by Amanda Fennell on March 26, 2019
Maintaining a strong security posture takes vigilance—muscle memory and good habits aren’t enough when the landscape changes quickly and new threats are constantly emerging to compete with potential security solutions.
The stakes are rarely higher than when you’re protecting the data at the heart of legal, e-discovery, and compliance projects. Materials are highly confidential, and their importance to the organizations who reference them can’t be understated.
When we established Calder7, our mission was simple but noble: anticipate threats and mitigate risks to stay ahead of adversaries. The mission hasn’t changed, but the work is growing increasingly complicated—and we are assembled to ensure we rise to the challenge of protecting your data, and ours.
We know that our mission is your mission, too, as you work to keep your data—and your clients’ data—safe. To ensure we continue in our transparency we have come to be known for in this joint effort, here’s a quick look at a few of our current priorities and what we have planned for 2019.
How We Work
Calder7 is comprised of four functional teams: Intelligence & Analytics, Compliance & Risk, Product Security, and Operations.
Between these groups, we have experts who specialize in investigating and understanding current and emerging threats; evaluating risk through exercises like dark web analysis and safeguarding best practices across our organization; building robust security solutions into our software code; and ensuring smooth and repeatable processes on our team and beyond it. We work closely together to stay on top of the changing field, knowledge share, and collaborate on ways to become even better protected tomorrow than we were yesterday.
At the heart of our work are three main pillars—the philosophy behind our behaviors. These are:
- Preventative defense: a focus on threat modeling and hunting, advanced analytics, static and dynamic analysis of our code, and proactive work like monitoring the dark web.
- Automated security processes: the implementation of tools and best practices that become quicker and more effective over time.
- Transparent operations: our prioritization of the certifications, knowledge sharing, and community involvement that validate our work, as well as help us learn from others (and vice versa).
In addition to our work inside Relativity as a product, we’re also a strong voice inside Relativity as an organization. Over the last year, we’ve educated fellow Relativians frequently to improve security awareness in our culture. That includes simple things like setting the expectation that, even when we’re polite enough to hold the office door open for one another, we expect each person to badge in; understanding phishing as a common threat and reporting suspicious emails accordingly; and sharing our mission openly with our team members.
Security awareness is about measuring risk associated with our people and planning, deploying, and measuring that risk as it is reduced over time. We’re excited to see that happening across our organization.
What We’re Doing Next
We have plans to further expand and mature our security team this year, and we’re excited to share some of them with you.
First, to support RelativityOne’s increasingly global footprint and take advantage of security talent and knowledge from around the world, we’re expanding our team to Krakow, Poland. This will mean building out a fully staffed security team in the Europe-Middle East-Africa (EMEA) region.
Our global reach will allow Calder7 to effectively respond to international security events, build a stronger security culture in Relativity’s Krakow office, and deepen our engineering team’s secure development practices.
In 2018 we expanded the team 144 percent. In 2019, we plan to add another 23 Calder7 teammates, including several in Poland. We are currently recruiting for the manager role of this Krakow team and additional roles opening soon will include cyber and intelligence analysts, as well as product security software engineers.
Another major goal for this year is building out our user and entity behavior analytics (UEBA) practices. This is automated analysis to detect suspicious activity on our networks, and it’s the next step to maturing our detection and analysis capabilities.
UEBA uses machine learning to normalize our log data and identify anomalous activity by our employees and endpoints. An alert is triggered and sent to the Intelligence & Analytics team when anomalies are identified. We use risk modeling to adapt to the changing threat landscape. The analytics models utilized are a combination of vendor-specific and internally developed, which allows us to detect threats specific to Relativity.
This is the true value of an entire team dedicated to Relativity: we know the tool, we know what it's used for and how, and we can determine what is abnormal with our own telemetry.
Start Building a Secure Culture in Your Organization
Relativity is here to help you navigate the threats, risks, and vulnerabilities of today’s digital landscape. Still, end-to-end cybersecurity starts with each user. Whether you’re able to rely on the built-in security of RelativityOne or creating your own defenses in an on-prem environment, it’s critical to take ownership of that reality and know that your behavior can make or break not just your case, but your organization’s—or your client’s—wellbeing.
Fortunately, there are plenty of ways to plant the seeds of a secure culture with your team. Try these tips to get started.
- Read up on major threats and evaluate your exposure to each. Many hacks start from within your inbox, so always treat unexpected or unusual emails with suspicion.
- Educate yourself on why legal organizations—especially law firms—are ideal targets for hackers. Watch industry news sources for stories on cybersecurity and distribute them among your team to keep this knowledge top-of-mind.
- Keep an eye on emerging data sources and what complications they might bring not just to your e-discovery protocols, but your security posture as well. Recruit help from your technology and service providers to understand these vulnerabilities.
Plutarch once said, “The Spartans do not ask how many the enemy but where are they?” We here at Calder7 focus on this honorable work every day to find the “where,” so our colleagues in this journey can focus on their e-discovery.
Whatever your choice is in a platform, join us in staying ahead of risks, leaning on the brightest minds in the community, and weaving security awareness into everything you do.
Amanda Fennell is chief security officer at Relativity. In her role, Amanda is responsible for championing and directing security strategy in risk management and compliance practices. She has a masters degree in forensic science, and has more than a decade of experience in forensics and cybersecurity.