Relativity Product Team Highlights Compelling X1 Integration for ESI Collection

By John Patzakis

Recently we hosted a webinar with Relativity highlighting the very compelling integration of our X1 Distributed Discovery platform with the RelativityOne Collect solution. This X1/Relativity integration enables game-changing efficiencies in the eDiscovery process by accelerating speed to review, and providing an end-to-end process from identification through production.  As stated by Relativity Chief Product Officer Chris Brown: “Our exciting new partnership with X1 highlights our continued commitment to providing a streamlined user experience from collection to production…RelativityOne users will be able to combine X1’s innovative endpoint technology with the performance of our SaaS platform, eliminating the cumbersome process of manual data hand-offs and allowing them to get to the pertinent data in their case – faster.”

blog-relativity-collect-v3

The webinar featured a live demonstration showing X1 quickly collecting data across multiple custodians and seamlessly importing that data into RelativityOne in less than two minutes. Relativity Collect currently supports Office 365 and Slack sources, and this X1 integration will now enable Relativity Collect to also reach emails and files on laptops and file servers. Relativity Senior Product Manager Barry O’Melia commented that the integration with X1 will “greatly streamline eDiscovery process by collapsing the many hand-offs built into current EDRM workflows to provide greater speed and defensibility.”

ComplianceDS President Marc Zamsky, a customer of both X1 and Relativity, recently commented that the “ability to collect directly from custodian laptops and desktops into a RelativityOne workspace without impacting custodians is a game-changer,” which will “reduce collection times from weeks to hours so that attorneys can quickly begin reviewing and analyzing ESI in RelativityOne.”

The live demonstration performed by O’Melia highlighted in real time how the integration improves the enterprise eDiscovery collection and ECA process by enabling a targeted and efficient search and collection process, with immediate pre-collection visibility into custodial data. X1 Distributed Discovery enhances the eDiscovery workflow with integrated culling and deduplication, thereby eliminating the need for expensive and cumbersome electronically stored information (ESI) processing tools. That way, the ESI can be populated straight into Relativity from an X1 collection.

The X1 and Relativity integration addresses several pain points in the existing eDiscovery process. For one, there is currently an inability to quickly search across and access distributed unstructured data in-place, meaning eDiscovery teams have to spend weeks or even months to collect data as required by other cumbersome solutions. Additionally, using ESI processing methods that involve appliances that are not integrated with the collection will significantly increase cost and time delays.

So in terms of the big picture, with this integration providing a complete platform for efficient data search, eDiscovery and review across the enterprise, organizations will save a lot of time, save a lot of money, and be able to make faster and better decisions. When you accelerate the speed to review and eliminate over-collection, you are going to have much better early insight into your data and increase efficiencies on many levels.

A recording of the X1/Relativity integration webinar can be accessed here.

With the ability to search and collect emails and documents across up to thousands of endpoints and network sources with industry-leading speed, X1 Distributed Discovery revolutionizes enterprise eDiscovery. For example, X1 empowers legal and consulting teams to iterate their search parameters in real time before collection, providing a revolutionary true pre-collection early case assessment capability. Additionally, with its intelligent collection capability, X1 performs instantaneous data processing (culling, de-duplication, text and metadata extraction, etc) in a fully automated manner.

And with the integration with Relativity, the X1 platform is even more compelling. As Marc Zamsky exclaimed “My clients are going to love this!”

Leave a comment

Filed under collection, eDiscovery, Preservation & Collection, SaaS, Uncategorized

How Case Teams Can Streamline Collections with X1 in RelativityOne

Editor’s’ Note: This article originally appeared on The Relativity Blog. It is reprinted here in full with permission. 

by Sam Bock on November 07, 2019

Our September 2019 release for RelativityOne debuted some game-changing functionality in the platform. Collect for RelativityOne enables fast, secure, and defensible collections right within the cloud, allowing RelativityOne users to pull data directly from Microsoft Office 365 without ever leaving the platform or Azure.

One of our developer partners—X1joined up with us on building this functionality, bringing their patented technology into Collect to help simplify traditionally complex workflows.

