Buy-Side Technology Awards 2015: Best Buy-Side Cyber-Security Platform/Tool—ACA Aponix

Long gone are the days when a firewall breach was considered the most severe threat, or a zero-breach strategy was deemed reasonable. Today, it’s more about protect, monitor and react.

This new problem is more acute for the buy side. The lion’s share of investment managers, while still targets, don’t have the elastic operating budgets to push toward security that banks do—particularly banks with retail units. It’s yet another area of technology where investment managers have no choice but to seek help, rather than build their own solutions.

Enter Aponix. Between the new-age “advanced” platforms and more traditional ones, Aponix probably falls into the latter category, and the judges looked kindly upon this.

After all, cyber experts regularly tell us that capital markets firms’ biggest vulnerability is their own people, and that the biggest breaches use rudimentary, almost antique-sounding, phishing methods to sneak their way into systems. Helping its 75 clients to regularly examine and test those methods against their personnel, using a cloud-based approach, is one of the things Aponix does best.

A second area the judges appreciated was help with vendor due diligence. Again, this may not be the sexiest aspect of cyber-defense; however, it’s one that every buy-side shop must cope with as their boards, leadership and upstream investors continue to worry about new threat vectors coming from outside the firm’s walls. No one operates completely in a bubble, and therefore convening with and assessing providers’ readiness is almost as important as testing one’s own.

Between the new-age “advanced” platforms and more traditional ones, Aponix probably falls into the latter category, and the judges looked kindly upon this. After all, cyber experts regularly tell us that capital markets firms’ biggest vulnerability is their own people, and that the biggest breaches use rudimentary, almost antique-sounding, phishing methods to sneak their way into systems.

This often-unruly process is an annoying one to manage on one’s own—typical due-diligence questionnaires can include hundreds, even thousands, of questions—and we found Aponix’s tailored approach to handling it on a consulting basis as a good way forward.

Where cyber goes is always contingent on tomorrow’s newspaper—priorities in this space can change overnight. But getting the old-school tasks right is foundational to an effective strategy going forward, no matter how sophisticated attacks or defenses become.