Electronic TradingCara: Virtual Security Expert

Continual Cybersecurity Risk Assessment to Safeguard Financial Markets Infrastructure

Cybersecurity Blindspots Put Financial Markets and Participants at Risk

$81mil stolen from banks via SWIFT. $14mil lost in Hong Kong digital “pump & dump” schemes using compromised online accounts. A securities trading firm employee charged with creating malware to steal intellectual property. These are the signs that cybersecurity must evolve to fit into the high performance environments of financial markets.

Continual Cybersecurity Risk Assessment From The Gold Standard Machine-Time Analytics Provider

Trusted daily by all major global banks and exchanges to monitor financial markets infrastructure, Corvil provides a quick way to for cybersecurity teams to gain effective visibility and conduct automated anomaly detection daily with zero-performance impact.

Corvil has combined our existing trade networks expertise, our understanding of advanced analytics and security domain knowledge to help organizations to understand the ongoing status of cybersecurity within the electronic trading environment.

This enhanced visibility, together with daily risk score reporting, gives trade desk managing directors a head start in continually conducting cyber-risk assessments, thinking about regulatory reporting, and responding to anomalous activities.

View a Demo

 

 


Outcomes

  • Electronic trading performance is not impacted by cybersecurity investigations
  • New cybersecurity regulatory reporting requirements can be addressed more efficiently
  • Daily business-level updates on cybersecurity risks to financial markets infrastructure
  • Attacks and exposures are identified earlier and more effectively addressed
  • Maximize value from existing infrastructure monitoring investment

"Corvil Virtual Security Expert is a natural extension of the anti-fraud detection and will detect and monitor threat actors to increase the level of cybersecurity around trading networks."

David Monahan, Enterprise Management Associates, Inc.

Problem: Cybersecurity Blindspots in Financial Markets Infrastructure

Financial markets infrastructure facilitates trillions of dollars worth of transactions on a daily basis yet remains a blind spot for their cybersecurity teams. The speed at which trade decisions are made and are transacted across that infrastructure represents a significant competitive advantage. The applications, communication protocols and infrastructure are finely tuned to maintain that advantage, therefore infrastructure changes required to support cybersecurity scrutiny, technologies and oversight have represented a negative impact on infrastructure performance.

As a result, cybersecurity analysis of electronic trading traffic has been unable to shift from reactive forensic analysis to more modern practices of proactive anomaly identification. The result is an inability of cybersecurity teams to tailor their visibility, analysis, policies and procedures to the specific risks associated with financial markets infrastructure that continue to grow and evolve as cyberattackers become more targeted.

Potential Consequences of Limited Cybersecurity Visibility:

  • Massive financial and reputational impact
  • Effect on market availability and integrity
  • Data manipulation/compromise of data integrity
  • Leaking of insider information on an ongoing basis
  • Increased regulatory risk, costs and complexity

Solution Benefits

Daily Cybersecurity Risk Assessment Updates

Simplified reporting and business-level risk scores provide assurance that evasive activity or anomalies are not lurking within the trading environment.

Zero-Overhead Cybersecurity Visibility

Obtain complete cybersecurity visibility without the performance hit of logging loads on servers by directly observing all activity on the trading network.

Eliminate Risk More Efficiently

Identify anomalous activities, cybersecurity exposures and attacks on trading infrastructure earlier and collaborate more effectively on response.

Reduce Cost And Complexity

Single platform for risk and compliance data, cybersecurity analysis, big data streaming, performance monitoring and troubleshooting, letting you reduce the number of tools needed.

"Corvil Virtual Security Expert gives security teams a relatively quick way to extend automated risk assessments, which combine machine-learning anomaly detection and threat detection analytics, to electronic trading networks."

Dan Cummins, Senior Analyst, Security, 451 Research

Solution Architecture

Solution Architecture

Solution Overview

Our solution provides daily cybersecurity risk assessment and threat detection based on automated, zero-performance impacting analysis of all activity on financial market trading networks. Key business stakeholders can use this assessment to improve collaboration with their cybersecurity and regulatory reporting teams.

Virtual expert automatically assesses and continually reports
Corvil Cara: Virtual Security Expert automatically assesses and learns from all machine activity on the network, detects possible attack patterns, bubbles up the most important issues and provides an overall risk assessment score suitable for non-expert IT, business and regulatory professionals.

High fidelity visibility of all activity on the trading network
Corvil’s existing monitoring infrastructure is already capturing every packet and flow that traverses trading infrastructure without impacting performance during market open, and with nanosecond precision required by trade surveillance. Corvil makes it easy for cybersecurity teams to leverage this existing visibility to investigate risks associated with specific users and the business context of all trading sessions, market data streams and non-trading traffic.

Learns normal behavior to automatically detect anomalies
Activity recorded from the trading network is analyzed by machine learning algorithms to baseline the norms of connected machines, applications, services and communications. Anomalies are detected from deviations from these baselines are detected and reported as input to an overall risk assessment score.

Correlates multiple indicators into an overall risk assessment score
In addition to machine-learning anomaly detection, Corvil streamlines risk assessment by correlating multiple threat indicators (such as user account compromise, remote exploits, reconnaissance scanning, lateral movement, denial of service, covert tunneling), and integrating threat intelligence data sources such as FS-ISAC.

Highlights

  • Addresses trade network monitoring gaps for cybersecurity risk detection and regulatory reporting
  • Risk analysis automatically leverages knowledge of trading-specific networks, protocols and host criticality
  • Avoids potential performance impact deploying dedicated security monitoring
  • Maximizes ROI of existing monitoring investment
  • Data streams can be integrated with regulatory reporting environments
  • Seamlessly integrates with security ecosystem