Waiting for Stuxnet: 8 things a security engineer can do to stay ahead of emerging security threats

Posted on January 28, 2020 by Frank Flores

Frank FloresThe recent increase in tension between the US and Iran highlights, once again, our general vulnerability to cyber-attack, considering the vast array of potential targets among the business and government computer systems that serve vital public interests.  Our vulnerability is particularly acute given our country’s shortage of skilled cyber security professionals to buttress our defenses.

Given the increase in tensions, we should certainly anticipate a continuing barrage of the familiar forms of cyber-attack, including the typical malicious emails and malicious attachments, SQL Injections, denial-of-service attack (DoS attack), man in the middle attacks (MitM) as well as Ransomware coming from Iran. Although these are just a few of the many resources they have available, it’s also reasonable to suppose, by this time, Iran’s hackers have been able to reverse engineer Stuxnet and weaponize these additional capabilities.

While the risk of cyber-attacks is increasing, so too are the strict requirements of real-time monitoring, which have contributed to a constant and overwhelming flow of noisy network alerts and notifications that cyber security professionals must contend with. Attending to this unending stream prevents these professionals from focusing on other crucial security practices, such as threat hunting, finding security gaps, and closing backdoors in the ocean of network devices.

So it is the confluence of these two trends – the increased threat posed by foreign bad actors, along with the increasing administrative burdens placed on our cyber security professionals -- which makes this a moment of heightened cyber-risk for our network perimeters, local businesses, and government computer systems.

Some Essential Advice to Enhance Your Cyber Security Procedures

I’ve been in the cyber security business for a long time, first as an analyst and then as security engineer and director, working in a variety of private sector environments.  For the last year, I have been the director of Braintrace’s Security Operations Center, with general oversight responsibility for serving our clients’ security needs.  Threat hunting, malware analysis, network risk management and incident response are the tasks that keep our staff busy every day.

So here are 8 essential tips I’d like to share with you.  These are all critical practices that need to be incorporated into your security routine in order to stay 3 or 5 steps ahead of the bad actors who are out there now, probing and waiting for the chance to compromise your law firm’s security.

1.      Firewall Policies:

Investing in a reputable and reliable firewall. Using perimeter defense tactics such as Geo-Filtering. This is by far one of the easiest firewall configurations to enable. This practice may not work for most large organizations, however, having a habit or policy of notifying the security monitoring team anytime an employee travels outside the U.S. should be encouraged as a matter of routine practice.

2.      Security Compliance and Company Policies:

Enforcing group policy objects (GPO), limiting privilege admin rights to users in the entire organization, limiting access to removable drives, disabling executables from autorun and requiring Security administrators to install. These few practices alone could prove instrumental in stopping cold a reverse engineered version of Stuxnet.

3.      Enhancing Email Security through filtering practices such as DMARC, DKIM, and SPF:

Applying these filters to email services will greatly decrease spam, phishing, email spoofing, and more.

4.      Keeping an inventory of systems and software updates and patches.

5.      Learning to co-exist with Two-Factor Authentication:

This simple practice will prevent most brute force attempts and password sprays. In addition, ensuring that vpn tunnels have layers of security before granting access.

6.      Proactive Threat Hunting:

This requires security engineers cultivate the mindset of an attacker and develop proficiency with network forensic analysis.

7.      Incident Response:

Investing in a reputable and reliable End Point Detection (EDR) tool to provide direct access for the security team in order to stop and prevent breaches.

8.      Intelligent Security Orchestration and Automation:

A one-person security team is never a satisfactory approach especially considering the ever-growing threat landscape. This is why SOAR technology should be part of every Security Engineer’s arsenal, given the ease of integration and the ability to enable the orchestration of these essential security tools.

Working at Braintrace over the course of the last year, along with our great team of security engineers, we realized there would be tremendous value for our clients if we had a way to gain better visibility on network traffic, which would allow us to make better informed decisions on encrypted packets.  We looked for a tool and couldn’t find one so instead, we decided to develope our own.   We call it Deep Packet Inspection (DPI), a tool we use to help reveal the true identity of attacks, user behaviors, and anomalies.

