Corvil and Endgame: Safeguarding the World's Algorithms

Dangers of hacking back

To obtain a competitive advantage, businesses across nearly every sector are increasingly turning towards algorithms to unlock and act on signals hidden in mounds of data.  Today, algorithms frequently drive key revenue generating and back office functions. These implementations have moved beyond hardcoded or basic statistical models, often incorporating Artificial Intelligence (AI) and Machine Learning (ML) based approaches, where the algorithm’s underlying rules are learned not written. As with most key technological advancements, securing these algorithms has largely been an afterthought. Endgame and Corvil have partnered to address this gap.

 

Early Implementation of Machine Learning

The financial sector was one of the first sectors to turn to algorithms. In the late 1990s, to optimize training operations, the first computers began trading without human intervention. However, the underlying methods were simple in comparison to algorithmic trading that accounts for 90% of modern trading activity.  Other sectors have followed suit, adopting algorithms as a way to rapidly make complex decisions without human involvement. Today, when you shop online, apply for a loan, or binge watch Netflix originals - algorithms are working behind the scenes.  Over the last 18 months, the security community, a relatively late entrant, has put an almost obsessive focus on leveraging machine learning to improve detection outcomes.

 

Dangers with the Rise of the Machine

While Mark Zuckerberg and Elon Musk debate the dangers of this emerging future, others are looking for ways to exploit this evolving reality.  Massive data breaches often dominate the headlines, but the threats to algorithms are often overlooked.  Algorithms can be gamed, stolen, or manipulated.

To offer a simple example, ride-sharing companies use algorithms to track, motivate, and compensate their drivers. For instance, when there is a lack of drivers on the road in a specific area, pricing algorithms implement price surges to attract drivers. Since fares during a surge are considerably more profitable, drivers have been organizing massive “switch offs” to trigger surge pricing. This is possible because, through experimentation, the drivers understand the basic features that drive the algorithm’s output.  

As the ride-sharing example demonstrates, algorithms can be manipulated for profit.  In 2015, an engineer at Citadel, a Chicago-based hedge fund, was convicted of stealing thousands of files containing "alpha and term" data via a personal hard drive.  The engineer used the data to trade in his personal brokerage account. Ironically, the perpetrator lost money, possibly because the data was no longer reflective of current market conditions.  In April 2017, a KCG employee allegedly installed a credential-stealing tool in order to access systems and steal source code from his hedge fund employer.  While most Wall Street firms aggressively block external email and external storage devices, attackers evolve. What’s interesting about this case is that the actor, an insider, employed attacker tools and techniques to achieve his ultimate objectives.  

Five years ago, Knight Capital served as a case study that perhaps foreshadows the dangers posed by an errant or degraded algorithm.  An errant algorithm cost the trading firm $10 million a minute over a 45-minute window, resulting in a 70% loss in market value. Although this was based on developer error, not attacker success, it demonstrates the risks involved when algorithms are manipulated. 

 

Protecting Enterprises from Targeted Attacks in A Machine World

Clearly, reverse engineering, unauthorized access, or manipulation of algorithms pose a threat to algorithmic businesses. Security vendors are not immune. In a recent webinar, Endgame’s technical director of data science, Hyrum Anderson, showed how even blackbox machine learning models can be gamed and exploited if an adversary is given the ability to run sufficient experiments against those algorithms.

Endgame and Corvil have partnered to provide a unique solution to address the dangers posed to algorithmic businesses. Endgame, whose customers include the most targeted military and commercial organizations, is the only endpoint platform unifying prevention, detection and response, and threat hunting to stop sophisticated attacks before theft can occur. With customers among those in the top global banking and financial services companies, Corvil provides real-time traffic analysis to safeguard financial transactions representing over $1 trillion on a daily basis. Together, the Endgame-Corvil partnership provides a joint solution, with full stack protection, nanosecond visibility, and lightweight threat hunting for the most sensitive environments.  In the financial sector, the joint solution is uniquely equipped to protect both back office, development, and trading environments.  

With expertise and lineage that well understands the challenges and opportunities this growing reliance on algorithms brings, Corvil and Endgame are uniquely experienced in safeguarding enterprises from these evolving threats. Corvil and Endgame will continue to work closely with algorithmic businesses, across a variety of sectors, to help protect their customers, partners, and investors.