New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Law Firm Implements New SIEM

The legal industry faces complicated cybersecurity challenges

Law firms continue to be a highly-coveted target for cybercriminals looking to gain access to business capital, trade secrets and intellectual property.

The biggest cybersecurity risks for law firms include:

  • Phishing
  • Ransomware
  • Leaks of sensitive data
  • The risk of malpractice allegations due to poor cybersecurity

Cybercrime continues to evolve at an alarming pace. If these threats are not contained and stopped, firms can lose assets, highly-sensitive, confidential information, and incur millions of dollars in damages. Add to that the public relations nightmare of the backlash from clients whose information was compromised. Customer trust would be eroded and the entire business would suffer.

The American Bar Association has issued a formal opinion1 on attorneys’ethical obligations to avoid cybersecurity breaches. Lawyers are expected to make reasonable efforts when communicating confidential information using the Internet. In addition, depending on the industry of law firms’ clients, they may be subject to comply with regulations such as HIPAA (healthcare). However, some firms might not have a security staff that can tackle security issues around the clock.

A Security Information & Event Monitoring System (SIEM) is a useful toolfor monitoring data across a law firm’s network

A SIEM helps keep an organization safe by centralizing data from various network devices, including servers, firewalls, etc., and correlating that data to provide a holistic overview of an organization’s security environment. Alerts are generated if abnormal activity is detected. These alerts need to be reviewed by a person to determine if a threat is present, and then acted on if necessary. To fully respond to SIEM alarms, an organization needs to be staffed for 24-hour support or outsource this work to a Security Operations Center (SOC).

Binary Defense customer was searching for SIEM replacement

One of the top 10 global law firms, with clients spanning across industries including manufacturing, energy, utility, healthcare, banking, private equity and technology, had a SIEM in place but wasn’t satisfied with their current technology partner. In addition, the firm wanted to upgrade their internal team’s skillset and capacity.

Specifically, the law firm felt that the provider wasn’t meeting cybersecuritystandards due to poor incident detection and an unresponsive supportteam. The firm knew they needed a higher level of security with 24/7 monitoring that was quick to address alarms, as well as provide crucial information about the alarm so their team could respond. The law firm selected Binary Defense to replace the existing SIEM technology.

New SIEM replacement helps law firm achieve its goals

Binary Defense recommended AlienVault as the replacement SIEM. In 2018, Binary Defense was AlienVault’s Global Partner of the Year and is a reseller of this SIEM. (However, Binary Defense works with most of the industry’s top SIEMS in addition to AlienVault). The Binary Defense onboarding team did a standard “rip and replace” with the old technology, and then conducted customized training with the law firm’s staff on how to respond to malicious attacks, and finally created a decision tree of whom in the firm would respond if an alarm occurred.

The AlienVault SIEM is monitored by the Binary Defense Security Operations Center (SOC), which is a team of cybersecurity experts who keep watch over their clients’ SIEMs 24/7/365.

As the Chief Information Security Officer at the firm put it, “The Binary Defense SOC experts truly act as an extension of our security team. They provide timely communication on alerts, as well as fully-detailed reports that contain actionable and valuable information.”

Learn more about the SIEM service today.

¹ https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/ aba_formal_op_483.pdf