The World of Advanced Endpoint Security

Surprisingly the vendors in cybersecurity differ on their approaches to protecting your law firm. At the ILTA LegalSEC Summit 2015 in Baltimore, MD they had a panel discussion on how each vendor tackles the ever bounding threats.  For background when this post refers to endpoint security I am describing securing the user at the device level; i.e. the mobile phone or individual’s computer.

Gal Badishi of Palo Alto Networks started off his analysis with ominous statistics.  On average a firm does not recognize that they have been breached for 225 days after the initial strike.  In addition, of those attacks, 84% are found by third parties.  His primary theme throughout the conversation to counter these attacks was the proper implementation of a “Next Generation Firewall.”  This is defined on Wikipedia as “an integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS) and/or other techniques such as SSL and SSH interception, website filtering, QoS/bandwidth management, antivirus inspection and third-party integration (i.e. Active Directory).” (Wiki, 6/14/2015)

Keith Palumbo of Cylance fascinated the audience with a unique and futuristic tact to cybersecurity for law firms.  They use a form of Artificial Intelligence to uncover and deflect penetration from malicious intruders.  In fact Keith described the use of mathematical endpoint solutions including algorithms to help predict what types of “ones and zeros” will be malicious based on like or similar files.  Their equations employ similar processes financial institutions have devised for rapid electronic trading.  The cutting edge autonomous driving cars also operate under similar algorithms.  What fosters this is the utilization of extremely efficient computers and their prowess in mathematical processing.  In essence, Cylance collects samples of viruses, extracts common features in the code then transforms that code into feasible branch code.  At this stage the software vectorizes the viruses to then train the system on what might arrive at the firm’s door.  Finally it classifies the virus and clusters it into a defined grouping for future learning.

The third speaker, Harry Sverdlove of Bit9 begin his discussion with the statement that, “antivirus protection is almost pointless.”  He noted that what firms have been employing for the last 20 years with virus detection through updates is dead.  With the number of virus on the Internet, there is no feasible way to scan, collect, submit and maintain a log of the rapidly changing viruses.

Harry suggested that each firm start from the assumption they are or will be breached.  He painted an example of a house that a thief gains access to daily.  If you think about it in this sense, prevention of that thief from entering is no longer enough.  Firms must invest in detection and response.  Most firms do not have systems that seek out real-time detection mechanisms.  This lends itself to much longer periods of time that the thief remains inside the firm’s firewall.  If the initial firewall breach was not detected by the firm, that intruder could remain inside for significant periods of time.

Ultimately the three panelist concluded that a three pronged approach to endpoint security was necessary; prevention techniques, detection once the breech has occurred, and lastly creating a documented response using various tools and processes.  Whatever solution, they all suggested turning your firm data (logs, user profiles, patterns of access) into intelligence.  If you set precedents for how people access your network, you can identify the variance and seize the thief.

Citation:

Wikipedia, Next-Generation Firewall, 6/14/2015, https://en.wikipedia.org/wiki/Next-Generation_Firewall

 

Advertisements
About Joseph Raczynski (87 Articles)
Joseph Raczynski Legal Technologist/Futurist Joseph is an innovator and early adopter of all things computer related.  His primary bent is around the future of law and legal technology. He also focuses on several fields including machine learning, mobile, security, cryptocurrency, and robotics (drone technology). Joseph founded wapUcom, LLP, consulting with companies in web and wireless development.  As a side project DC WiFi was created to help create a web of open wireless WiFi access points across cities and educate people about wireless security. Currently he is with Thomson Reuters Legal managing a team of Technical Client Managers for both the Large Law and Government divisions.  Joseph serves the top law firms in the world consulting on legal trends and customizing Thomson Reuters legal technology solutions for enhanced workflows. He graduated from Providence College with a BA in Economics and Sociology and holds a Masters in eCommerce and MBA from the University of Maryland, University College. You can connect with Joseph at JoeTechnologist.com or JosephRaczynski.com or @joerazz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: