By Samuel Greengard
Over the last decade, malware has evolved into the bane of organizations large and small. The sheer number of threats has spiked, and malware has become more sophisticated and risky.
At Fenwick & West LLP, a Mountain View, Calif.-based technology and life sciences law firm that serves clients from around the world, the need for robust protection from cyber-threats has filtered into IT systems and beyond.
“Phishing, spear-phishing and other malware attacks have become a daily reality,” says Kevin Moore, director of IT for the law firm. “Attacks have become more targeted and the stakes have grown.” What’s more, the ability to obtain confidential company information can “radically change the stakes of a business transaction or legal matter.”
What makes the current environment so “disconcerting,” Moore adds, is that companies increasingly don’t know or can’t detect when they’ve been attacked. And clouds, mobile environments such as BYOD and other tech tools aren’t making the task any easier.
Fenwick & West is taking a more holistic approach to security. In addition to deploying an array of conventional tools—including firewalls, intrusion detection and prevention systems, and data- loss prevention virtual sandboxes—it has turned to analytics-driven threat management: the FireEye threat detection solution.
When Moore receives a threat alert, he uses a NetCitadel threat management solution to analyze contextual data about the incident, including user identity, IP reputation, indicators of compromise and geolocation data for IPs. The incident team is able to view the information down to a workstation level, which enables a variety of real-time incident security response options.
Moore, who oversees about 800 employees, has established rules that generate an alert when malicious activity is detected from an IP address. That, in turn, initiates a workflow based on a number of factors, including where the threat is originating and what event is taking place.
For example, a request originating from an unknown IP address in China or Russia would automatically land on a blacklist. A suspicious internal request might warrant further investigation, including having someone from the service desk collect the machine in question. Moore is able to fine-tune the rules based on a constant stream of data.
Fenwick & West also focuses heavily on preventing password and credentials breaches, and utilizes several layers of spam and malware filtering for email. Moore relies on regular tips and simulated spear-phishing attacks to promote ongoing awareness and to help employees cope with constantly changing tactics.
The company extends security out to mobile devices through policies and mobile device management, using ActiveSync with Exchange. That way, “Email doesn’t reside on the actual device,” he explains. The firm also has the ability to wipe the device at any time. It relies on a MobileIron security solution to provide MDM and other protections.
The result has been a high level of protection. The system enables the firm to respond automatically when it detects an incident or potential problem.
“We don’t have to rely on a security analyst monitoring logs,” Moore explains, “and we don’t wind up scrambling to react to problem. We are able to operate in a far more efficient manner and use resources effectively.”