Bastille Solutions for Capital Markets:

THE PROBLEM: Security and compliance on the trading floor

Balint Seeber, Director of Vulnerability Research at Bastille Networks discusses "Security and Compliance on the Trading Floor."

Firms in capital markets face a range of issues when employees use non-company-issued cellular devices on or near the trading floor.  Employees’ personal devices are not easily monitored or regulated, and can create vulnerabilities in the firm’s trading floor communications.

For example, even though firms may mandate that all communications be carried out using company-issued devices, employees often give out their personal numbers. When their personal devices end up being used for trading-related communications, their employers have no way to legitimately record or track those communications, and employees cannot control what is sent to their devices. 

Tracking communications becomes essential in the event of a regulatory enquiry. Regulatory enquiries often require proof that Compliance submits all the electronic communications related to a trade. Without a system to prove that there were no additional cellular devices involved in relaying trade information related to pre-trade intent, regulatory enquiries can take longer to resolve.

Today, monitoring and enforcement includes procedures such as cell phone drop-off on badge in/out, training and certification, plus ongoing network monitoring, visual inspection and periodic penetration testing. While many of these procedures are very effective for point-in-time monitoring, none of them offer real-time monitoring of unauthorized personal device use.


REQUIREMENTS FOR security and compliance for firms in capital markets:

1.   Identify and detail all the wireless and cellular devices in the environment.

2.   Map the location of transmitting devices on the floorplan.

3.   Show the hours these devices are in use and whether they were used during or after trading hours.

4.   Alert to any new devices or transmissions.

5.   Provide for forensic analysis of device presence by time of day and location.

6.   Ideally be entirely passive, requiring nothing to be installed on any devices.


Bastille's solution

Bastille passively monitors 24x7 to report on the presence of RF transmitting devices, such as cellphones. No software or hardware is installed on any devices. When cellular and other radio-enabled devices are found, Bastille will identify and locate them so that action can be taken immediately.

Bastille has performed RF audits at a number of financial institutions - and each time has found previously unknown, but potentially harmful devices, including personal cellular devices, open access Internet of Things devices, audio eavesdropping devices, and even wireless cameras.

Existing internal practices that once offered compliance and safety for financial institutions need to be revisited to take account of a new generation of radio-enabled devices with unknown attack surfaces.

New regulations on pre-trade intent will require greater and speedier access to communications. Bastille can help your firm prove that all electronic communications have been accounted for, enabling faster resolution times for regulatory enquiries.


To learn more schedule a demo, or contact us.