05:58 PM
Canaras Capital Protects its Data Against Botnet Threat
If you work for an alternative asset management firm, so much rides on protecting intellectual property, customer data and the reputation of your firm. That is the message from Raffi Jamgotchian, chief information officer at Canaras Capital LLC, an alternative asset manager specializing in credit markets that was founded in 2006.
With botnets and other dangerous forms of crimeware anonymously launching distributed attacks on companies, Canaras Capital set out to protect the firm's reputation.About three months ago, the start-up implemented FireEye Inc.'s crimeware prevention solution to proactively manage suspicious network traffic without slowing down or impeding its operations. Though it was a fairly quick decision - the CIO says he typically takes a bit longer in evaluating technology - "It was something that I felt was the core of what we wanted to do in terms of the security of our firm," says Jamgotchian.
Canaras built its firm to be very flexible and mobile for a number of reasons, but "that also brings in some risk," notes the CIO. Half of the firm's workforce is completely mobile, with both the CEO and operations staff traveling overseas. The firm also has clients coming and going into its offices. There's the potential for someone plugging in a laptop and introducing a worm because they have been in a hot spot in Southeast Asia, he says. Canaras also lets investors utilize its space. "We sanction them off but we also want to make sure we protect them and us from anything they potentially can bring into the environment," he says.
At last week's SIFMA Technology Management Conference, David Rand, CTO, Internet Content Security at Trend Micro Incorporated, talked about the way that hackers are infiltrating corporate security defenses. "There is no barrier to our corporate network anymore," said Rand, mentioning the access from home users and employees working remotely from hotels. "You need to think of this as a very real threat to your business," warned Rand.
In the SIFMA speech titled, "What's Your Reputation Worth," Rand urged firms to take control of their security. "The threats today are regional, they're targeted, they're sequential blended and they're well hidden. There's no magic bullet or a single solution you can buy," he cautioned.
A botnet is a series of mini applications or bots that sit dormant around the world and compromise machines, explains Jamgotchian. They are targeted attacks distributed from a large number of places and botnets typically sit in many homes or universities. There are also botnet herders that rent out their botnets to organized crime.
On the commercial side, botnets can become a source of targeted attacks on financial services institutions, says Jamgotchian. Network security works in two ways: either it knows what to look for such as a virus signature or attack signature, or it looks for some change in the network - someone blasting out a lot of information or attacking someone on the network.
What is really hard to detect is the "slow burn" - someone going around and compromising computers one-by-one, with an unknown attack vector. "Once they attack your machines, they can use that to attack other machines or other institutions," he says.
This could damage a firm's reputation if word leaked out in the press, suggests the CIO. "How would that look in the press if another firm said your systems are attacking us?" comments Jamgotchian.
As a precaution, Canaras connected FireEye to its network to watch for any suspicious traffic. "My computer is now talking to a server on my network," he says. "Most network switches, like Cisco, allow you to copy any traffic you have to a single network jack. It copies the network that is happening on the jack to the FireEye," he explains. " That conversation is replayed on its systems. It's like having a tape recorder running in the background," says Jamgotchian. When it's replayed on the system, FireEye looks at what would be the effect on a machine that was vulnerable, he says. Based on that, it will determine whether it was an attack or not. "It's very easy, non-intrusive to your existing environment.
The alternative asset manager brings up the topic of security with its clients as part of their conversation. "When we do our pitch we talk about our investment process, and our operations process and the last thing we talk about is our information systems including disaster recovery and I also tack on this part about security," says the CIO. Interestingly, most financial firms don't talk about security, says Jamgotchian. But Canaras conveys to clients, "These are the steps we're (taking) to ensure we're doing our best to protect your data," he says. Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio