Morphisec Cybersecurity Blog

Hedging Against Cyber Risk: The AMTD Edge for Investment Firms

Written by Oren Dvoskin | August 28, 2023 at 2:41 PM

“If an attacker successfully hacks our workstations or trading terminals, they’d have full access to the firm’s critical infrastructure.” This quote from a Chief Information Security Officer at a leading US-based hedge fund shines a light on the attack surface hedge funds have. However, putting in place a security stack that aligns with SEC and FINRA cybersecurity compliance requirements to counter this risk can complicate and even disrupt operational continuity.  

Compute-intensive solutions can degrade system performance, while a false alert from an endpoint protection platform (EPP) or endpoint detection and response (EDR) solution can disable trading software and create major financial losses. With financial trading platforms like Bloomberg Terminal frequently issuing configuration changes, false positives are common. 

 

Our experience helping hedge funds secure their environments and comply with federal and industry compliance requirements with preventative security solutions bears this out. A Morphisec client— a US-based quantitative hedge fund (“quant shop”) with over $5 billion in assets under management (AUM)— saves up to $10 million annually by using Morphisec to protect the firm against cyber-attacks and eliminate system downtime. Beyond a quantifiable dollar amount, the firm’s Morphisec deployment continuously delivers priceless operational and reputational cost savings.  

Signature and behavioral-based endpoint protection solutions struggle with advanced threats due to poor ransomware protection and have operational challenges when protecting mission-critical trading systems within hedge funds and alternative investment firms. The systems firms tend to use are highly performance-sensitive, have limited access for online signature and IOC updates, and must run without operational disruptions. This requires running traditional endpoint protection under restricted settings. This results in poor performance from these security tools, and leads to missed incidents, delayed detections, and increased remediation costs. It’s common for EDR and EPP solutions to miss 1-2 workstation events per quarter, creating major remediation workloads. 

 

What Hedge Funds Need to Worry About 

Client data creates a high cyber risk but so do proprietary algorithms and other intellectual property that, if exposed, can ruin a firm’s edge. Firm bosses are often aware of this relationship and cyber risk in general, but what's less obvious is the attack chain underpinning these risks. If fraud, extortion, and disruption to business continuity are at the sharp end of a wedge, unsecure endpoints and terminals are at the other.  

 

Even a small firm has hundreds of endpoints and assets under management. This creates a large attack surface. Financial platforms are also often accessed through dedicated private line infrastructure that effectively bypasses firewall and other perimeter security solutions, increasing their risk further.   

Our experience shows that evasive threats can linger undetected on financial terminals for prolonged periods, even in heavily defended environments. In one incident, Morphisec prevented a Cobalt Strike backdoor at an investment firm, Gootkit malware that was likely to have been present for over four months before Morphisec was installed. The malware could persist undetected and may have created a backdoor for threat actors when it was present. This happened despite the presence of a well-known scanning-based solution.  

 

The Future of Cybersecurity 

The Automated Moving Target Defense (AMTD) solution offered by Morphisec helps firms bridge the gap left undefended by their AVs, EDRs, and EPP solutions—and protect critical systems like Bloomberg Terminal.  

 Morphisec's AMTD solution creates an unpredictable attack surface on endpoints. Dynamically morphing device memory and switching targeted assets for decoys, Morphisec presents a false attack surface to illegitimate operations, while genuine processes can function without issues.  And it doesn't need to see signatures or IOCs to act.

More than 7,000 Morphisec customers rely on Morphisec, installed alongside their existing endpoint protection solution stacks to protect endpoints because it is: 

  • Extremely lightweight, almost universally compatible, and can operate without false alarms.
  • Flexible enough to protect the ever-present Bloomberg Terminal.
  • Able to reliably stop the world's most advanced attacks that don't have signatures or telemetry and protect device memory during run time.
  • Serves as one of the most effective ransomware prevention technologies.

This means that when Morphisec is installed on an endpoint, targeted resources are continuously changing, and threats fail by virtue of encountering a novel environment. Legitimate applications, even highly sensitive ones, don't suffer any performance penalty, and users are unaware of Morphisec's operation.  

No wonder Gartner has called AMTD “the future of cyber.”

 

A Hedge Fund Security Solution 

Hedge funds might thrive during market volatility, but they need their security operations to be predictable, seamless, and above all, effective.   

Recently, a leading North American hedge fund noticed a reduction in false positives of over 99% immediately following its deployment. The resulting increase in system uptime has saved the firm up to $10 million per year in potential lost revenue. 

Morphisec not only provided peace of mind and confidence in a layer of defense capable of stopping advanced threats—it also gave the CISO a clear ROI win. This is what hedge fund security needs to deliver: better security together with smoother operations, leaving volatility to the traders.  

Download this case study to learn how Morphisec helped a leading US-based hedge fund protect the firm’s endpoints and Bloomberg Terminal from ransomware and other advanced attacks.