Wall Street & Technology: Blog: Merrill, NYSE Execs Talk about IT Security

Merrill, NYSE Execs Talk about IT Security

Internal threats, particularly where company employees from different departments collaborate over a long period of time to defraud the firm - are proving to be one of the biggest security headaches for financial firms, a conference at the New York Stock Exchange heard on Tuesday.

"Security has quickly moved beyond the physical to internal collaborative long-term activities, where people enter an organization and over a 3 to 5 year period commit fraud," said Jefffrey M. Birnbaum, chief technology architect and global head of architecture and engineering, Merrill Lynch.

"That's a scary thing," he said, citing the recent SocGen scandal which saw a trader deal a $7.2 billion blow to his company. "We need almost an anti-money laundering system to prevent these threats."

Birnbaum was one of several experts speaking about security, storage and virtualization at the "Banking on Israel IT" conference held under the auspices of the Israel Export and International Cooperation Institute.

Speakers included Steve Rubinow, CIO, NYSE Euronext, Richard Rabinovich, managing director, Citibank, and Stefan Dietrich, managing director, AXA.

(l to r) Jeffrey Birnbaum, Merrill Lynch; Stefan Dietrich, AXA; Steve Rubinow, NYSE Euronext; Richard Rabinovich, Citibank

Although internal threats are on the rise, companies must continue to protect themselves against external threats - particularly given today's increasing focus on external collaborative applications and social networking tools which can expose them to attacks, Rubinow said.

The CIO pointed out that NYSE Euronext has a fairly tight control over its data since most transactions come through a private network. "But we will be opening up more and more, it's the way of the world," he said. "We're looking for tools to open up, but at the same time," he added, NYSE needs to keep the bad guys out.

In the meantime, Rubinow said NYSE, like other U.S. companies, is turning to small technology firms, as well as the big players, for security solutions. "IBM and HP don't have all the answers, and we can't just wait for them," he said. "There is a risk that small companies won't be here in 5 years. But small companies in Israel or elsewhere are very attractive to us."

Israeli security vendors who made presentations to U.S. securities firms at the conference included Aladdin Knowledge Systems, which showcased its eToken (a USB-based authentication solution) and eSafe, a secure web gateway providing protection against web-based threats and attacks.

Also on hand were Applicure Technologies, whose DotDefender protects web sites and enterprise applications from external and internal attacks; Insightix, whose solution enables IT departments to see all the devices on their network; and Intellinx, which provides a cross-platform surveillance system for corporate applications across the enterprise.

Posted by Melanie Rodier at 05:12 PM

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.