Your SlideShare is downloading. ×
Network Security Threats Exposed: How to Keep Your Firm's Data & Infrastructure Safe
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Network Security Threats Exposed: How to Keep Your Firm's Data & Infrastructure Safe


Published on

Learn about the current threat landscape for hedge funds and investment firms and what best practices to implement to keep your firm's data and infrastructure secure.

Learn about the current threat landscape for hedge funds and investment firms and what best practices to implement to keep your firm's data and infrastructure secure.

Published in: Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Network Security Threats Exposed:How to Keep Your Fund’s Data & Infrastructure Safe
  • 2. Agenda The Security Landscape Case Studies Security: The New World Order Basic & Enhanced Security Best Practices Policies & Procedures for Security Management#ECIsecurity
  • 3. The Security Landscape Security is a serious concern for all kinds of businesses. Firms on Wall Street are particularly vulnerable. US government taking steps to thwart cyber attacks: Cybersecurity Act of 2012 SECURE IT Act#ECIsecurity
  • 4. A Few Statistics… 46% of SMBs have been victims of cybercrime. 31% are operating without anti-spam protection. 23% have no anti-spyware in place. 15% have no firewalls in place. 13% are operating without any security systems in place at all. Source:
  • 5. Hedge Fund Security &The New World OrderApril 2012
  • 6. Guess What, Hedge Funds?Lots of People Don’t Like You… #ECIsecurity
  • 7. Correction…They *REALLY* Don’t Like You… Anonymous – We’ll talk about these guys and hedge funds specifically in a few moments…#ECIsecurity
  • 8. Or If You Are Lucky…Only Want to Steal From You…#ECIsecurity
  • 9. So How Do They Do It?#ECIsecurity
  • 10. Here is the Nasty APT Truth…You’re Already Compromised… CEO - eSentire • Mined from Linkedin • Inserted into From fields VP Marketing - eSentire • Mined from Linkedin • Sent to me Exploit: Excel Macro • Dirt easy to run executable codeContext: Marketing Budget • Tell me you would not click this?• Sensible topic and timing• All completely inference based
  • 11. Real Customer Issue A Super-Awesome Phish… • Hedge customers were also Stratfor customers – They received this email only a week after Stratfor compromised – Sent this out based on harvested customer list Malicious code filled link waiting on the recipient responseFounder and CEOStratfor as sender
  • 12. More Scary APT Fun…True Story• Utility company contracted by us for VA• We found a standard form PDF used by the company for submitting job applications• Altered the PDF with an exploit via modified meterpreter backdoor• Social engineered submissions via email into HR• Installed key loggers and obtained admin level access to core network• Obtained access to bring down power to 50,000 people in seconds if we were having a bad day…#ECIsecurity
  • 13. Another Hedge Fund APT StoryFrom Krebs on Security• Cyber-intelligence firm contacts hedge fund IT to inform it that it had been compromised• Either that or the hedge fund had a subsidiary in China it knew nothing about• 15 PCs sending proprietary information back to the attackers• Exploit missed by 42 anti-virus products
  • 14. Scared Yet? We Haven’t EvenTalked About Insiders / DLP…#ECIsecurity
  • 15. Employee DLP Threat: Malicious orJust Common Stupidity• Intercepting an employee downloading the entire CRM database to her Gmail account• That can’t be good… yeah, it wasn’t….• Leaving memory sticks attached to car keys• Computers stolen from cars, phones left in bars, the lure of “getting it done”, etc. etc.• The many BYOD mobility issues#ECIsecurity
  • 16. Security: The New World Order• No longer about indiscriminate “hacking”• Targeted, highly motivated attacks• Shortcomings of security tools / “layers”• Network extrusion realities• AUP & social media consequences• Due diligence of institutional investors• Legislation (i.e. Dodd-Frank)#ECIsecurity
  • 17. Multi-Stage Defense: AcceptsPenetration as Fait Accompli 1. Initial Target Vehicle (i.e. email payload)  Identification method: Behaviors 2. Carrier / Exploit  Identification Method: Signatures 3. Activation  Occurs locally on machine: Signatures  Typically where AV plays 4. Payload Transfer  Identify: Behaviors & Signatures 5. Attack  Identify: Behaviors & Signatures#ECIsecurity
  • 18. Result: Whitelist Behaviors, NotExplicit Signatures Executable downloaded from Russia: Going on a limb here but… probably bad for most hedge funds…Silverlight updates:Normal
  • 19. What You Should Do:Get Protected…1. Internet acceptable use policy updated2. Identify key assets to protect3. Inventory your defences4. Vulnerability scan & penetration testing5. Vulnerability multi-dimensional analysis#ECIsecurity
  • 20. What You Should Do:Stay Safe…1. Advanced Persistent Threats 24X72. Data Extrusion 24X73. Social Media Monitoring 24X74. Whitelisting 24X75. Forensic Traffic Analysis: Always Recording#ECIsecurity
  • 21. Network Security Threats Exposed:How to Keep Your Firm’s Data & Infrastructure Safe
  • 22. Potential Security Risks Cyber attacks & other intrusions Inbound DMZs Internal threats#ECIsecurity
  • 23. Basic Security Best Practices You should already be doing! Anti-virus protection Network firewall Web filtering Strong password policy#ECIsecurity
  • 24. Enhanced Security Best Practices You should think about doing! Intrusion detection – Important to monitor your network and protect your assets – You need more than just a firewall/anti-virus protection Advanced Password Policy – Multi-factor authentication Policies & Procedures for Security Management#ECIsecurity
  • 25. Policies & Procedures to Support Security Management Access Control Policy – Who has access to what? – Principle of Least Privilege: Not everyone needs access to everything. – Keep an authentication/access log, e.g. AuthAnvil Acceptable Use Policy – Network and system access, email and communications, social media, etc.#ECIsecurity
  • 26. Policies & Procedures to Support Security Management Information Security Incident Management Policy – Process for dealing with a security incident – Who is responsible for handling incidents? What does the reporting & investigation process entail? Securities/Insider Trading Policy – Make sure employees understand the repercussions of insider trading!#ECIsecurity
  • 27. Policies & Procedures to Support Security Management Visitor/Contractor Premise Access Policy – Need to monitor access/activity of both internal and external people – Use physical security checkpoints/surveillance Personal Communications Device Policy – What is acceptable behavior for mobile devices? – Include information on data usage, texting, personal usage and loss/theft procedures#ECIsecurity
  • 28. Eze Castle Integration OverviewFounded 1995Headquarters 260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110 Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City,Additional San Francisco, Singapore and StamfordOffices • Strategic IT Consulting • Private Cloud Services • Outsourced IT Solutions • Business Continuity Planning • Professional Services • Disaster RecoveryCore Services • Project & Technology Management • Compliance Solutions • Communications Solutions • Storage Solutions • Network Design & Management • Colocation Services • Internet Service • E-Mail & IM ArchivingAwards Received
  • 29. 260 Franklin Street, 12th floor Boston, MA 02110 617-217-3000