Electronic TradingContinual Cybersecurity Risk Assessment

Cara: Virtual Security Expert

$81M stolen from banks via SWIFT. $14M lost in Hong Kong digital “pump & dump” schemes using compromised online accounts. A securities trading firm employee charged with creating malware to steal intellectual property. These are the signs that cybersecurity must evolve to fit into the high performance environments of financial markets.

Continual Cybersecurity Risk Assessment From The Gold Standard Machine-Time Analytics Provider

Trusted daily by all major global banks and exchanges to monitor financial markets infrastructure, Corvil provides a quick way to for cybersecurity teams to gain effective visibility and conduct automated anomaly detection daily with zero-performance impact.

Corvil has combined our existing trade networks expertise, our understanding of advanced analytics and security domain knowledge to help organizations to understand the ongoing status of cybersecurity within the electronic trading environment.

This enhanced visibility, together with daily risk score reporting, gives trade desk managing directors a head start in continually conducting cyber-risk assessments, thinking about regulatory reporting, and responding to anomalous activities.




  • Electronic trading performance is not impacted by cybersecurity investigations
  • New cybersecurity regulatory reporting requirements can be addressed more efficiently
  • Daily business-level updates on cybersecurity risks to financial markets infrastructure
  • Attacks and exposures are identified earlier and more effectively addressed
  • Maximize value from existing infrastructure monitoring investment

Nanosecond Precision of All Market Data Feeds

Corvil Virtual Security Expert gives security teams a relatively quick way to extend automated risk assessments, which combine machine-learning anomaly detection and threat detection analytics, to electronic trading networks.

– Dan Cummins, Senior Analyst, 451 Research

IT Central Station

Best Practices for Trade Infrastructure and Execution Analytics

Free Download

Key Benefits of Corvil Cara

Daily Cybersecurity Risk Assessment Updates
Simplified reporting and business-level risk scores provide assurance that evasive activity or anomalies are not lurking within the trading environment.

Zero-Overhead Cybersecurity Visibility
Obtain complete cybersecurity visibility without the performance hit of logging loads on servers by directly observing all activity on the trading network.

Eliminate Risk More Efficiently
Identify anomalous activities, cybersecurity exposures and attacks on trading infrastructure earlier and collaborate more effectively on response.

Reduce Cost And Complexity
Single platform for risk and compliance data, cybersecurity analysis, big data streaming, performance monitoring and troubleshooting, letting you reduce the number of tools needed.

Problem Overview

Cybersecurity Blindspots in Financial Markets Infrastructure

Financial markets infrastructure facilitates trillions of dollars worth of transactions on a daily basis yet remains a blind spot for their cybersecurity teams. The speed at which trade decisions are made and are transacted across that infrastructure represents a significant competitive advantage. The applications, communication protocols and infrastructure are finely tuned to maintain that advantage, therefore infrastructure changes required to support cybersecurity scrutiny, technologies and oversight have represented a negative impact on infrastructure performance.

As a result, cybersecurity analysis of electronic trading traffic has been unable to shift from reactive forensic analysis to more modern practices of proactive anomaly identification. The result is an inability of cybersecurity teams to tailor their visibility, analysis, policies and procedures to the specific risks associated with financial markets infrastructure that continue to grow and evolve as cyberattackers become more targeted.


  • Massive financial and reputational impact
  • Effect on market availability and integrity
  • Data manipulation/compromise of data integrity
  • Leaking of insider information on an ongoing basis
  • Increased regulatory risk, costs and complexity

Solution Overview

Continual Cybersecurity Risk Assessment

Our solution provides daily cybersecurity risk assessment and threat detection based on automated, zero-performance impacting analysis of all activity on financial market trading networks. Key business stakeholders can use this assessment to improve collaboration with their cybersecurity and regulatory reporting teams.

Virtual Expert Automatically Assesses and Continually Reports
Corvil Cara: Virtual Security Expert automatically assesses and learns from all machine activity on the network, detects possible attack patterns, bubbles up the most important issues and provides an overall risk assessment score suitable for non-expert IT, business and regulatory professionals.

High Fidelity Visibility of All Activity on the Trading Network
Corvil’s existing monitoring infrastructure is already capturing every packet and flow that traverses trading infrastructure without impacting performance during market open, and with nanosecond precision required by trade surveillance. Corvil makes it easy for cybersecurity teams to leverage this existing visibility to investigate risks associated with specific users and the business context of all trading sessions, market data streams and non-trading traffic.

Learns Normal Behavior to Automatically Detect Anomalies
Activity recorded from the trading network is analyzed by machine learning algorithms to baseline the norms of connected machines, applications, services and communications. Anomalies are detected from deviations from these baselines are detected and reported as input to an overall risk assessment score.

Correlates Multiple Indicators into an Overall Risk Assessment Score
In addition to machine-learning anomaly detection, Corvil streamlines risk assessment by correlating multiple threat indicators (such as user account compromise, remote exploits, reconnaissance scanning, lateral movement, denial of service, covert tunneling), and integrating threat intelligence data sources such as FS-ISAC.


  • Addresses trade network monitoring gaps for cybersecurity risk detection and regulatory reporting
  • Risk analysis automatically leverages knowledge of trading-specific networks, protocols and host criticality
  • Avoids potential performance impact deploying dedicated security monitoring
  • Maximizes ROI of existing monitoring investment
  • Data streams can be integrated with regulatory reporting environments
  • Seamlessly integrates with security ecosystem

See What No One Else Can See

Schedule a Demo