This is the new era of Cyber-Security in which we have the ability to deploy a suite of powerful next generation tools and technologies to help stay ahead of the ever-growing threats.  Real-time Network Traffic Analyzation (NTA), bundled with threat hunters, and, the use SOAR technology together can provide you with an essential edge.  With SOAR and these other advanced tools at your disposal, your security team can overcome cyber security fatigue, decrease the risks posed by human error, and vastly improve the response time to critical incidents.

If you have any questions for the author Frank Flores, or want to learn more how to enhance your law firm's cyber preparedness, please call Braintrace at (866) 508-5471 or email us at media@braintrace.com.


Frank Flores is the Director of the Security Operations Center for Braintrace, 


Most Popular Tech Stories in 2019 

Posted on January 7, 2020 by

In keeping with the time-honored tradition of publishing best of lists to celebrate the New Year, here is our list of the ten most popular stories that appeared in Law Technology Digest in 2019.  What do you suppose it says about the pace of technological change last year that the top story provides 18 euphemisms for “I haven’t got a f*cking clue”?

Read More

Hitting the Sweet Spot for Law Firm Management with Zola Suite 

Posted on December 5, 2019 by Joseph Lamport

In the first part of this series, I wrote about how the platform business model is one of the defining features of our current state of technological and economic development, evident in such business success stories as Uber and Airbnb.  A platform business is one that creates value by facilitating exchanges, of either information, good or services, among otherwise independent groups and individuals via the platform it creates.  I also explained how the platform business model is of growing importance in the legal market, not so much for connecting lawyers to clients but as a means of more effectively connecting the lawyers within a firm and thereby enabling a much more efficient and far more integrated work-flow.

In this second part of the series I’m going to take a closer look at Zola Suite, part of the new generation of cloud-based law practice platforms now available on the market.   Zola Suite formally launched in 2015, after a few years in development, but in fairly short order it has emerged as a market leading solution for mid-sized and larger law firms. This positions Zola in notable contrast to its better-known cloud-based provider, Clio, which has attracted a large number of solos and small firm clients to its platform.

Read More

The Law Practice Platform 

Posted on November 12, 2019 by Joseph Lamport

In the past, law firms were held together primarily by their partnership agreements, which laid out the rules for how firm-wide decisions got made and how the spoils of collective labor would be divvied up.  Law firms of the future – whether they are organized as partnerships, LLCs or some other alternative business structure – will most certainly be far more dependent on whatever practice platform they choose to adopt.  It will be the practice platform, much more than the partnership agreement, that provides the insight, controls and coherence that holds the firm together.  

Read More

Casetext Launches CARA Patent That Provides Users AI-Powered Patent Law Research 

Posted on October 23, 2019 by Joseph Lamport

Casetext keeps leading the way by introducing powerful new applications of AI in the legal research market.  This week they announced the roll out of CARA Patent, a new product that leverages the power of AI technology to transform patent law research.

Read More

Incident Response: What Every Law Firm Needs to Know 

Posted on October 17, 2019 by Katherine Riley, CISA, CISM

One recent study estimated that a cyber-attack occurs every 39 seconds, which underscores the need of every business in America to be prepared for the possibility that their network security will eventually be tested if not breached.  For law firms, the risk is even more severe.  As of 2017, around 20% of all U.S. based law firms had been hacked.  By early 2019, that percentage had risen to an alarming 25%. 

And yet severe as the risk of security breach is, fewer than half of all law firms in the US have an adequate incident response plan in place, and less than a third of those firms with plans have undertaken any testing to ensure their preparedness in case of an attack.  The lack of planning and testing only increases the dangers law firms face.

Read More

Nothing Compares With compareDocs 

Posted on October 15, 2019 by Kerry Carroll

Document comparison is an absolutely essential technology for law firms today.  It’s a critical productivity tool that most lawyers rely on every day and it plays a vital role in client service because it’s how your firm keeps clients fully informed about work-in-progress.  How does your current solution stack up against compareDocs - the leading document comparision tool on the market? 

