News Article

New Threats Require New Countermeasures
Date: Apr 02, 2014
Source: ( click here to go to the source)

Featured firm in this article: Observable Networks LLC of St Louis, MO



Cyber-security threats come from many sources: criminal and hired hackers, terrorists, state-sponsored intruders, and even misguided computer experts who want to test their penetration skills.

Hedge funds and other financial-market firms are potential targets, as they are consumers of an installed base of highly distributed infrastructure meant to deliver market data. That entire installed base—from the production of data at the exchange, all the way through the collection networks, down through the ticker plant, and out the distribution networks—is an example of a highly integrated system, which creates vulnerabilities.

"No system can be effectively defended using conventional approaches. Security can be enhanced through password management, firewall management, configuration management, but these are not silver bullets," said Bryan Doerr, chief executive of Observable Networks, a network security provider. "What's needed is the ability to look at that entire collection, processing and distribution infrastructure—to recognize normal behavior for each of the components in the path, and recognize when that system is demonstrating behavior indicative of a problem."

The recent widely publicized security breach at retailer Target is an example of what Doerr refers to as the "dissolution of the corporate network as we know it."

"The interconnectedness of businesses in ways that aren't supported by a protected perimeter is affecting our ability to protect in conventional ways," Doerr said. "The perimeter now includes our partners, and our defensive strategies have to be inclusive of protection mechanisms that allow for the fact that a partner might be compromised, and through that compromise us."

At a roundtable on cyber security held by the SEC on March 26, participants noted the elevation of information security threats through the upper ranks of management. "Ten years ago, this was viewed by some as an IT problem," said Mark Manley, deputy general counsel and chief compliance officer at AllianceBernstein. "Today, for asset managers, broker-dealers, and fund complexes, this has to be a central business imperative."
Mary Jo White, SEC

Mary Jo White, SEC

The SEC in 2013 adopted Regulation S-ID, requiring broker-dealers, mutual funds, and investment advisers to identify relevant types of identity theft red flags, detect the occurrence of those red flags, and to respond appropriately to the detected red flags. The CFTC adopted a similar rule.

"Cyber threats pose non-discriminating risks across our economy to all of our critical infrastructures, our financial markets, banks, intellectual property, and, as recent events have emphasized, the private data of the American consumer," said SEC chairman Mary Jo White at the roundtable. "What emerges from this arresting view of the cyber-security landscape is that the public and private sectors must be riveted, in lockstep, in addressing these threats."

For hedge funds, the biggest threat is a breakdown of systems and an inability to get at the markets and data for decision making and for client communication, according to Robert O'Boyle, senior vice president at Liquid Holdings, a provider of cloud-based services hedge funds. "As more information is passed through in public and private networks, the opportunity for data loss and theft is always imminent," he said.

As the nature of attacks and their motivations and vulnerabilities change, so too must the approach to defense.

That means a new definition of "normal."

"Normal isn't just things seem to be working well from a performance perspective and the apparent absence of any viruses," said Doerr. "Normal means understanding at a very granular level the normal behavior of all the devices and connections into your network, which is the opposite of what we do today. Today we just assume the network is behaving normally and we try to recognize threats. We try to understand them through the signature. That recognition of the threat needs to give way to the idea of recognizing normal, and then understand what has changed."