The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 62 deviations from normal behavior in a host. In a paper presenting Beehive (Yen et al., 2013), researchers reported they could sift through 1.4 billion (about one terabyte) log messages a day at global giant EMC and find incidents of malware that had gone unnoticed by EMC's sophisticated Security Operations Center (SOC). Specifically, they used big data analytic techniques to normalize log time stamps, remove information not likely to be useful, efficiently relate the various log entries to specific hosts in the environment, and extract actionable knowledge about potential incidents. The results were stunning: Over a two-week period, the prototype tool detected 785 events; 25 percent were malware-related, 39 percent were policy violations, and the rest were unrecognized but determined to be automated software or services. Only about one percent of these incidents were detected by the SOC. Beyond security, there are other IG processes that can benefit from big data. For example, with the large amount of data existing on network shares, in email systems and inadequately profiled in document management systems, firms are perplexed as to how to search and categorize their vast, rapidly growing "dark data" (data collected but no longer used for business activities). Some firms have applied the techniques of technology-assisted review to this problem, especially during data intake for new clients and attorneys. However, this is rapidly becoming a big data issue. Traditional legal search and litigation support vendors such as Nuix, HP Autonomy and Recommind offer tools they market as big data solutions for information governance, but, in our experience, these tools are used sparsely for IG in law firms. USING BIG DATA IN LAW FIRMS The future of big data in law firms should move beyond the use of billing data to evaluate efficiency. One intriguing opportunity involves using big data analytics of time entry narratives and associated email communications. Qualitative analysis could be performed on timekeeper email and social media communications associated with a particular deal over a specified time period utilizing a methodology similar to technology-assisted review. For a certain type of deal, an expert would identify standard and anomalous words and terms, which could then be related back to time entries and provide insight into how certain events or circumstances affect the time taken (efficiency) to realize a successful deal outcome. This is a classic big data scenario — mining unstructured data (email) and then relating it to structured data (time entries) to produce insight previously available only anecdotally. The Hadoop jockeys (all two of you) reading this must surely be salivating over creative ways to utilize the functionality of that technology, while IG professionals must be wondering how they will secure yet another potential source of sensitive information. CHALLENGES AND OPPORTUNITIES The degree of difficulty in tracking, managing and securing what is now the lifeblood of so many aspects of our lives and business is directly tied to our thoughtfulness in creating and managing data. Big data tools offer law firms both challenges and opportunities. The issues of ever-increasing volumes of information, rapidly changing technology and continuously evolving risk demand that firms re-examine and refine their approaches to data creation and consumption. With both its risks and its potential uses, big data is here to stay. About the Authors Brian Donato has been the CIO at the law firm Vorys, Sater, Seymour and Pease LLP for the last 14 years. With 27 years of experience ranging from software developer and process engineer to IT director, he brings a broad technology and business background to his current position. Brian serves on ILTA's Risk and Records Management Peer Group Steering Committee. He can be contacted at bjdonato@vorys.com. Over a two-week period, the prototype tool detected 785 events; 25 percent were malware- related, 39 percent were policy violations, and the rest were unrecognized but determined to be automated software or services. 785 events 36% 25% 39% FEATURES