To get a better picture of just what Collect and X1 Distributed Discovery are capable of now that they’ve teamed up, we sat down with X1 Executive Chairman and Chief Legal Officer John Patzakis. Check out the most impactful takeaways from our conversation, and sign up for X1’s upcoming webinar to learn more.

Sam: What makes collection challenging for today’s legal teams?

John: Traditional e-discovery collection methods consist of either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations. On the other end of the spectrum, endpoint forensic imaging is burdensome, expensive, and not legally required for civil litigation discovery. Additionally, these manual and disjointed efforts are not technically integrated with Relativity, thus requiring multiple hand-offs, which increases risk, expense, and cumbersome project management efforts.

How does your team think creatively to tackle those challenges in the interest of conducting faster, more defensible collections for your customers?

We tackle collection from the enterprise and also enable significant scalability. X1 Distributed Discovery enables enterprises and their service providers to search, assess, and analyze electronically stored information (ESI) across hundreds or even thousands of custodians, enterprise-wide, where the data resides and before collection, with direct upload into Relativity. Instead of the expensive and disruptive “image then stage then process then load into review workspace” process, X1 Distributed Discovery allows for access to ESI where it sits within hours.

What sorts of variables exist in today’s collection workflows, and how does your team accommodate for those differences?

One of the biggest challenges with modern enterprise ESI collection comes from remote employees who only log into the network intermittently. Most network-enabled collection tools require custodians to be on the domain in order to work. However, X1 is architected to feature SSL security certificates—creating secure tunnels that enable collection from custodians wherever they are, including on WiFi in a Starbucks or on a plane.

Another key challenge is email collection. Traditional workflows often require collecting an entire PST email container or Exchange email account back to a central location for processing, identification, and preservation of potentially responsive email messages. This approach involves the transferring and processing of large files, which takes a lot of time, before even beginning to identify individually responsive email messages. Our solution eliminates the need to transfer entire email containers by allowing the identification and collection of individual messages in place on a custodian’s computer.

How is Collect for RelativityOne built to manage modern collections more effectively?

Collect integrates the X1 Distributed Discovery architecture to leverage patented search technology that indexes Microsoft Office 365 data directly on the laptop, desktop, or file server, allowing e-discovery, investigatory, or forensic professionals to globally query thousands of individual endpoints simultaneously. Individual emails and files can be identified by keyword, dates, and other metadata content without having to first retrieve the entire PST or ZIP across the network.

Collecting enterprise ESI can be one of the most daunting parts of the e-discovery process, and X1’s technical integration with RelativityOne seeks to make it less intimidating. The software helps streamline the e-discovery workflow by eliminating expensive and cumbersome processing steps and dramatically increasing speed to review. Collect for RelativityOne provides legal teams with a solution that compresses project timeframes; reduces risk by integrating collection with the rest of Relativity’s suite of features for review and analysis; and creating a repeatable process that helps reduce overall efforts and costs that might otherwise be spent outside of the platform. Additionally, the tight integration between X1’s technology and Relativity provides a unified chain of custody for optimal defensibility.

In short, we’re excited to see how this functionality, built into Relativity’s collection tool, can help revolutionize the current e-discovery process by collapsing the many hand-offs involved in the EDRM into a few short steps manageable by one or two people.

What tips and best practices would you share with a team conducting complex collections? How can they set themselves up for success from the start?

When collecting data, plan your collection criteria carefully. Focus on granular search criteria including file types, data ranges, and other key metadata in addition to detailed Boolean search terms to help your team strategically reduce collection volumes.

Sam Bock is a member of the marketing team at Relativity, and serves as editor of The Relativity Blog.

