Hedge Fund Plugs Potential Data Loss Source
Data Loss Prevention is quickly becoming an area of focus for enterprises striving to enhance their security posture with MSSP 2.0 to keep them safe. As the war on Advanced Persistent Threats escalates, companies are turning their attention to preventing their most important assets from getting out, namely their information. What is unique in this case study, is the fact that the “cyber-adversary” came from within the trusted ranks of the company, one of their own employees. Information leakage from staff, both intentional and unintentional, is often over-looked in the arms race to keep cyber-adversaries from getting in.
The Problem:
A leading hedge fund company, on a daily basis, utilizes 3 strategic, industry-standard software tools to interact with their customer information databases which have limited built-in usage tracking capabilities. Only by a fortunate co-incidence did management discover that an employee had successfully transferred vital, customer-specific data out of one of these systems to a location outside the firm. Clearly a more systemic and proactive mitigation capability was required.
For a hedge fund, customer data defines the very existence of the firm and this type of data leakage represents a significant threat to the company.
The Challenge:
The first hurdle was to determine how anomalous activity could be detected within these industry specific, business-critical tools currently in standard use by hedge fund firms globally. Ideally the hedge fund wanted to be able to monitor user activity within these applications to identify typical/atypical behavior, flag inappropriate behavior, halt an outbound data transfer if appropriate, and obtain a forensic-level playback of traffic.
In order to analyze the specific application-level systems, eSentire’s approach was 3-fold:
- Firstly, through collaboration with the client, eSentire security analysts were able to identify what specific activity might be considered inappropriate.
- Secondly, eSentire identified what logging capabilities were already available within the products.
- Thirdly, eSentire mapped the identifiable characteristics of inappropriate behavior to the logging information available.
The Results:
To achieve this solution, eSentire deployed a network traffic sensor capable of analyzing multiple network flows and decrypting appropriate traffic to obtain the usage details within these industry standard customer database applications.
As a result of this implementation, this hedge fund client is now able to preserve the integrity and confidentiality of their business critical customer information associated with these key applications. Through eSentinel real-time managed security services, user activity that falls outside of “normal operation”, such as generating full database reports and downloading or saving customer information will trigger time-sensitive alerts at the eSentire Security Operations Center. No longer will an employee be able to hijack confidential customer data without the firm being made aware, and the offending behavior being immediately shut down by eSentinel network interceptor technology.
The loss of such mission critical information would have posed to this hedge fund customer a serious loss of credibility with grave consequences for them. This is now a disaster scenario that eSentire heps them avoid on a 24×7, 365 basis.