The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
WWW.ILTANET.ORG 45 presents an opportunity. Microsoft analyzes big data to observe patterns of operation and interaction among its products across global networks and to discover and combat malicious activity. The Microsoft Digital Crimes Unit is a unique team in the technical industry, focused on making the Internet safe by disrupting some of the most difficult cybercrime threats facing society. DCU's team of international legal and technical experts applies various cutting-edge tools, technologies and strategies to enhance cloud security and make the Internet safe for everyone. While there are multiple types of cybercrime, the DCU focuses on three main areas where Microsoft can make a direct impact: • Technology-facilitated child sexual exploitation crimes • Piracy and IP crimes • Malicious software crimes, particularly botnet-driven Internet attacks With cooperation within the industry and across criminal law enforcement, academia, and non-governmental organizations worldwide, DCU aims to put cybercriminals out of business and create a safe online experience. In December 2015, law enforcement agencies from around the globe, aided by Microsoft security researchers, announced the disruption of one of the most widely distributed malware families — Win32/ Dorkbot. This malware family has infected more than one million computers in over 190 countries. Dorkbot spreads through USB flash drives, instant messaging programs and social networks. It steals user credentials and personal information, disabling security protection and distributing several other prevalent malware families. The Microsoft Malware Protection Center and the Microsoft Digital Crimes Unit led the analysis of the Dorkbot malware in partnership with ESET and the Computer Emergency Response Team Polska. HIDING IN PLAIN SIGHT Within the walls of corporate and private networks, other threats lurk. Through phishing and malware attacks, criminals obtain and use corporate credentials to gain access to secure enterprise networks and blend in, with the goal of siphoning out valuable data while going unnoticed. Taken together, the results of a few questions from ILTA's 2015 Technology Survey illustrate that many law firms may underestimate the threat within their midst. • Does your firm's document management system use an optimistic or pessimistic architecture? A whopping 92 percent indicated they use an optimistic architecture, meaning that all matter documents are open to any authenticated network user, except for where ethical wall blocks are in place. • What are your three biggest law firm security challenges? Staggeringly, "Internal Threats" ranked dead last here, which leads one to wonder if this concern is receiving sufficient attention. Think of the kinds of material that could be compromised by someone leveraging stolen but valid credentials. This is one of the most significant angles of approach for highly sophisticated attacks. About the Author Larry Kuhn, Account Technology Strategist at Microsoft Corporation, has helped numerous global enterprise customers plan, design and deploy solutions based on SharePoint and .NET technologies. Larry assists his customers with solving their business challenges and seizing market opportunities using Microsoft-based solutions. With over 25 years of experience in the software industry, his experience spans areas of end-user productivity, application development and project management. Contact Larry at lkuhn@microsoft.com. In May 2015, Microsoft brought to market the Advanced Threat Analytics (ATA) solution, technology based on the recent acquisition of Aorato, which had been founded in 2011 by Israeli Defense Forces veterans. The ATA solution helps IT security professionals identify security breaches and threats using behavioral analysis and machine learning to provide clear, actionable information. It understands what normal behavior is and then identifies anomalies, so a company can quickly see suspicious behavior and take measures to help protect itself. Key to the solution's approach is the Organizational Security Graph, a living, continuously updated view of all of the people and machines accessing an organization's Windows Server Active Directory (AD). AD is used by most enterprises to store user identities and administer access to critical business applications and systems. Most enterprise customers should be able to easily take advantage of the ATA solution. DCU aims to put cybercriminals out of business and create a safe online experience.