Leave a comment

Filed under collection, Corporations, eDiscovery, Enterprise eDiscovery, Uncategorized

Incident Reporting Requirements Under GDPR and CCPA Require Effective Incident Response

By John Patzakis

The European General Data Protection Regulation (GDPR) is now in effect, but many organizations have not fully implemented compliance programs. For many organizations, one of the top challenges is complying with the GDPR’s tight 72-hour data breach notification window. Under GDPR article 33, breach notification is mandatory where a data breach is likely to “result in a risk for the rights and freedoms of individuals.” This must be done within 72 hours of first having become aware of the breach.  Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.GDPR-stamp

In order to comply, organizations must accelerate their incident response times to quickly detect and identify a breach within their networks, systems, or applications, and must also improve their overall privacy and security processes. Being able to follow the GDPR’s mandate for data breach reporting is equally important as being able to act quickly when the breach hits. Proper incident response planning and practice are essential for any privacy and security team, but the GDPR’s harsh penalties amplify the need to be prepared.

It is important, however, to note that the GDPR does not mandate reporting for every network security breach. It only requires reporting for breaches impacting the “personal data” of EU subjects. And Article 33 specifically notes that reporting is not required where “the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.”

The California Consumer Privacy Act contains similar provisions. Notification is only required if a California resident’s data is actually compromised.

So after a network breach is identified, determining whether the personal data of an EU or California citizen was actually compromised is critical not only to comply where a breach actually occurred, but also limit unnecessary or over reporting where an effective response analysis can rule out an actual personal data breach.

These breaches are perpetrated by outside hackers, as well as insiders. An insider is any individual who has authorized access to corporate networks, systems or data.  This may include employees, contractors, or others with permission to access an organizations’ systems. With the increased volume of data and the increased sophistication and determination of attackers looking to exploit unwitting insiders or recruit malicious insiders, businesses are more susceptible to insider threats than ever before.

Much of the evidence of the scope of computer security incidents and whether subject personal data was actually compromised are not found in firewall logs and typically cannot be flagged or blocked by intrusion detection or intrusion prevention systems. Instead, much of that information is found in the emails and locally stored documents of end users spread throughout the enterprise on file servers and laptops. To detect, identify and effectively report on data breaches, organizations need to be able to search across this data in an effective and scalable manner. Additionally, proactive search efforts can identify potential security violations such as misplaced sensitive IP, or personal customer data or even password “cheat sheets” stored in local documents.

To date, organizations have employed limited technical approaches to try and identify unstructured distributed data stored across the enterprise, enduring many struggles. For instance, forensic software agent-based crawling methods are commonly attempted but cause repeated high computer resource utilization for each search initiated and network bandwidth limitations are being pushed to the limits rendering this approach ineffective, and preventing any compliance within tight reporting deadlines. So being able to search and audit across at least several hundred distributed end points in a repeatable and expedient fashion is effectively impossible under this approach.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the traditional approaches come close to meeting this requirement. This requirement, however, can be met by the latest innovations in enterprise eDiscovery software.

X1 Distributed GRC  represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints from a central location.  Legal, cybersecurity, and compliance teams can easily perform unified complex searches across both unstructured content and metadata, and obtain statistical insight into the data in minutes, instead of days or weeks. With X1 Distributed GRC, organizations can proactively or reactively search for confidential data leakage and also keyword signatures of personal data breach attacks, such as customized spear phishing attacks. X1 is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs and quickens response times while greatly mitigating risk and disruption to operations.

Leave a comment

Filed under compliance, Corporations, Cyber security, Cybersecurity, Data Audit, GDPR, Information Governance

USDOJ Expects Companies to Proactively Employ Data Analytics to Detect Fraud

By John Patzakis and Craig Carpenter

In corporate fraud enforcement actions, The US Department of Justice considers the effectiveness of a company’s compliance program as a key factor when deciding whether to bring charges and the severity of any resulting penalties. Recently, prosecutors increased their emphasis on this policy with new evaluation guidelines about what prosecutors expect from companies under investigation.DOJ

The USDOJ manual features a dedicated section on assessing the effectiveness of corporate compliance programs in corporate fraud prosecutions, including FCPA matters. This section is a must read for any corporate compliance professional, as it provides detailed guidance on what the USDOJ looks for in assessing whether a corporation is committed to good-faith self-policing or is merely making hollow pronouncements and going through the motions.

