Analytics and Machine Learning Can Help Detect Cyber Threats

The challenge of cyber security is laid bare when RSA, one of the world’s preeminent security firms providing solutions to address cyber threats, is unable to prevent a social engineering attack on itself.  This of course happened in 2011, but given the frequency with which companies are breached today, no enterprise can be a 100% sure of preventing an attack.  Why?  The real threat lies ‘within’ the organisation.  Employees are the weak link and hence the easy target for cyber criminals to exploit in order to get hold of sensitive data.

So, how must a law firm defend against its own employees – the very people who it must provide data access to – without ‘getting in the way’ of their work?  Furthermore, it’s not always apparent that the organisation is hacked.  The average time that an attack went undetected in a network in 2016 was approximately 150 days.

Best practice suggests that in the immediate aftermath of an attack, firms must:

  •  Understand how the breach occurred in order to immediately remediate any deficiency that was exploited
  • Quickly identify where the firm’s exposure is, especially which clients are impacted
  • Recover lost data
  • Notify the relevant regulators and the ICO of the breach.
    This will become even more pertinent with the new EU General Data Protection Regulation that comes into force next year

A document management system (DMS) plays a key role here – after all, this is where the firm’s ‘crown jewels’ reside and so protecting the sensitive information within it is essential. Today, technology has advanced and security is no longer simply about complex passwords. Adoption of analytics and machine learning is essential to proactive data security and loss mitigation.

Adoption of behavioural analytics and machine learning is going to be a key tool for firms wanting to take a proactive stance
on data security.

Firms that deploy iManage Work, a next generation DMS, are now able to automatically profile the typical behaviour of users and use this information to identify potential social engineering attacks and take pre-emptive action. This is provided by the recently announced Threat Manager module, which uses machine learning to automatically generate a digital ‘finger print’ of all employees based on their individual history of interaction with data in the DMS. Any deviation from this baseline is a good indication of anomalous activity and warrants investigation. The behavioural analytics used by Threat Manager is significantly more advanced than simple threshold reporting; and by understanding the matters, clients and practice areas relevant to the firm’s personnel, it can identify a hacker using stolen credentials to view even a small number of files as being an anomaly, and flag this for immediate action. In fact, an interesting finding during the testing phase of Threat Manager was that it is also able to predict with high accuracy, personnel who are likely to be leaving the firm. This is often a concern for firms due to potential loss of organisational and client IP.

In addition to threat detection, Threat Manager also provides capabilities to assist with investigating the timeline of the attack, leveraging the comprehensive audit trails within the DMS to identify precisely which matters and documents have been accessed. The tool is simple to use and means this crucial capability can be removed from the IT department and given to a more appropriate function such as the Risk and Compliance team. Those responsible regularly receive reports on alerts detected with corresponding scores based on the threat level, enabling them to take immediate action to prevent any further wrongdoing.

Given the nature of the threats faced, adoption of behavioural analytics and machine learning is going to be a key tool for firms wanting to take a proactive stance on data security and providing the assurance their clients are increasingly looking for.

Guest Blogger: Frank White, Subject Matter Expert, iManage EMEA
Frank has worked in legal IT for over 25 years, having occupied a number of technical roles through to IT Director of Ince & Co, responsible for delivering a professional yet personalised IT service and cost-appropriate IT solutions to a diverse global practice. Frank joined iManage in February 2015 as a Subject Matter Expert to help iManage customers realise the best return on their investment in their iManage products, and to enable the company to deliver better products and create more value.

Note: As an iManage partner, the new Threat Manager module for iManage Work is available from Ascertus. Please get in touch via for more information on the module and/or a demonstration of the product.


Leave a comment

Your email address will not be published. Required fields are marked *