Corvil Readies Artificially Intelligent Cyber Security Service

Blog entry

Financial analytics service provider Corvil plans to take its new Cara virtual cybersecurity service from beta mode to fully operational at the end of June, according to David Murray, chief business development officer at the company.

Cara is designed to meet security needs of electronic trading operations, to protect trading business against cyber attacks, and also to respond to concerns from regulators including the US Securities and Exchange Commission and the European Securities and Markets Authority about cyber attack risks.

The Cara service uses machine learning algorithms to detect vulnerabilities and cyber attacks on trading environments where transactions are processed.

“Cara learns what are normal and acceptable behaviors within a trading environment, as well as its own intelligence of what to look for. Because it actively learns, the longer it spends in the environment, the more it can identify anomalies and risk activities to be addressed, for response,” says Murray.

Cara’s artificial intelligence can also recognise the way a ransomware virus like WannaCry, which emerged as a threat on May 12, initiates scans of IP addresses to find vulnerabilities in machines, such as a lack of security patches that can stop its intrusion. Although few trading systems rely on Microsoft Windows, which is the system most vulnerable to WannaCry, the Cara service can detect such ransomware activity. Although trading networks tend to be segmented and protected, they are never completely immune to cyber attackers getting a foothold inside, according to Murray.

“We’re constantly running a machine learning algorithm to look at anomalies to baseline activity and allow security teams the information they need to further investigate the details and to respond,” he says.

Overall, Cara runs ongoing assessments, including user activity, to produce reports for firms’ security operations centers, or on a standalone basis, with scores of risks and vulnerabilities, according to Murray. Cara collects network communications from a trading system, without disrupting their path or slowing down the system. The service then analyses the communications traffic as it collects it.

“Because we know what to expect from all the trading protocols — we know all the market data technology and protocols that are used to talk back and forth with all exchanges globally, we have a very good understanding of the types of traffic and what’s taking place within these environments,” says Murray. “Cara can understand individual user activity. So we can balance and look at what’s happening from individual user accounts, because we can extract that information from the communication flow.”

Corvil has been working on Cara for about eight months to date. The company expects the service to be easy for its current customers to add and for new customers to implement. The European MiFID II regulation includes cyber security capability for trading environments, Murray notes.