Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Last year's SEC 28-point security Risk Alert triggered a wave of regulatory compliance reports and requirements that have transformed the way the industry thinks about cybersecurity. The big breach stories of 2014 made the topic unavoidable in the boardroom and a top priority on the legislative slate.
Initial findings released after the SEC’s first wave of cybersecurity examinations revealed staggering facts: of the 106 firms inspected, 88% of broker-dealers and 74% of advisers examined experienced a cyber attack either directly or through one of their vendors.
As a result of these initial examinations, the SEC and FINRA last February released a series of recommendations. These recommendations are intended as interim guidance while the SEC and FINRA continue to build out a formal compliance framework.
Without a doubt, these recommendations are essential (and fundamental) cybersecurity considerations, however many firms have found it difficult to navigate the maze and determine which points are applicable to the unique requirements based on their firm’s size.
Recognizing that the recommendations aren’t a one-size-fits-all guide, eSentire recently published a pragmatic document categorizing considerations for varying sizes of firms, building on three specific measures highlighted in the SEC findings. While they don’t necessarily form an explicit list of what firms should do to fulfill their duties when it comes to information security, it’s important to be able to identify which of the recommended facets apply to your firm and its unique size. The three measures focus on:
The SEC Matrix from eSentire takes these three measures into account, divvying them for firms with AUM under $1B, between $1-5B and firms with over $5B in AUM. While each class has very unique considerations, it’s important to regard the lists as additive; as firms move higher on the scale they shouldn’t just consider the list prescribed for larger funds. It’s important that larger funds review and consider recommendations for smaller funds too, as those measures are critical for funds of all sizes.
The document is a pragmatic security to-do list that helps ensure that as you’re continually augmenting your cybersecurity defences you’ve got peripheral compliance considerations covered too. To view the complete lists and pragmatic checklist download your copy of the SEC Matrix today.
In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.