In addition to taking advantage of human errors and naiveté, today’s hackers are also incredibly successful at identifying gaps in technology that can lead them to profit (monetary or otherwise). One of these most critical gaps is a lack of adequate and timely patch management.
Software vulnerabilities have turned heads in 2017 with news-making ransomware outbreaks such as WannaCry and Petya calling attention to outdated patches and legacy technology. First, hackers look for an entry point: often a phishing email or other social engineering scheme intended to fool users into leaving a gateway open. Once inside a firm’s network, there’s no telling the damage a hacker can do, but we’re witnessing increased activity and success in exploiting these security holes caused by inadequate patching.
What can firms do to address this security gap? Unfortunately, the problem of patch management cannot be resolved with one click of a button. Successful and ongoing management and monitoring of security patches requires a diligent effort – and one that cannot be 100% automated. Regardless of size, most firms do not have the internal resources required to manage frequent patch roll-outs, particularly for firms leveraging a host of third-party applications.
To sustain the highest levels of resiliency and prevent software vulnerabilities from causing harm on their own or at the hands of malicious hackers, firms should look to implement a patch management service. Companies – such as Eze Castle Integration! – can provide fully managed patch services to ensure software and firmware remain up-to-date and are proactively monitored to prevent security bugs and malicious exploits, reducing overall firm risk. This means seasoned IT experts are keeping pace with a constantly changing threat landscape, enforcing consistent IT policies to eliminate weak links and reducing overhead so your IT resources can focus on more complex tasks.
Ransomware threats are on the rise – WannaCry and Petya are just the beginning. To prevent future cyber threats from causing harm, financial and investment firms should employ security practices that include deep layers of protection. Here are five suggestions to keep in mind:
Back up. Unfortunately, hackers initiating ransomware attacks aren’t exactly on the up-and-up. After they’ve stolen your files and demanded a ransom, they claim files will be decrypted and restored – but those promises are typically dishonest. Odds are, even if you pay a ransom (which you shouldn’t!), your files won’t be decrypted. That means backups are the only way to successfully recover your data. Ensure you leverage a secure and reliable backup and recovery tool that will de-duplicate, compress, encrypt and securely transfer your data to an offsite data center.
Scan. To construct appropriate defenses against external threats, including ransomware attacks, financial firms should conduct regular vulnerability assessments on their networks. These assessments are critical to detecting actual and likely vulnerabilities, including potentially outdated patches. Vulnerability assessments scan for malware, viruses, backdoors, hosts communicating with botnet-infected systems, known/unknown processes and web services linking to malicious content.
In today’s market, the pressure from both investors and regulators is at a steady incline. Reporting obligations have grown complex, transparency is in high demand and compliance technology has become a vital component to a firm’s success. With various demands tug-o-warring hedge fund managers in multiple directions, a Client Relationship Management (CRM) platform could be the solution your financial firm has been searching for.
That is why firms are increasingly adopting Ledgex CRM, the revolutionary, stand-alone Client Relationship Management solution offered by our sister company, Ledgex Systems. Ledgex CRM is ideal for managing and tracking investor communications, sales pipelines, client relationships and capital movements. The highly configurable, centralized platform is tailor-made for hedge funds, family offices and asset allocators.
The product offers the sophisticated Client Relationship Management capabilities necessary to raise and retain more assets, maintain and grow clients, provide outstanding client service and meet heightened reporting requirements. Out of the box, the web-based solution delivers efficiencies, transparency and flexibility without increasing headcount or costs. By streamlining investor relationship management and capital activity, Ledgex CRM enables managers to optimize their time and focus on fostering relations and growing business.
Regulatory expectations and financial markets continue to evolve. Ensuing from these shifting landscapes are heightened pressures on the shoulders of investment firms to deliver greater transparency, manage complex relationships, improve the overall due diligence process and utilize mass data in a more interactive and intelligent way.
In this article, let's explore some common questions around how Research Management Software (RMS) and Portfolio Management Systems (PM) work together.
What are the key benefits of utilizing a Portfolio Management (PM) solution?
It likely goes without saying, but portfolio management systems are core to the investment operations of an investment firm. In the age when transparency is the rule, these systems allow managers to fully understand and manage portfolios and share that transparency with investors or other interested parties. The features of these systems continue to evolve.
For example, a Portfolio Management solution that incorporates models (i.e. Yale model) for cash forecasting enables users to easily forecast future asset values and cash flows of illiquid alternative assets, such as private equity investments. This forward planning capability enables planning for future cash requirements and enables firms to avoid a crisis of liquidity.
Our friends at Ledgex Systems are doing some sweet things (obligatory Valentine’s Day reference!) with their portfolio and research management system that warrant a mention.
