack. Rather than sending all data to your SIEM for processing and enrichment, Onum identifies the relative value of each data field in transit, which means you only send business-critical data to your expensive analytics systems, while maintaining full fidelity copies of all data for compliance. The result is significantly lower costs without sacrificing visibility or compliance requirements.

• Enable Real-time Data-Backed Decisions - Onum revolutionizes alert management through real-time event correlation and intelligent triggering. Instead of waiting for data to reach your analytics platform for assessment, Onum discovers and alerts on abnormalities, potential security risks, and system failures as data traverses the wire. Our approach enables immediate remediation of issues before they become larger problems, while dramatically reducing false positives that lead to alert fatigue.

With cybercrime damages projected to reach $10.5 trillion annually by 2025, the question isn't whether to modernize your security observability – it's whether you can afford not to. Every minute of delay in threat detection exponentially increases your risk exposure and potential damages.

Customers using Onum are seeing:

• 70% reduction in detection and response times

• 50% decrease in data storage costs

• Significant improvement in analytics effectiveness

• Enhanced compliance through automated controls

That night at Bankinter and the many days after taught me a crucial lesson: In cybersecurity, time is more than money – it's the difference between protection and compromise. As attack surfaces expand and threats evolve, waiting for after-the-fact analysis isn't just risky – it's reckless.

Why wait to get value from your data? 

Join our new monthly newsletter for more insights on modern security operations, or schedule a demo to see Onum in action.