Continual Cybersecurity Risk Assessment to Safeguard Financial Markets Infrastructure
$81mil stolen from banks via SWIFT. $14mil lost in Hong Kong digital “pump & dump” schemes using compromised online accounts. A securities trading firm employee charged with creating malware to steal intellectual property. These are the signs that cybersecurity must evolve to fit into the high performance environments of financial markets.
Trusted daily by all major global banks and exchanges to monitor financial markets infrastructure, Corvil provides a quick way to for cybersecurity teams to gain effective visibility and conduct automated anomaly detection daily with zero-performance impact.
Corvil has combined our existing trade networks expertise, our understanding of advanced analytics and security domain knowledge to help organizations to understand the ongoing status of cybersecurity within the electronic trading environment.
This enhanced visibility, together with daily risk score reporting, gives trade desk managing directors a head start in continually conducting cyber-risk assessments, thinking about regulatory reporting, and responding to anomalous activities.
"Corvil Virtual Security Expert is a natural extension of the anti-fraud detection and will detect and monitor threat actors to increase the level of cybersecurity around trading networks."
David Monahan, Enterprise Management Associates, Inc.
Financial markets infrastructure facilitates trillions of dollars worth of transactions on a daily basis yet remains a blind spot for their cybersecurity teams. The speed at which trade decisions are made and are transacted across that infrastructure represents a significant competitive advantage. The applications, communication protocols and infrastructure are finely tuned to maintain that advantage, therefore infrastructure changes required to support cybersecurity scrutiny, technologies and oversight have represented a negative impact on infrastructure performance.
As a result, cybersecurity analysis of electronic trading traffic has been unable to shift from reactive forensic analysis to more modern practices of proactive anomaly identification. The result is an inability of cybersecurity teams to tailor their visibility, analysis, policies and procedures to the specific risks associated with financial markets infrastructure that continue to grow and evolve as cyberattackers become more targeted.
Simplified reporting and business-level risk scores provide assurance that evasive activity or anomalies are not lurking within the trading environment.
Obtain complete cybersecurity visibility without the performance hit of logging loads on servers by directly observing all activity on the trading network.
Identify anomalous activities, cybersecurity exposures and attacks on trading infrastructure earlier and collaborate more effectively on response.
Single platform for risk and compliance data, cybersecurity analysis, big data streaming, performance monitoring and troubleshooting, letting you reduce the number of tools needed.
"Corvil Virtual Security Expert gives security teams a relatively quick way to extend automated risk assessments, which combine machine-learning anomaly detection and threat detection analytics, to electronic trading networks."
Dan Cummins, Senior Analyst, Security, 451 Research
Our solution provides daily cybersecurity risk assessment and threat detection based on automated, zero-performance impacting analysis of all activity on financial market trading networks. Key business stakeholders can use this assessment to improve collaboration with their cybersecurity and regulatory reporting teams.
Virtual expert automatically assesses and continually reports
Corvil Cara: Virtual Security Expert automatically assesses and learns from all machine activity on the network, detects possible attack patterns, bubbles up the most important issues and provides an overall risk assessment score suitable for non-expert IT, business and regulatory professionals.
High fidelity visibility of all activity on the trading network
Corvil’s existing monitoring infrastructure is already capturing every packet and flow that traverses trading infrastructure without impacting performance during market open, and with nanosecond precision required by trade surveillance. Corvil makes it easy for cybersecurity teams to leverage this existing visibility to investigate risks associated with specific users and the business context of all trading sessions, market data streams and non-trading traffic.
Learns normal behavior to automatically detect anomalies
Activity recorded from the trading network is analyzed by machine learning algorithms to baseline the norms of connected machines, applications, services and communications. Anomalies are detected from deviations from these baselines are detected and reported as input to an overall risk assessment score.
Correlates multiple indicators into an overall risk assessment score
In addition to machine-learning anomaly detection, Corvil streamlines risk assessment by correlating multiple threat indicators (such as user account compromise, remote exploits, reconnaissance scanning, lateral movement, denial of service, covert tunneling), and integrating threat intelligence data sources such as FS-ISAC.