As a lookback, in 2016 Ledgex introduced new features and enhancements aligned to the needs of family offices, endowments and foundations, wealth advisors, consultants and other alternative asset allocators. These noteworthy features include:
Comprehensive Portfolio Visualization Tools
Ledgex’s visualization tools optimize the presentation of data and notification/alert capabilities, and innovative dashboards bring key information to launch pages via interactive charts and graphs. Ledgex’s data aggregation tools also allow users to drill down deeper into data that helps uncover actionable insights.
An Enhanced Portfolio Management Workshop
Building off the assumption that a well-designed Workshop has all the tools a person needs, Ledgex created its own Workshop within the portfolio management module. Ledgex Workshop is designed specifically to enrich portfolio monitoring and modeling functions including performance, attribution, contribution, analytics, PM modeling and peer group analysis. Workshop provides the features, tools and reporting capabilities users require in an efficient and intuitive interface.
Advanced Research Management Capabilities
These days the value of having a system that combines portfolio management with research management cannot be ignored – and Ledgex is exceling in this area. Ledgex’s advanced RMS features simplify gathering, management and input of manager information while surrounding data with process driven workflows and dashboards.
With the Ledgex platform, users can collect and input manager data via a secure questionnaire or utilize the sophisticated email ‘listener’ tool which vastly simplifies the intake of enormous amounts of manager emails and documents. Ledgex then surrounds the data with advanced work-flows guided by sound research methodology and presents the most important information.
Categorized under: Software
Due to changes in the cyber security landscape, traditional firewalls on the port level are no longer effective at managing traffic. Malicious traffic has the capacity to enter any open port, which provides great risk to firm security. Next-generation firewalls work further than port-based firewalls by adding application inspection and intrusion prevention. Next generation firewalls have the ability to scan traffic as it enters and leaves the network, therefore stopping potential threats.
Eze Castle Integration is increasingly implementing Palo Alto next-gen firewalls for our hedge fund and alternative investment firm clients. Palo Alto is not only a next generation firewall but it is also the market leader based upon ratings, support, pricing and overall performance. A Palo Alto firewall has the ability to detect what traffic is doing and immediately stop threats from spreading by distributing protection.
Unknown traffic is analyzed by Palo Alto Wildfire, where new threats are identified and protections are simultaneously developed. Upon the discovery of an unknown threat, the threat is not only blocked but updates are sent to all global subscribers within five minutes to be able to stop them from spreading. Due to this feature each threat and its variants are blocked without having to go through the analysis process again. Through Wildfire information is also fed through a filter which allows for automatic blocking of any correlated threats.
Older port-based models do not detect what traffic is doing, therefore allowing threats to port hop until they find an open port in which they can enter. Viruses are not port specific and can therefore utilize any port. Without analyzing what traffic is doing threats can easily bypass a port-based model.
The current threat landscape is such that security threats are more likely to arise from within your network as opposed to external sources. Internal users opening malicious emails or becoming victims of phishing schemes are now preferred methods for attackers. The next generation capabilities of the Palo Alto firewalls allow for deep application level inspection to detect and thwart these threats from opening backdoors to your network.
Additional Advantages of Next Generation Firewalls
All-in-one functionality: Next-generation firewalls bundle traditional firewall functionality with intrusion prevention, antivirus and protocol filtering.
The new Apple iOS version 10, that was released today, delivers some cool new features but before jumping in we recommend you review the following upgrade steps.
Here’s why. As with any major update, there can be risks associated with early adoption until issues are uncovered and Apple has the time to debug and fix them. Eze Castle Integration has learned of some significant potential issues including risk of data loss due to incompatibilities with mobile device management (MDM) applications.
So here’s a critical to-do list before starting the iOS 10 upgrade.
FIRST - BACKUP
Backup your device. Always take a backup before updating your device.
1. The best way to do this is via WiFi at night when the device is also plugged into a power source (computer or electrical outlet). iCloud will back up your device on its own if configured correctly and provided you have enough storage. To ensure this is occurring, launch the Settings App -> iCloud -> Backup and see what it says next to “Last Backup:”. If it only states a time, then it means it backed up today and no further action is needed. If it says a date, you can back up the device by clicking “Back Up Now”. (Note: WiFi is required to back up this way). If this fails, you can back up to iTunes (see next bullet) or clients can call ECI’s Help Desk for assistance.
2. Alternatively, you can backup using iTunes. Plug the device into a computer, launch iTunes, right-click on your device and click “Back Up.”
Manually backup passwords. Ensure you know your iCloud passwords, iTunes Store password, email passwords and any other critical passwords. Write them down and test them. Then safely and securely discard that information. As a best practice, there are secure password storage applications available through the App Store.
Copy anything you can’t live without. Backup anything (i.e. photos) that you cannot live without. Do so in a way that you can verify the backup easily. One option is enabling iCloud Photo Library so you can access copies of your photos on all your other iOS devices.