Read More

Parsons Behle Lab: Ringing the Bell for Market Innovation 

Posted on October 9, 2019 by Joseph Lamport

Parsons Behle Lab has embarked on an ambitious tech development effort, which represents a striking departure from the way most law firms have approached similar innovation and tech development initiatives. They are in the process of building a new type of law practice platform, which is open for other law firms and lawyers to use, and which enables participating firms to expand the services they offer to their own clients.  It's a platform that seems laden with opportunity for all those who choose to get involved. 

Read More

Streamlining the Process of E-Filing: making good on the promise of technology 

Posted on September 23, 2019 by Joseph Lamport

One of the most frustrating tendencies of technology is to create new problems while trying to solve old ones.  It's reminiscent of the drinker who drinks to forget he’s drinking in the Little Prince, with the problem and solution forever chasing each other in circular fashion.

Read More

Law Firms & Ecosystems 

Posted on September 9, 2019 by Anders Spile

For decades, law firms have upheld strong boundaries between the firm and the society in which they operate. The law firm maintains itself as a sturdy fortress, within which hierarchy, culture and tradition go unchallenged. The career path remains clear; associates and junior lawyers execute repetitive work in an attempt to get to the promised land of the equity partner with the result being that billable hours are silently killing all innovative efforts happening lawyer-to-lawyer.

Read More

Interview with Greg Spicer 

Posted on August 16, 2019 by Joseph Lamport

Editor’s Note:  We recently had a chance to sit down with Greg Spicer, the CRO at Braintrace, to talk about the growing importance of information security management and the option for registration under ISO 27001 for law firms today.  Braintrace is one of the top cybersecurity consulting firms in the country serving the legal, financial and government markets. 

Read More

Most Recent Issue

My precious is safe!

Hear ye! Hear ye! Let it be known to all lawyers (and nonlawyers per the text of the resolution) across the USA that the precious guild of law is safe from any and all modernization! Yesterday, in Austin, Texas, the House of Delegates of the American Bar Association approved a resolution to make it very clear that status quo is the way to go. It seems that innovation is only good for very select and narrow circumstances. What a shameful and stunning disappointment. Read more at LawSites: ABA Votes to Encourage Innovation in Lawyer Regulation, But with Revisions

- o/|oo|\o -

Even small data has value

Most articles you read are about big data and AI. James Wilson and Paul Daugherty flip that discussion and talk about small data ("Think kilobytes or megabytes rather than exabytes"). For a bit of a different view, read more at Harvard Business Review: Small Data Can Play a Big Role in AI

- o/|oo|\o -

The right fishy attitude

This KnowBe4 post has a a lot of good information in it. What I want to focus on is the attitude represented in part of the title, "It Only Takes One Phish." This is the attitude you have to take in security. Get the attitude right and the rest will follow. Read more at Security Awareness Training Blog: It Only Takes One Phish: Phishing Attack Results in Network Infiltration, IT Incompetence, and $217,000 in Paid Ransom Fees

- o/|oo|\o -

Jeffrey Brandt, Editor

Connect with me on LinkedIn Jeffrey Brandt
Follow me on Twitter @jeffrey_brandt
Follow all the PinHawk highlights @PinHawkHappens
Website:PinHawk.com | Blog: PinHawkBlog.com

Founding Circle, Association of Legal Technologists (ALT)
Member, ILTA Program Planning Council
Advisory Board Member, Lexpo'19
Chair, The 2019 Legal AI Forum
Judge, Litera Microsystems 2019 Changing Lawyer Awards

Welcome to our newest "pinions" from New York, California, Maryland and parts unknown!

There are other PinHawk newsletters that your colleagues and coworkers may be interested in. Pass along the links to the daily PinHawk Legal Administrator Daily, PinHawk Librarian News Digest and two weeklys, PinHawk Law Firm Marketing Brief and PinHawk Leading Law Departments.

All content Copyright © 2019 PinHawk LLC. All Rights Reserved.