sam.huttonJudging whether every file is innocent or guilty in real-time
Sam Hutton, CTO, Glasswall Solutions

The information governance challenge for today’s law firm
The explosion of digital documents and the changing litigation landscape makes document governance of strategic importance to law firms. The effective use of technology allows lawyers to focus their skills on the case in hand – confident that the files they are working upon conform to best practice information standards. The number of potential data sources required for capturing evidence can introduce legal and logistical challenges. Whether lawyers are using document types such as Word, Excel and PDF files or new data sources – for example: web pages, images or sound files – legal technology and risk professionals want to ensure the same quality standards are applied to control and manage information and reputational risk.

But whatever systems and controls are applied, they must help fee-earners increase their capacity to manage files and maintain standards. Interruptions to the carefully allocated time for dealing with a case can impact profitability and client relationships. The cost-benefit calculation of any solution to maintain information compliance is therefore of the utmost importance.

In an age where cyber-attacks and attempts at hacking the electronic documents that a law firm receives, sends or holds in storage are increasing, information security is of paramount importance, but must be delivered with speed and ease of use.

Documents: the prime threat vector
The digital files lawyers use every day are instrumental to running an effective practice. But legal technology professionals know that every one of them could be a source of security vulnerabilities and threats. The ease with which files can be communicated, including over open networks and across international borders, makes them accessible to external actors who look to subvert them for their own gain. This can be seen in the fact that file attachments are now the prime threat vector of choice used in 94% of advanced targeted attacks (source: Trend Micro). These attacks generally deploy zero-day exploits in an effort to bypass traditional security controls that focus on threats that are already known and for which countermeasures have been developed. Documents are also proven to be valuable assets to those criminals developing Advanced Persistent Threats (APTs). Today, such targeted attacks are the method of choice for many attackers who look to embed malware into the documents the legal profession uses, increasing the risk to data protection and confidentiality.

Understand your risk with advanced analytics
The sheer volume of files and documents that are sent, received and stored within law firms makes it very difficult to assess current and future information risk. Threats such as APTs are very slow to activate which means even documents that are stored, and have been for some time, are as much at risk as those that are coming in and out of the organisation. By using advanced analytical tools, a law firm can understand and score the risk associated with every document they receive, send or hold in storage. With this evidence, practices can make faster, more informed decisions about how to handle documents according to their established policy and focus resources in the right places to deliver value to the business.

Proactive threat protection – a new approach
Traditional defences have, until now, relied on reactive measures. They need constant updating, cause computing performance to be degraded and focus largely on detecting known exploits or malware, not proactively protecting against them. So, for those organisations that wish to avoid sandboxing and the impact on user productivity of false positives, a new approach is needed.  By stopping such exploits in their tracks, analysing and deconstructing files and then only regenerating what is good – unwanted content and threats can be taken off the table. Whilst content such as malware and malicious embedded files that are known to be bad are removed, this approach ensures that the information contained in the document remains unchanged in the sanitised document, ensuring the integrity of the information is maintained.

The facts
Traditional security controls that focus merely on detecting specific, known threats cannot guard organisations against the advanced, targeted threats that they currently face. There are 65,000 new malware samples a day, yet AV detection rates are around 17% (source: Malcovery Security).  66% (source: pcmag.com) of vulnerabilities are in Adobe and Java. Consolidated findings show that malicious or criminal attacks are the most costly data breaches to remediate, which is why a new approach is required that focuses on only regenerating the known good content of files, that can more effectively be controlled and sanitised.

This new approach is not only effective in stopping zero-day attacks, but also has further benefits in reducing the need for constant updates and for the maintenance of large signature files that are a burden to keep up-to-date, protecting mobile devices from such threats.

Once threats have been sanitised, such technology provides a clean, standardised document to meet your individual control/compliance standards. The document is free from security vulnerabilities and threats, but retains the integrity of the original information and can be certified or watermarked to prove that it has been through this process giving users confidence that it is safe.

An essential capability with technology that takes this new approach is that the actual content—that is, the information that it contains—should remain unchanged in order to ensure its integrity.

The bottom line
Digital files are vital to every legal practice and are being produced, transmitted and stored in record volumes. Yet the ease with which they can be accessed, means that they are a preferred threat vector for attackers looking to exploit them to gain access to organisational networks and the sensitive information that they contain. In recent years, they have been used in almost all of the advanced, targeted attacks being carried out.

However, many vendors offering document security products focus only on securing who can access what documents and on ensuring that those documents are transmitted using secure mechanisms. Scant regard has been paid to ensuring that the actual underlying structure and content of those documents is safe, secure and trustworthy. Current controls for ensuring that documents contain trusted content only prevent them from being subverted by threats that are already known about, and for which countermeasures have been developed and disseminated. Such a reactive stance is all but ineffective in protecting documents against the sophisticated threats being seen today, where variants of exploits are often specifically written for each new target. Your information is worth this kind of investment by criminals.

A more effective approach is one that involves deep inspection of the content of files, so that insight into the threat footprint of that file can be ascertained enabling appropriate policy controls to be implemented. The result: a sanitised file that you can trust. Complementary to many security controls in common use in today’s law firm, the ability to manage the risk of structured and unstructured digital files, goes a long way to providing total assurance around document security, thus greatly reducing the threat footprint and information risk of your organisation.