|
|
The Enemy of CEP is CEP Vendors Recently I have been reading so many laughable posts by CEP software vendors, it makes me want to cry! Vendors are still confusing CEP and EDA. Vendors are touting CEP as BRMS. There is so much CEP misinformation on the netwaves that it pains me to read my Google alerts these days! I was planning to write a comprehensive article about the recent flurry of “CEP is now BAM” posts, where vendors are taking a relatively simple BAM application and now calling it CEP, but it is too painful. Stop the pain, please! The CEP marketing campaigns are getting really desperate!! It has become exhausting to read all the misinformation about CEP, mostly pushed by a handful of small niche software companies and their analyst groupies. Stop the pain! If I responded to all of them, I would spend all my time responding to the misinformation, lost in an cyber misinformation “DO LOOP”, LOL. Well, knowing well how exhausting and time consuming it can be to try to respond to all the absolute junk CEP marketing hype, I was pleased to see Marc Adler hit a home run with CEP and Legend in it’s own Mind? Great post Marc! Thank you very much. The enemy of CEP is CEP vendors and their groupie analysts. As I mentioned before, these CEP marketing groupies are simply touting snake oil to solve serious operational problems. Stop the pain! Selling relative very simple rules engines as “save the planet” intelligent systems, “Hey Dude!, Pass me a Joint!! CEP is really groovy, man!” The entire industry would be better off if they would stop smoking wacky weed and join “Hypers Anonymous” (HA), ROTFL. (I think I will write a future post post called “CEP Animal Farm” as in George Orwell’s amazing book most of us read as junior high students.) Frankly speaking, it is not only the CEP vendors to blame. Look no further than the “Independent CEP Leadership”, willingly seduced by paid corporate sponsorships, travel and speaking engagements. CEP is going to become a joke (if it is not already, as Marc hints. calling CEP “a legend it it’s own mind”), with vendors overhyping their simple rules engines as tonic for all the world’s complex problems. Just as laughable is the repackaging BAM as CEP, or the repackaging of scheduling as CEP. Please, stop the pain! No wait! I have a stream processing rules engine with a cute GUI, and “my” GUI is better than “your” GUI, and “my” engine is better than “your” engine. Na Naa Na Naa Nah! “My product” can do BAM and “my product” can do scheduling….. Folks, we do more interesting things with “Web 2.0″ APIs and mashups in a single day and without the hype and bitter taste of snake oil on our lips. It is quite simple really, The enemy of CEP is CEP vendors. Filed under: CEP News and Events, Complex Event Processing, Cybersecurity, Event-Driven Architecture, Humor | No Comments » View SlideShare presentation or Upload your own. Filed under: Asia Pacific, Complex Event Processing, Cybersecurity, OWASP, Risk Management, Threats and Vulnerabilities, Use Cases | No Comments » Oct 27, 2008 By Penny Crosman One of the many effects of the credit crisis is that Wall Street firms have found a new focus for their complex event processing projects. Although they’re not abandoning CEP-based algorithmic trading, new CEP initiatives are focused on measuring and managing risk. With its ability to watch and apply business rules to massive streams of fast-moving data — such as trade quotes, trade orders and news — CEP can help traders and risk managers gain a clearer view of counterparty risks, judge exposures to certain firms and sectors, and perform backtesting in close to real time, according to experts. And once links to data sources have been built and basic functions described, building new risk applications on top of a CEP platform can be much faster than creating a new application from scratch. But while CEP can provide visibility into risk problems and perhaps help prevent certain mistakes, observers caution that it’s not a replacement for good judgment, common sense and sound risk management practices. Further, it’s unlikely that CEP-based risk management systems could have prevented the collapse of the subprime lending market, the resulting credit crisis, or its spread to Wall Street and the global economy. “The last couple of months have shown that while everyone agrees that risk management is wonderful and everyone should have lots of it, now that’s really, really, really true,” says Simon Garland, chief strategist at Kx Systems, a provider of high-speed data management solutions. “With financial data — especially market data — risk management can only be possible with systems that can handle enormous amounts of data coming in.” And that is precisely what complex event processing is designed to do. Many risk management systems today, Garland continues, still report risk measures at given intervals, such as at the end of the day, rather than keeping up with real-time trading systems. “That’s not going to cut it any more,” he says. “The checks being written to us are mostly for risk-related solutions,” concurs Terry Cunningham, CEO of CEP solutions vendor Coral8. “If you work at a big Wall Street firm and say to your boss, ‘I want to buy cool new software,’ you don’t get past the first three or four words. You have to tell a pretty compelling story to get past the first sentence. If you talk about risk, you’ll at least get them to listen for a little longer and pay attention to the possibilities.” The Case for CEP-Based Risk Management As Lehman Brothers was tottering on the brink of bankruptcy truth about enzyte in mid-September, some firms couldn’t quantify their exposure to the bulge-bracket firm. They simply didn’t have all those positions aggregated in one place. (Even if they did know their total exposure, Lehman’s second-quarter numbers weren’t that dire; quantitatively, an investment in Lehman didn’t appear to be that risky.) But CEP vendors say their software can give risk managers a better view of such counterparty risk. “No software can