Turning Hedge Fund Security Inside-Out: Why Your Firm May Already Be Compromised…And What to Do About It

AgendaExternal Threat Management

Exploitation Methodology

Why You’re Already Compromised

Operational Management

Mobile Devices & BYOD

#ECIsecurity

eSentire™ Hedge FundCybersecurity Review

Hedge Fund Cybersecurity

• External Threats• External Vulnerability Assessment• Penetration Test• Disconnection from reality• Small External Footprint

Copyright © eSentire, Inc.#ECIsecurity

Reality: Most Successful Attack Vectors

Copyright © eSentire, Inc.

Malware Via Email

#ECIsecurity

Reality: Most Successful Attack Vectors

Copyright © eSentire, Inc.

Malware Via Drive-By-Download

#ECIsecurity

Reality: Most Successful Attack Vectors

Copyright © eSentire, Inc.

Malware Transferred Via USB

#ECIsecurity

Exploitation Methodology

Copyright © eSentire, Inc.

INFILTRATE

EXFILTRATE

…

…

…

PROFIT!

#ECIsecurity

Cyber Kill Chain

RECONNAISANCE

WEAPONIZATION

DELIVERY

EXPLOIT

INSTALLATION

COMMAND AND CONTROL (CIC)

ACTIONS or OBJECTIONSUsually Exfiltration

#ECIsecurity

Cyber Kill Chain (Mitigation And Detect)

RECONNAISANCE

WEAPONIZATION

DELIVERY

EXPLOIT

INSTALLATION

COMMAND AND CONTROL (CIC)

ACTIONS or OBJECTIONSUsually Exfiltration

MITIGATEDETECT

MITIGATEDETECT

MITIGATEDETECT

MITIGATEDETECT

MITIGATE

DETECT

MITIGATE

DETECT

MITIGATE

DETECT

#ECIsecurity

Defense and Mitigation Activities

DETECT

DENY

DISRUPT

DEGRADE

DECEIVE

DESTROY

#ECIsecurity

Course of Action Matrix

PHASE DETECT DENY DISRUPT DEGRADE DECEIVE DESTROY

RECON Web Analytics

FirewallACL

LinkedInHoneytoken

WEAPONIZE NIDS NIPS

DELIVERY VigilantUser

SMTPProxy

In-line AV

Executable Whitelisting

Queuing

EXPLOIT HIDS PatchingData

ExecutionProtection

INSTALL HIDS ‘chroot’ Jail AV

C&C NIDS FirewallACL NIPS Tarpit DNS

Redirect

ACTION/OBJAudit Log

Network TrafficForensics

Quality of Service Honeypot

Copyright © eSentire, Inc.#ECIsecurity

Multi-Dimensional Vulnerability AssessmentWe Assume Your Network Is Already Compromised

CONFIDENTIAL - Copyright © eSentire, Inc.

• External AND Internal VA• Technical AUP Rigor• Network Traffic Analysis• Patch Analysis• Active Directory Analysis• MS Domain Event Analysis• Defensibility Analysis

#ECIsecurity

eSentire™ Cybersecurity Analysis

• Every MDVA performed in the last two years has shown evidence of malicious activity on the inside

• The client usually does not know about it (e.g. silent drive-by download)

• In practically all cases, vector has nothing to do with a direct external attack perspective

• Demonstrates current problems and how to resolve moving forward

Copyright © eSentire, Inc.#ECIsecurity

Cybersecurity ‘Low-Hanging Fruit’

CONFIDENTIAL - Copyright © eSentire, Inc.

• Enforce strong passwords and 2FA

• Lockdown External Space• Remove Local Admin• Patch! MS, Adobe, JRE,

Browsers• Restrict EXE download and

install • Logging with NTP enabled

#ECIsecurity

CONFIDENTIAL - Copyright © eSentire, Inc.

Forget the Barbarians at the Gate

It’s the Ones Inside

Your Network You

Should Worry About

#ECIsecurity

Thank you

+1 866.579.2200

info@eSentire.com

http://www.eSentire.com

https://twitter.com/#!/eSentire

Turning Hedge Fund Security Inside-Out

Operations to Support Your Technology Policies & Procedures:– Such as:

• Access Control• Acceptable Use• Information Security Management

Mobile Device Management– Bring Your Own Device

#ECIsecurity

Policies & ProceduresAccess Control Policy– Who has access to what?– Principle of Least Privilege: Not everyone needs access

to everything.– Keep an authentication/access log, e.g. AuthAnvil

#ECIsecurity

Policies & ProceduresAcceptable Use Policy– What is acceptable for employees to view/access at

work?• Network and system access• Personal email and communications• Blogs, wikis, chat rooms• Social media

#ECIsecurity

Information Security Incident Management Policy– Process for dealing with a security incident– Who is responsible for handling incidents? What does

the reporting & investigation process entail?

#ECIsecurity

Policies & Procedures

Securities/Insider Trading Policy– Make sure employees understand the repercussions

of insider trading!

#ECIsecurity

Policies & Procedures

Visitor/Contractor Premise Access Policy– Need to monitor access/activity of both internal and

external people– Use physical security checkpoints/surveillance

Personal Communications Device Policy– What is acceptable behavior for mobile devices?– Include information on data usage, texting, personal

usage and loss/theft procedures

#ECIsecurity

Policies & Procedures

Mobile Device ManagementBring Your Own Device (BYOD)– Be sure to:

• Educate employees about mobile device security.• Remind users to utilize caution when opening email and

attachments.• Implement security measures such as the use of passwords

and remote wipe capabilities.• Employ encryption tools.• Only connect to secure Wi-Fi networks.• Be careful with downloads.

#ECIsecurity

Eze Castle Integration OverviewFounded 1995

Headquarters

Additional Offices

260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110

Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City, San Francisco, Singapore and Stamford

Core Services

• Strategic IT Consulting• Outsourced IT Solutions• Professional Services• Project & Technology Management• Communications Solutions• Network Design & Management• Internet Service

• Private Cloud Services• Business Continuity Planning• Disaster Recovery• Compliance Solutions• Storage Solutions• Colocation Services• E-Mail & IM Archiving

Awards Received

Learn more at www.eci.com.

260 Franklin Street, 12th floor Boston, MA 02110 617-217-3000 www.eci.com