Network Security Threats Exposed: How to Keep Your Firm's Data & Infrastructure Safe
Upcoming SlideShare
Loading in...5
×
 

Network Security Threats Exposed: How to Keep Your Firm's Data & Infrastructure Safe

on

  • 784 views

Learn about the current threat landscape for hedge funds and investment firms and what best practices to implement to keep your firm's data and infrastructure secure.

Learn about the current threat landscape for hedge funds and investment firms and what best practices to implement to keep your firm's data and infrastructure secure.

Statistics

Views

Total Views
784
Views on SlideShare
784
Embed Views
0

Actions

Likes
0
Downloads
21
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Network Security Threats Exposed: How to Keep Your Firm's Data & Infrastructure Safe Network Security Threats Exposed: How to Keep Your Firm's Data & Infrastructure Safe Presentation Transcript

  • Network Security Threats Exposed:How to Keep Your Fund’s Data & Infrastructure Safe
  • Agenda The Security Landscape Case Studies Security: The New World Order Basic & Enhanced Security Best Practices Policies & Procedures for Security Management#ECIsecurity
  • The Security Landscape Security is a serious concern for all kinds of businesses. Firms on Wall Street are particularly vulnerable. US government taking steps to thwart cyber attacks: Cybersecurity Act of 2012 SECURE IT Act#ECIsecurity
  • A Few Statistics… 46% of SMBs have been victims of cybercrime. 31% are operating without anti-spam protection. 23% have no anti-spyware in place. 15% have no firewalls in place. 13% are operating without any security systems in place at all. Source: http://press.pandasecurity.com/wp-content/uploads/2010/08/2nd-International-Security-Barometer.pdf#ECIsecurity
  • Hedge Fund Security &The New World OrderApril 2012
  • Guess What, Hedge Funds?Lots of People Don’t Like You… #ECIsecurity
  • Correction…They *REALLY* Don’t Like You… Anonymous – We’ll talk about these guys and hedge funds specifically in a few moments…#ECIsecurity
  • Or If You Are Lucky…Only Want to Steal From You…#ECIsecurity
  • So How Do They Do It?#ECIsecurity
  • Here is the Nasty APT Truth…You’re Already Compromised… CEO - eSentire • Mined from Linkedin • Inserted into From fields VP Marketing - eSentire • Mined from Linkedin • Sent to me Exploit: Excel Macro • Dirt easy to run executable codeContext: Marketing Budget • Tell me you would not click this?• Sensible topic and timing• All completely inference based
  • Real Customer Issue A Super-Awesome Phish… • Hedge customers were also Stratfor customers – They received this email only a week after Stratfor compromised – Sent this out based on harvested customer list Malicious code filled link waiting on the recipient responseFounder and CEOStratfor as sender
  • More Scary APT Fun…True Story• Utility company contracted by us for VA• We found a standard form PDF used by the company for submitting job applications• Altered the PDF with an exploit via modified meterpreter backdoor• Social engineered submissions via email into HR• Installed key loggers and obtained admin level access to core network• Obtained access to bring down power to 50,000 people in seconds if we were having a bad day…#ECIsecurity
  • Another Hedge Fund APT StoryFrom Krebs on Security• Cyber-intelligence firm contacts hedge fund IT to inform it that it had been compromised• Either that or the hedge fund had a subsidiary in China it knew nothing about• 15 PCs sending proprietary information back to the attackers• Exploit missed by 42 anti-virus products http://krebsonsecurity.com/2011/10/chasing-apt-persistence-pays-off/#more-11589#ECIsecurity
  • Scared Yet? We Haven’t EvenTalked About Insiders / DLP…#ECIsecurity
  • Employee DLP Threat: Malicious orJust Common Stupidity• Intercepting an employee downloading the entire CRM database to her Gmail account• That can’t be good… yeah, it wasn’t….• Leaving memory sticks attached to car keys• Computers stolen from cars, phones left in bars, the lure of “getting it done”, etc. etc.• The many BYOD mobility issues#ECIsecurity
  • Security: The New World Order• No longer about indiscriminate “hacking”• Targeted, highly motivated attacks• Shortcomings of security tools / “layers”• Network extrusion realities• AUP & social media consequences• Due diligence of institutional investors• Legislation (i.e. Dodd-Frank)#ECIsecurity
  • Multi-Stage Defense: AcceptsPenetration as Fait Accompli 1. Initial Target Vehicle (i.e. email payload)  Identification method: Behaviors 2. Carrier / Exploit  Identification Method: Signatures 3. Activation  Occurs locally on machine: Signatures  Typically where AV plays 4. Payload Transfer  Identify: Behaviors & Signatures 5. Attack  Identify: Behaviors & Signatures#ECIsecurity
  • Result: Whitelist Behaviors, NotExplicit Signatures Executable downloaded from Russia: Going on a limb here but… probably bad for most hedge funds…Silverlight updates:Normal
  • What You Should Do:Get Protected…1. Internet acceptable use policy updated2. Identify key assets to protect3. Inventory your defences4. Vulnerability scan & penetration testing5. Vulnerability multi-dimensional analysis#ECIsecurity
  • What You Should Do:Stay Safe…1. Advanced Persistent Threats 24X72. Data Extrusion 24X73. Social Media Monitoring 24X74. Whitelisting 24X75. Forensic Traffic Analysis: Always Recording#ECIsecurity
  • Network Security Threats Exposed:How to Keep Your Firm’s Data & Infrastructure Safe
  • Potential Security Risks Cyber attacks & other intrusions Inbound DMZs Internal threats#ECIsecurity
  • Basic Security Best Practices You should already be doing! Anti-virus protection Network firewall Web filtering Strong password policy#ECIsecurity
  • Enhanced Security Best Practices You should think about doing! Intrusion detection – Important to monitor your network and protect your assets – You need more than just a firewall/anti-virus protection Advanced Password Policy – Multi-factor authentication Policies & Procedures for Security Management#ECIsecurity
  • Policies & Procedures to Support Security Management Access Control Policy – Who has access to what? – Principle of Least Privilege: Not everyone needs access to everything. – Keep an authentication/access log, e.g. AuthAnvil Acceptable Use Policy – Network and system access, email and communications, social media, etc.#ECIsecurity
  • Policies & Procedures to Support Security Management Information Security Incident Management Policy – Process for dealing with a security incident – Who is responsible for handling incidents? What does the reporting & investigation process entail? Securities/Insider Trading Policy – Make sure employees understand the repercussions of insider trading!#ECIsecurity
  • Policies & Procedures to Support Security Management Visitor/Contractor Premise Access Policy – Need to monitor access/activity of both internal and external people – Use physical security checkpoints/surveillance Personal Communications Device Policy – What is acceptable behavior for mobile devices? – Include information on data usage, texting, personal usage and loss/theft procedures#ECIsecurity
  • Eze Castle Integration OverviewFounded 1995Headquarters 260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110 Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City,Additional San Francisco, Singapore and StamfordOffices • Strategic IT Consulting • Private Cloud Services • Outsourced IT Solutions • Business Continuity Planning • Professional Services • Disaster RecoveryCore Services • Project & Technology Management • Compliance Solutions • Communications Solutions • Storage Solutions • Network Design & Management • Colocation Services • Internet Service • E-Mail & IM ArchivingAwards Received
  • 260 Franklin Street, 12th floor Boston, MA 02110 617-217-3000 www.eci.com