replace [good] judgment,” says Jeff Wooten, VP of Aleri. “What [CEP] software can do is give you better information with which to make those judgments and a better understanding of where you stand.” CEP software provides a way for firms to aggregate information from different parts of the organization and layer analysis on top of that, he explains. “Our software can’t help you predict what’s going to happen with your counterparty; it can’t help you predict that Lehman will declare bankruptcy,” Wooten adds. “But it can help you know what your exposure to Lehman is.” Progress Apama’s customers are using the vendor’s CEP technology for pre-trade risk checks, according to John Bates, general manager for Progress Software’s Apama division. “Before a trade is placed, real-time rules detect ‘fat-finger’ errors, check for decimal points in the wrong places, apply real-time compliance rules, make sure the firm is not over 6 percent of an actively traded market,” he relates. “Risk management used to mean that at the end of the day you’d run a value-at-risk calculation to find out what your exposure was,” Bates continues. “Now people want a to-the-second view of risk. You can work out for each trader what the potential exposure and profit and loss is, and then you can roll it up to the whole desk and even up to the level of the whole institution.” According to Bates, hedge funds have been building CEP-based risk management into their algorithmic trading systems, and a number of Progress Apama’s big sell-side customers are performing real-time hedging for foreign exchange using CEP. Tibco customers are considering using its CEP software for “predictive straight-through processing,” according to Spencer Greene, CTO of financial services for the vendor. “It’s not so much predicting which trades are going to break, but it’s looking at historical data [on past trade breaks] in real time and grabbing more information before a trade hits the breakage point,” he says. For instance, a CEP engine might be set up to go out and obtain information about a counterparty or fill in missing basic information to help prevent a trade from breaking. “It’s predictive; it’s [based on] probability and in some cases the CEP engine will grab something it doesn’t need,” Greene acknowledges. “But when you look at more-complex instruments that can take weeks or months to settle because of issues on the back end, the CEP engine that can help them automatically grab information ahead of time behind the scenes speeds that up.” A few Coral8 customers are using the vendor’s CEP solutions for foreign exchange, to evaluate customers’ credit risk and set pricing based on that risk on the fly, rather than having to get back to the customer minutes or even hours later, according to the vendor’s Cunningham. The CEP software evaluates customers’ payment history from the accounting system to determine the risk score, he explains. Kx’s Garland observes that the current market upheaval will force firms to do more backtesting. “A lot of people are going to want to go back to their systems, run data from September and see when they should have seen [the credit crisis] coming,” he says. “They’ll probably find there were slight indicators here and there that should have set the alarm bells ringing.” This way they can learn from the bad times — “and there’s no shortage of data,” Garland says. Ideally, Garland adds, historical data analysis will be done as part of pre-trade risk analysis and used to trigger alerts — “Stop that trade. Get out of that sector immediately.” Historical data access performed with a standard data management solution, such as an Oracle database, is too slow for this, Garland contends, noting that Kx’s customers are using the company’s software to monitor real-time profit and loss, and to identify where problems are cropping up. Data Management Nirvana: Unified View of Risk One ideal of risk management is to obtain a comprehensive view of risks across an entire firm, with every department sharing its data, using the same metrics and feeding into a central pool of easy-to-decipher data. This is one of the nirvanas offered by the data management community. But whereas data management systems are primarily concerned with normalizing data and providing common identifiers and formats so that other applications can use it, CEP solutions are more focused on analyzing numbers and complex events, setting up triggers for specific actions. “You want risk management to be able to put its fingers into the same data that’s used for trading,” says Kx’s Garland. “It’s difficult because if the data has to be accessible to a risk model for pre-trade risk analysis, you haven’t got time to go skipping across to 10 different servers. You’ve got to have it roll right in very quickly.” Adds Aleri’s Wooten, “Where people lack insight today is at the enterprise level. People have risk systems and risk tools in place, but they tend to be at the desk level or at the individual asset-class level, and even there sometimes they’re overly reliant on Excel spreadsheets that are not updated in real time. Increasingly people want current, consolidated big-picture information across asset classes. When things are changing so fast, having the ability to know where you stand right now and what position you expect to be in tomorrow or even an hour from now is very relevant.” Measuring Portfolio Positions Tick by Tick One large Wall Street Coral8 customer is using CEP software to perform a continuous, tick-by-tick assessment of portfolio positions, according to the vendor’s Cunningham. The customer compares market data to its positions, then applies risk models to that data to determine whether or not it should make adjustments, he explains. “That’s what they used to do in periodic batch mode — say, every Friday afternoon, they looked at positions and said, ‘Oops, we have a problem. Let’s start cleaning up the mess Monday,’” Cunningham relates. “Now they can start fixing it within milliseconds.” In risk-related applications, the Swedish