turning hedge fund security inside-out
DESCRIPTION
As proactive as you might think you are, your firm cannot always protect itself from a security breach. In fact, the truth is: your firm may already be compromised. Learn more about the current threat landscape for hedge funds and how to cope with both internal and external security threats.TRANSCRIPT
![Page 1: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/1.jpg)
Turning Hedge Fund Security Inside-Out: Why Your Firm May Already Be Compromised…And What to Do About It
![Page 2: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/2.jpg)
Agenda
External Threat Management
Exploitation Methodology
Why You’re Already Compromised
Operational Management
Mobile Devices & BYOD
#ECIsecurity
![Page 3: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/3.jpg)
eSentire™ Hedge FundCybersecurity Review
![Page 4: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/4.jpg)
Hedge Fund Cybersecurity
• External Threats• External Vulnerability Assessment• Penetration Test• Disconnection from reality• Small External Footprint
Copyright © eSentire, Inc.#ECIsecurity
![Page 5: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/5.jpg)
Reality: Most Successful Attack Vectors
Copyright © eSentire, Inc.
Malware Via Email
#ECIsecurity
![Page 6: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/6.jpg)
Reality: Most Successful Attack Vectors
Copyright © eSentire, Inc.
Malware Via Drive-By-Download
#ECIsecurity
![Page 7: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/7.jpg)
Reality: Most Successful Attack Vectors
Copyright © eSentire, Inc.
Malware Transferred Via USB
#ECIsecurity
![Page 8: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/8.jpg)
Exploitation Methodology
Copyright © eSentire, Inc.
INFILTRATE
EXFILTRATE
…
…
…
PROFIT!
#ECIsecurity
![Page 9: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/9.jpg)
Cyber Kill Chain
RECONNAISANCE
WEAPONIZATION
DELIVERY
EXPLOIT
INSTALLATION
COMMAND AND CONTROL (CIC)
ACTIONS or OBJECTIONSUsually Exfiltration
#ECIsecurity
![Page 10: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/10.jpg)
Cyber Kill Chain (Mitigation And Detect)
RECONNAISANCE
WEAPONIZATION
DELIVERY
EXPLOIT
INSTALLATION
COMMAND AND CONTROL (CIC)
ACTIONS or OBJECTIONSUsually Exfiltration
MITIGATEDETECT
MITIGATEDETECT
MITIGATEDETECT
MITIGATEDETECT
MITIGATE
DETECT
MITIGATE
DETECT
MITIGATE
DETECT
#ECIsecurity
![Page 11: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/11.jpg)
Defense and Mitigation Activities
DETECT
DENY
DISRUPT
DEGRADE
DECEIVE
DESTROY
#ECIsecurity
![Page 12: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/12.jpg)
Course of Action Matrix
PHASE DETECT DENY DISRUPT DEGRADE DECEIVE DESTROY
RECON Web Analytics
FirewallACL
LinkedInHoneytoken
WEAPONIZE NIDS NIPS
DELIVERY VigilantUser
SMTPProxy
In-line AV
Executable Whitelisting
Queuing
EXPLOIT HIDS PatchingData
ExecutionProtection
INSTALL HIDS ‘chroot’ Jail AV
C&C NIDS FirewallACL NIPS Tarpit DNS
Redirect
ACTION/OBJAudit Log
Network TrafficForensics
Quality of Service Honeypot
Copyright © eSentire, Inc.#ECIsecurity
![Page 13: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/13.jpg)
Multi-Dimensional Vulnerability AssessmentWe Assume Your Network Is Already Compromised
CONFIDENTIAL - Copyright © eSentire, Inc.
• External AND Internal VA• Technical AUP Rigor• Network Traffic Analysis• Patch Analysis• Active Directory Analysis• MS Domain Event Analysis• Defensibility Analysis
#ECIsecurity
![Page 14: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/14.jpg)
eSentire™ Cybersecurity Analysis
• Every MDVA performed in the last two years has shown evidence of malicious activity on the inside
• The client usually does not know about it (e.g. silent drive-by download)
• In practically all cases, vector has nothing to do with a direct external attack perspective
• Demonstrates current problems and how to resolve moving forward
Copyright © eSentire, Inc.#ECIsecurity
![Page 15: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/15.jpg)
Cybersecurity ‘Low-Hanging Fruit’
CONFIDENTIAL - Copyright © eSentire, Inc.
• Enforce strong passwords and 2FA
• Lockdown External Space• Remove Local Admin• Patch! MS, Adobe, JRE,
Browsers• Restrict EXE download and
install • Logging with NTP enabled
#ECIsecurity
![Page 16: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/16.jpg)
CONFIDENTIAL - Copyright © eSentire, Inc.
Forget the Barbarians at the Gate
It’s the Ones Inside
Your Network You
Should Worry About
#ECIsecurity
![Page 18: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/18.jpg)
Turning Hedge Fund Security Inside-Out
![Page 19: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/19.jpg)
Operations to Support Your Technology
Policies & Procedures:– Such as:
• Access Control• Acceptable Use• Information Security Management
Mobile Device Management– Bring Your Own Device
#ECIsecurity
![Page 20: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/20.jpg)
Policies & Procedures
Access Control Policy– Who has access to what?– Principle of Least Privilege: Not everyone needs access
to everything.– Keep an authentication/access log, e.g. AuthAnvil
#ECIsecurity
![Page 21: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/21.jpg)
Policies & Procedures
Acceptable Use Policy– What is acceptable for employees to view/access at
work?• Network and system access• Personal email and communications• Blogs, wikis, chat rooms• Social media
#ECIsecurity
![Page 22: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/22.jpg)
Information Security Incident Management Policy– Process for dealing with a security incident– Who is responsible for handling incidents? What does
the reporting & investigation process entail?
#ECIsecurity
Policies & Procedures
![Page 23: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/23.jpg)
Securities/Insider Trading Policy– Make sure employees understand the repercussions
of insider trading!
#ECIsecurity
Policies & Procedures
![Page 24: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/24.jpg)
Visitor/Contractor Premise Access Policy– Need to monitor access/activity of both internal and
external people– Use physical security checkpoints/surveillance
Personal Communications Device Policy– What is acceptable behavior for mobile devices?– Include information on data usage, texting, personal
usage and loss/theft procedures
#ECIsecurity
Policies & Procedures
![Page 25: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/25.jpg)
Mobile Device Management
Bring Your Own Device (BYOD)– Be sure to:
• Educate employees about mobile device security.• Remind users to utilize caution when opening email and
attachments.• Implement security measures such as the use of passwords
and remote wipe capabilities.• Employ encryption tools.• Only connect to secure Wi-Fi networks.• Be careful with downloads.
#ECIsecurity
![Page 26: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/26.jpg)
Eze Castle Integration Overview
Founded 1995
Headquarters
Additional Offices
260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110
Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City, San Francisco, Singapore and Stamford
Core Services
• Strategic IT Consulting• Outsourced IT Solutions• Professional Services• Project & Technology Management• Communications Solutions• Network Design & Management• Internet Service
• Private Cloud Services• Business Continuity Planning• Disaster Recovery• Compliance Solutions• Storage Solutions• Colocation Services• E-Mail & IM Archiving
Awards Received
Learn more at www.eci.com.
![Page 27: Turning Hedge Fund Security Inside-Out](https://reader033.vdocuments.us/reader033/viewer/2022061219/54b882f44a79593c328b45f1/html5/thumbnails/27.jpg)
260 Franklin Street, 12th floor Boston, MA 02110 617-217-3000 www.eci.com