Legal Industry Cybersecurity Case Study
Evans and Dixon Law Firm Increases Protection from Cyber Threats
Founded in 1945, Evans & Dixon is a law firm that represents corporate clients across multiple areas of practice ranging from insurance defense to corporate workman’s compensation, HR claims to patents and copyrights. Working with high profile, Fortune 1000 clients, the law firm is vigilant in protecting not only its own internal network, but also the sensitive data and intellectual property of its clients.
In an effort to augment its IT resources, the law firm has outsourced a portion of its cybersecurity to a Managed Security Service Provider (MSSP). While their MSSP provides 24×7 monitoring and management of their IDS/IPS, the internal IT team manages their own firewall, web filtering, virus protection, and email security products. Additionally, as the law firm operates both collections and workman’s compensation divisions, they must comply with both PCI and HIPAA regulations.
After learning about how the Threater platform blocks known bad IP addresses and domains from multiple sources (including industry specific third-party feeds) at scale with no latency, plus the benefits that the platform would provide to their current firewall security deployment, the CIO decided to evaluate the Threater through its free, no-obligation, 30 day trial.
| Challenge | Solution | Results |
|---|---|---|
| Protect the law firm and its customers from the massive amounts of threats that are unique to the financial industry by better utilizing LS-ISAC threat feeds | The law firm deployed the Threater platform at its perimeter to block attacks from up to 150M malicious IPs and domains (including automated threat feeds such as LS-ISAC) in real-time with no latency. | Increased protection from cyber threats, including third-party risks, through the filtering of TI indicators, country IPs, and hte organizations IPs. |
| Increase productivity and efficiency of on-site IT staff | Greater visibility and control of the law firm’s security posture as well as integration with current security stack. | |
| Expand security capabilities without increasing management overhead or complexity | Greater TCO and faster ROI through simplified deployment and management | |
| Increase efficiency of audit |
Challenge
- Adopt and operationalize threat intelligence (TI) to protect from massive volume of security threats before they reach the firewall
- Increase productivity and efficiency of on-site IT staff
- Expand security capabilities without increasing management overhead or complexity
Benefits
- Increased protection from cyber threats and third-party risks
- Greater visibility and control of partner hosting tools & third party applications
- Greater TCO and faster ROI through simplified deployment and management
Solution
The law firm deployed Threater at its perimeter to block attacks from up to 150 million malicious IPs and domains (including automated threat feeds such as LS-ISAC) in real-time with no latency.
Results
- Increased protection from cyber threats, including third-party risks, through the filtering of RI indicators, country IPs, and organization IPs
- Greater visibility and control of the law firm’s security posture as well as integration with current security stack
- Greater TCO and faster ROI through simplified deployment and management
The Value of the Threater Platform
A key component to the law firm’s security stack is its firewall and managed IDS/IPS. As with most firewall vendors, the law firm’s firewall offered some threat intelligence functionality. Additionally, the law firm’s MSSP managed their threat signatures as part of their subscription services. Understanding that most attacks would occur outside the firewall, Jeff Sheldon, CIO Evans Dixon Law Firm decided to test the deployment of the Threater platform internally, behind his current security defenses, to see what traffic was passing, and potentially getting through, to the internal network.
“Instead of putting it outside the firewall where I’m sure I’d get lots of hits, I put it behind our current protection. Was eye-opening because the bad traffic went through the firewall, it went through other systems, and was still getting through to Threater. Kept it for 2-3 weeks, saw it worked, and then decided to put it in front of the firewall – why have someone come to my house to shake doors, just keep them at the street with Threater.”
– JEFF SHELDON, CHIEF INFORMATION OFFICER, EVANS & DIXON LLC
Once Jeff recognized the traffic that was being passed through their security defenses, the law firm redeployed the Threater platform to the perimeter, in front of the firewall, where it has been protecting the internal network for several years. A loyal customer, the law firm decided to upgrade their Threater device to accommodate for faster throughput and additional providers.
The “Why” Behind Evans & Dixon’s Firewall Performance Issue
The growing threat scale problem requires organizations to have a broad-based view of threat activity across a range of sources, including commercial, open source, industry, and government. Threat intelligence must come from multiple sources and perspectives, which means that the vendor-specific threat intelligence that comes in next-generation firewalls is inadequate. Even for firewalls that ingest external or third-party threat intelligence feeds, they often cap the amount at 300,000 unique IP indicators. Blocking known malicious IPs and domains before they reach the firewall frees up firewall processing power for more complex threats and more CPU-intensive activities, such as deep packet inspection.
Increased Protection for Cyber Threats and Third-Party Risks
The data that Evans & Dixon is charged to protect is highly sensitive. Representing high profile clients across a broad range of industries, including financial, insurance, manufacturing, and retail, the law firm is especially concerned about third-party risk.
“For example, if you are a Chinese spy and you want the plans for a new fighter plane…you are going to have a hard time getting into the manufacturer’s network. However, if there is a company working with that manufacturer, you will target them…”
According to the 2019 DBIR, phishing represents 90% of social engineering incidents and 93% of breaches, with email continuing to be the most common vector at 96%. The Threater platform can block phishing attacks and their associated ransomware attacks by identifying and blocking the known malicious IP addresses and domains from which they originate, as well as protecting the network from outbound malware, inadvertently opened, from inside the network.
Greater Visibility and Control
One example of policy enforcement on the Threater platform is geo-blocking. While this feature/functionality is often available on firewall technology, it lacks the robust visibility and agility to block from the massive volume of ever-changing malicious IPs, which often change on a daily basis. This is especially critical in stopping malicious malware from being downloaded, as in phishing attacks, from emails or links opened, internally. After deploying the Threater platform and configuring its geo-IP blocking function, the law firm gained greater visibility and insight into the locations of their third-party hosting and support sites.
“We were surprised to discover that our blog was being hosted in Bulgaria. So we added an exception for that one IP address (for our company blog). We found a few cases like this where a third-party support system we use was located in Eastern Europe. It was simple to white-list those IP addresses, and block the rest.”
Greater TCO and ROI through Simplified Deployment and Management
Since deploying the Threater platform, Jeff and his team identify ease of management and reliability as two main factors in the law firm’s satisfaction. After taking advantage of Threater’s no obligation 30-day trial and deploying the Threater platform, the law firm has been a loyal and delighted customer for a number of years. Most recently, Evans and Dixon upgraded to a higher throughput device to accommodate the growing needs of their practice.
“I’m sure that our other security devices have features and functions, but making those changes would require weeks of learning how to configure a simple change… So any time I have to do anything on them, I have to call my outside engineer at $165 an hour. Versus, the Threater handles our needs and it’s solid. No problems or support issues. And it’s cost effective!”
About Threater
Threater uses best-in-class threat intelligence to secure your networks, data and users in real-time – wherever they are – on-prem, cloud, remote, or all of the above. Our platform blocks attacks from up to 150M malicious IPs and domains in real-time with no latency. We provide out-of-the-box threat intelligence and integrate data from any source.
At Threater, we believe nothing scales like simplicity. We make blockingthreats smart and simple – at scale – everywhere. For more information visit: threater.com