Law firms will start sharing security data to prevent attacks

It’s clear that big banks provide a lot of incentive for hackers to launch cyber attacks, given the amount of sensitive data they hold and the cash they oversee. But banks aren’t the only entities hackers are targeting. The law firms that represent financial institutions are also subject to attacks, and as a result a group of law firms is banding together to share security data in order to prevent attacks, according to a New York Times report.

The data held by law firms is a treasure trove for hackers because it includes some of the most secretive aspects of companies, including their business operations, deal making and legal disputes. However, the general public may not be aware of law firm hacks because the firms are private entities and don’t have to abide by the same set of rules as public companies, especially when it comes to disclosing their breaches.

The Times report states that both banks and law firms have been working to create a separate legal group that would be connected to the Financial Services Information Sharing and Analysis Center, which acts as the meeting ground where financial entities can share and analyze security related information. A similar group for law firms could form by the end of 2015.

Supposedly, a half-dozen law firms were hacked over the past couple of months and the security company Mandiant has been working with these organizations on the breach, the Times reports, citing an unidentified source.

There’s not a lot of information out there as to the specifics of the cyber attack, but the Times reports that Mandiant recently said during a conference that “many of the bigger hackings of law firms had ties to the Chinese government, which was seeking information on patent applications, trade secrets, military weapons systems and contract negotiations.”

Sharing security data between organizations appears to be a trend, with President Obama recently signing an executive order calling for businesses and the Federal Government to create some kind of hub where they can exchange information.

Additionally, [company]Facebook[/company] just released its own collaborative threat detection framework, which includes a number of tech companies pledging support, including Pinterest, [company]Yahoo[/company], [company]Twitter[/company] and Dropbox.

What separates the proposed law firm information-sharing group and Facebook’s threat-detection framework from what President Obama is calling companies to establish is the fact that, as far as we know, law enforcement will not be participating in both projects. The White House wants the government to be a part of these data-sharing endeavors, under the premise that it has valuable information, but if organizations want that data, they’ll have to pony up their own.

But privacy concerns in light of the Edward Snowden leaks have caused tech companies to be wary of disclosing information to the government, and in a telling sign, Facebook, [company]Google[/company] and Yahoo chose not to participate in the White House’s Summit on Cybersecurity and Consumer Protection held in Stanford a few weeks ago.

NSA-linked Sqrrl eyes cyber security and lands $7M in funding

Sqrrl, the big data startup whose founders used to work for the NSA, plans to announce Thursday that it is shifting its focus to cyber security with a new release of its enterprise service. The startup is also taking in a $7 million Series B investment round, bringing its total funding to $14.2 million, said Ely Kahn, a Sqrrl co-founder and vice president of business development.

The heart of Sqrrl’s technology is the NSA-developed and open-sourced Apache Accumulo NoSQL database, which the company, like other open-source-reliant companies such as Docker or Hortonworks, sells premium services around.

While the Accumulo technology, based on Hadoop, provided a way for companies to store and analyze all their data similar to how they could with other big data vendors like Splunk, Kahn said his team found that their biggest customers were using the technology for cybersecurity purposes. Just a hunch, but I bet the whole “ties to the NSA” thing probably leads to people wanting to give it a go for their security challenges.

Sqrrl’s technology spools together many different types of data sets, from intrusion detection logs to human resources information, and puts that in a single platform that can be used for discovering bad actors that may be loitering in a company’s infrastructure.

Because the Accumulo NoSQL database can function as a graph database (graph databases are a class of NoSQL databases, said Kahn) the Sqrrl team can dump all that data into the system and then receive a picture of the network that contains all the users, devices and servers and how they are connected together.

Sqrrl dashboard

Sqrrl dashboard

“We are able to take all these disparate data sets and defuse them into this linked-data model,” said Kahn.

Graph databases seem to be getting a lot of action these days (DataStax just bought out a graph-database company called Aurelius) and it’s often that people use the technology as a way to map out their infrastructure and learn about vulnerabilities.

Given this traction of using graph databases for security purposes it makes sense that Sqrrl would want to ride this wave, and its Sqrrl Enterprise 2.0 product line now contains security specific features including a visualization tools like bar charts and pie charts, and a dashboard for users to create reports based from the data.

“It’s a big data analytics platform with a focus on cybersecurity,” said Kahn. “It has a database foundation, but it now has advanced visualization capabilities that supports the incident-detection lifecycle.”

This might sounds similar to Argyle Data, which built fraud-detection software on top of the Accumulo database, but Kahn said that startup is more focussed on using its technology to prevent telephone scams and the like and that solving problems related to fraud requires different types of data sets than the ones Sqrrl analyzes to detect anomalies.

Rally Ventures drove the latest funding round along with previous investors Atlas Venture and Matrix Partners.

For more on how innovative companies are using big data to solve complex problems, be sure to check out Structure Data 2015 on March 18-19 in New York City.