On Thursday, August 25, Apple released iOS 9.3.5, the latest version of its iOS and one that should not be ignored. This update addresses multiple security vulnerabilities – namely three iOS flaws that cybercriminals or governments can use to steal confidential messages and eavesdrop using your device’s camera and microphone. It is recommended that all iOS devices be updated immediately.
The Story Behind Uncovering the iOS Exploit
The story behind the discovery of these iOS exploits provides a glimpse into the lucrative world of cyberwar and cybercriminals.
It all started when an internationally recognized human rights defender, Ahmed Mansoor, received two suspicious SMS text messages with hyperlinks. Mansoor identified the messages as questionable and forwarded them to researchers at Citizens Lab and Lookout Security for investigation.
Citizens Lab and Lookout, according to their report, “determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.” This spyware, known as a government-exclusive “lawful intercept” product, would have made Mansoor’s phone “a digital spy in his pocket” able to use the iPhone’s camera and microphone to monitor activity near the device. It also would have allowed for recording of his WhatsApp and Viber calls, logging of messages sent in mobile chat apps, and tracking of his movements. Scary stuff.
Phishing at Its ‘Finest’
According to a Lookout Security blog post, "the attack sequence, boiled down, is a classic phishing scheme: Send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information. This, however, happens invisibly and silently, such that victims do not know they've been compromised."
If you haven’t already, now might be a good time to check out the Eze Managed Phishing and Training Service (after you update your iPhone of course).
What did Citizens Lab and Lookout Security Do?
On Monday, March 21st at its California headquarters, Apple unveiled a new iPhone and iPad, as well as announced improvements to current products. Fittingly, CEO Tim Cook also discussed security at length – not shying away from concerns resulting from the current fight with the FBI. "We believe strongly that we have a responsibility to help you protect your data and protect your privacy. We owe it to our customers, and we owe it to our country,” he said. The key takeaways from the event are summarized below.
The 4-inch iPhone SE
The new iPhone was introduced as having all the power of the iPhone 6s, but with the aesthetic of the iPhone 5. The reason, said Apple VP Greg Joswiak, is simple: “For some people, they simply love smaller phones.” With a $399 price point, analysts believe that the new phone is Apple’s attempt to penetrate the fastest-growing markets of India and China, specifically “prepaid consumers who cannot afford, or are not familiar with, bigger screen smartphones,” said Neil Mawston, an analyst at Strategy Analytics.
The iPhone SE promises an A9 processor with faster LTE and Wi-Fi speeds, better battery life, 4k and 240 fps slow-mo video recording, live photo support, and Apple Pay. The 16GB model, as well as a 64 GB model for $499 go up for pre-order on March 24, 2016, with the first units shipping March 31, 2016.
9.7 inch iPad Pro
The “baby brother” to the 12.9 inch screen iPad Pro that some consumers deemed too large, the new 9.7 inch model is roughly the same size as the iPad Air 2 but with features like Apple Pencil, Apple’s Smart Keyboard, a 12 MP rear camera with 4K video recording and live photo support, and a 5 MP front-facing camera. In addition, the screen of the new iPad pro will be 40% less reflective than that of the iPad Air 2, but will be 25% brighter.
A feature called “True Tone” will benefit designers by constantly checking the lighting of the room and adjusting accordingly for color accuracy. Three models will be available for pre-order March 24, 2016: the 32GB for $599, 12GB for $749, and 256GB for $899.
The following is the second excerpt from our new whitepaper, Launching a Hedge Fund: 10 Keys to Success. To read part one, click here.
Develop an IT budget for your first 2-3 years.
Operating capital may be limited in the first few years after your launch, so careful budgeting and long range planning will serve your firm well. Your information technology budget should include priorities and figures for at least two to three years, including infrastructure/hardware and software requirements. Some questions you’ll want to consider:
How many offices are you launching with? Do you plan to open additional offices in the near future?
How many users do you have on day one? How many can you expect to have in years 2 and 3?
Where are your offices located? Are there cost differences between domestic and international offices?
What are your trading practices and how does this impact your budget?
What kinds of systems do you need? (Order Management, Portfolio Accounting, Risk Management, CRM, etc.)
Ensure your technology budget coincides with your firm’s growth plan. Do you expect to grow quickly? Open new offices? Expand internationally? You will need to account for these changes.
Understand hedge fund regulations and how they affect your firm.
Governmental oversight of the financial industry has evolved dramatically in the last decade. Hedge funds, private equity firms and registered investment advisers now operate in a world where they are beholden to regulatory bodies with growing expectations and requirements. When launching your hedge fund, you’ll need to be clear up front with any responsibilities you may have to any applicable agencies – in the United States, that means the Securities and Exchange Commission (SEC). Are you required to register? If so, represent your firm accurately and be descriptive of your operations. If not forthcoming, you may open up your firm to serious regulatory and criminal prosecution.
Categorized under: Launching A Hedge Fund Cloud Computing Security Disaster Recovery Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Software Trends We're Seeing