The USDOJ manual advises prosecutors to determine if the corporate compliance program “is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives,” and that “[p]rosecutors should therefore attempt to determine whether a corporation’s compliance program is merely a ‘paper program’ or whether it was designed, implemented, reviewed, and revised, as appropriate, in an effective manner.”

Recently, Deputy Assistant Attorney General Matthew Miner provided important additional guidance through official public comments establishing that the USDOJ will be assessing whether compliance officers proactively employ data analytics technology in their reviews of companies that are under investigation.

Miner noted that the Justice Department has had success in spotting corporate fraud by relying on data analytics, and said that prosecutors expect compliance officers to do the same: “This use of data analytics has allowed for greater efficiency in identifying investigation targets, which expedites case development, saves resources, makes the overall program of enforcement more targeted and effective.” Miner further noted that he “believes the same data can tell companies where to look for potential misconduct.” Ultimately, the federal government wants “companies to invest in robust and effective compliance programs in advance of misconduct, as well as in a prompt remedial response to any misconduct that is discovered.”

Finally, “if misconduct does occur, our prosecutors are going to inquire about what the company has done to analyze or track its own data resources—both at the time of the misconduct, as well as at the time we are considering a potential resolution,” Miner said. In other words, companies must demonstrate a sincere commitment to identifying and investigating internal fraud with proper resources employing cutting edge technologies, instead of going through the motions with empty “check the box” processes.

With these mandates from government regulators for actual and effective monitoring and enforcement through internal investigations, organizations need effective and operational mechanisms for doing so. In particular, any anti-fraud and internal compliance program must have the ability to search and analyze unstructured electronic data, which is where much of the evidence of fraud and other policy violations can be best detected.

But to utilize data analytics platforms in a proactive instead of a much more limited reactive manner, the process needs to be moved “upstream” where unstructured data resides. This capability is best enabled by a process that extracts text from unstructured, distributed data in place, and systematically sends that data at a massive scale to an analytics platform, with the associated metadata and global unique identifiers for each item.  One of the many challenges with traditional workflows is the massive data transfer associated with ongoing data migration of electronic files and emails, the latter of which must be sent in whole containers such as PST files. This process alone can take weeks, choke network bandwidth and is highly disruptive to operations. However, the load associated with text/metadata only is less than 1 percent of the full native item. So the possibilities here are very compelling. This architecture enables very scalable and proactive solutions to compliance, information security, and information governance use cases. The upload to AI engines would take hours instead of weeks, enabling continual machine learning to improve processes and accuracy over time and enable immediate action to be taken on identified threats or otherwise relevant information.

The only solution that we are aware of that fulfills this vision is X1 Enterprise Distributed GRC. X1’s unique distributed architecture upends the traditional collection process by indexing at the distributed endpoints, enabling a direct pipeline of extracted text to the analytics platform. This innovative technology and workflow results in far faster and more precise collections and a more informed strategy in any matter.

Deployed at each end point or centrally in virtualized environments, X1 Enterprise allows practitioners to query many thousands of devices simultaneously, utilize analytics before collecting and process while collecting directly into myriad different review and analytics applications like RelativityOne and Brainspace. X1 Enterprise empowers corporate eDiscovery, compliance, investigative, cybersecurity and privacy staff with the ability to find, analyze, collect and/or delete virtually any piece of unstructured user data wherever it resides instantly and iteratively, all in a legally defensible fashion.

X1 displayed these powerful capabilities with Compliance DS in a recent webinar with a brief but substantive demo of our X1 Distributed GRC solution, emphasizing our innovative support of analytics engines through our game-changing ability to extract text in place with a direct feed into AI solutions.

Here is a link to the recording with a direct link to the 5 minute demo portion.

In addition to saving time and money, these capabilities are important to demonstrate a sincere organizational commitment to compliance versus maintaining a mere “paper program” – which the USDOJ has just said can provide critical mitigation in the event of an investigation or prosecution.

Leave a comment

Filed under Best Practices, compliance, Corporations, Data Audit, eDiscovery & Compliance, Information Governance