bank SEB, the Turquoise multilateral trading facility in London and the U.K.’s Financial Services Authority use CEP for real-time market surveillance. “The principle is [that] you can detect market manipulation that is in breach of regulations, not just after it’s happened but while it’s happening so that you can do something about it,” says Progress Software’s Bates, noting that the three financial organizations rely on his firm’s CEP software. CEP, Bates adds, can be used to detect insider trading, breaches of short-selling rules, the spreading of illegal rumors followed by suspicious buying patterns, “painting the tape” to drive a stock’s price up, front-running of orders and trader collusion, among other market abuses. Despite CEP vendors’ promises, though, there are those who feel the value of CEP technology to risk management is finite, pointing to limitations of the technology itself and to the fact that risk management involves more than looking at numbers. A major CEP proponent, Tim Bass, managing director of consulting firm CyberStrategics, cautions that CEP may not be quite sophisticated enough for nuanced risk management issues. “Risk management has always been a killer app for CEP,” Bass says. “But unfortunately, most stream processing engines on the market today are not quite capable of handling the kind of risk management that Wall Street needs.” But CEP Is Not a Risk Cure-All The reason, Bass says, is that CEP systems are based on rules, rather than neural networks, Bayesian classifiers or other advanced algorithms. “Rules-based technology is good, but it tends not to scale well to large, complex problems,” he asserts. Ten years ago, when Bass was a lead scientist and architect at Langley Air Force Base, he wrote a rules-based system to detect spam and e-mail bombs. “I had a team of people writing rules on the fly,” he recalls. “We found that every time we wrote new rules, criminals would find a way to poke through the system and get through the rules. We spent so much time writing rules that it was not efficient.” According to Bass, one large telecom provider found that rules-based CEP doesn’t work because it’s too difficult to change the rules and the system can’t learn or adjust itself. An executive at a large financial institution told Bass, “The trouble with rules-based systems is that the rules are too hard for people to think of in advance.” Bass advises firms to consider using rules-based CEP for risk management, but only to understand the complexity of the problems they’re trying to solve. And even then, their risk models have to be right. “It’s hard to create good models,” Bass notes. “The real work is not in the engine as much as it’s in the intellectual property or the knowledge of the people using it.” Another dissenting voice is Miles Kumaresan, head of quantitative trading at proprietary trading firm TransMarket Group. “The problem we have right now is the credit market, and that has nothing to do with complex risk models,” he told WS&T in late September. “To do risk assessment you don’t need CEP. It’s much more important to actually use the risk numbers that are already available.” No technology would have prevented the collapse of Lehman, Bear Stearns and others, Kumaresan contends. “The salaries of risk managers are paid by the same people who take the risk, so at the end of the day the risk managers do what the heads of trading want them to do,” he says. Further, “It was unthinkable that Morgan Stanley could lose a third of its value in a day or two of trading, or that Lehman doesn’t exist anymore — unthinkable.” A Step in the Right Direction Kumaresan does acknowledge that the Wall Street crisis brought about a need for more data analysis for both trading and risk management. “Our exploration space has increased drastically, requiring constant forecasting and more computationally intensive analysis,” he says. “For every order that comes through, we try to forecast in the very short term where the market’s going to be, how many milliseconds until the next trade, whether the next trade is going to be on the bid side or the offer side. Because of the recent market volatility, we don’t know whether strategies that used to work historically will work now or not. Before, we had backtesting under reasonably normal market conditions; now we’ve got absurd market conditions, and all of a sudden the possibilities have magnified by a huge factor.” Kumaresan’s group’s success during these turbulent times has boiled down to diversifying across multiple asset classes, using long/short and cutting across an array of time horizons. “We haven’t done anything remarkably unique — just used practical common sense,” he says. “Just look after your downside, and the upside will look after itself. Just because times are good doesn’t mean we want to take excess risk. If you cover your risks, returns will come naturally.” Even CEP vendors don’t claim that CEP technology could have prevented the recent problems. “It’s no good, us saying CEP could have saved Lehman — very fundamental things happened,” notes Progress Software’s Bates. “Derivatives looked like a very interesting, profitable thing for these firms to be involved in, and it’s one of those things that’s gone a bit wrong for them fundamentally. I don’t think CEP could have detected that. But it could never hurt to have a better handle on exposures, positions and capital throughout the organization.” Filed under: Basel II, Business Rules, CEP News and Events, Complex Event Processing, Cyber-Trading Technologies, Cybersecurity, Risk Management, Use Cases | No Comments » (OWASP Taipei) Hello from Taipei. We just completed an absolutely awesome OWASP conference (over 1200 attendees), OWASP AppSec Asia 2008 - Taiwan. This was a very well managed conference, organized by Wayne Huang, OWASP Taiwan Chapter Leader and Founder and CEO of Armorize. In a future post, when I get links to other speaker’s presentations, I will talk more about some of really interesting people and topics from the conference. |