When I first met Irish monitoring vendor Corvil a few months ago, I was immediately struck they were the antithesis of a Silicon Valley startup—they demonstrated a deeper reverence for the history of the industry and their founders than is the norm and seemed somehow friendlier than what I’m used to. The fact that their new product has been named “Cara,” meaning “friend” in Irish, is yet another proof-point that my initial assessment about these folks was correct.
Cara is a virtual analyst that, at least in this iteration, is designed for trading platforms. Trading platforms are a great test case for these sort of monitoring/security products, since security is often seen as a barrier to their singular priority—speed and agility. As Corvil put it to me, it’s like expecting a safety-focused Volvo to compete in Formula 1. Culturally absurd. This market opportunity, that of applying security fabrics to trading platforms is very timely—the pressure is on from the SEC and other regulatory authorities for banks to quickly and reliably delivery robust security. Indeed, last year, Mary Jo White, chair of the U.S. Securities and Exchange Commission, highlighted Cybersecurity as the biggest risk facing the financial system. The Office of Compliance Inspections and Examinations (OCIE) has also placed cybersecurity on its high priority list for 2017. Corvil tells me they have a significant proof point of this fact—some seven proof of concept or production customers have come on board in the handful of months since they started talking about it with customers.
There is some justification to Corvil’s assertion that not only perception but technical realities lead to a lack of good cybersecurity coverage in the financial space—as they point out, many companies cannot use traditional security technologies because of their negative impact on the performance and speed of trading infrastructures. Therefore, encryption, firewalls and endpoint security technologies are typically not used, leaving businesses poorly protected and vulnerable to a wide variety of attack styles. This is no longer acceptable practice, with boards of directors and regulators insisting on new cybersecurity practices and policies to safeguard the underlying high-speed infrastructure.
This is also more broadly interesting, since it is the first version of Corvil’s machine learning technology. The internal team creating this tech is made up of Corvil’s CTO, Fergal Toomey, and four data scientists. But beyond the whizz bang technology, the key message that Corvil is trying to get across is how simple and easy it is—it runs overnight when the trade plant is closed, detects any anomalies via benchmarking and machine-learning technologies and sends it straight to the Inbox of the CISO or MD of the Trade Plant every morning in a report without the customer having to do anything.
The key thing here is a visually engaging and plain language way of surfacing information which is generally only seen in a very structured and complex way. “Cara” produces a brief cybersecurity intelligence report highlighting the overall risk level and top threats detected. The report is hyperlinked to the underlying Corvil wire data findings which allows security teams to quickly and easily review and validate attack activity.
The offering requires no human involvement or cloud connection. The solution operates standalone or can be integrated with a customer’s security ecosystem, with support for all major SIEMs and threat intelligence platforms. The solution requires no additional infrastructure for existing Corvil analytics customers, to whom it is being is offered at no charge for a limited time.
The model leverages the existing data and metadata to deliver over-the-top value. Cara works with Corvil’s existing analytics appliances. It applies machine learning algorithms to learn and model the normal behavior of activity seen on the network. It then runs a broad range of multi-dimensional security analytics to arrive at a simple and effective overall threat assessment score, consumable by executives, but with the underlying forensic detail required by security analysts for detailed investigation and response.
MyPOV
Delivering over the top insights of wire data (as opposed to simply pushing all that data into another analytics offering) makes total sense. Doing so natively and on-platform is, in my view, the right way to go about things.
Of course many other vendors in the space would suggest they’re also offering analytics over the top of their core monitoring solution. Given the market opportunity, however, there is certainly space for a number of players, and the introduction of Cara looks like a positive development for the financial services industry.