Tag Archives: Distributed discovery

June 15, 2017 · 8:22 AM

eDiscovery Tech Can Effectively Address Key Cybersecurity Requirements

Organizations spent an estimated 122.45 billion USD in 2016 on cybersecurity defense solutions and services, in a never-ending effort to procure better firewalls, anti-malware tools, and intrusion detection and prevention systems to keep hackers out of their networks. However, recent industry studies clearly demonstrate that threats posed by insiders (whether through malice or negligent conduct) dwarf those from the outside.

In fact, industry experts assert that employees are inadvertently causing corporate data breaches and leaks daily. The Ponemon Institute recently surveyed hundreds of companies in its 2016 Cost of Data Breach Study.  Among 874 incidents, the survey revealed that 568 were caused by employee or contractor negligence; 191 by malicious insiders and only 85 incidents purely attributed to outsiders.

An insider is any individual who has authorized access to corporate networks, systems or data.  This may include employees, contractors, or others with permission to access an organizations’ systems. With the increased volume of data and increased sophistication and determination of attackers looking to exploit unwitting and even recruit malicious insiders, businesses are more susceptible to insider threats than ever before.

The most serious and often devastating cybersecurity incidents are usually related to “spear phishing” attacks, which are comprised of targeted and often highly customized electronic communications sent to specific individuals in a business that appear to come from a trusted individual or business. The targeted insider is often tricked into disclosing their passwords, providing highly sensitive information, or installing malware on their computer. These attacks tend to be successful because they are so customized and are designed to evade traditional cybersecurity defenses.

Much of the evidence and other indications of spear phishing and malicious insider incidents are not found in firewall logs and typically cannot be flagged or blocked by intrusion detection or intrusion prevention systems. Instead, much of that information is found in the emails and locally stored documents of end users spread throughout the enterprise. To detect, identify and effectively respond to insider threats, organizations need to be able to search across this data in an effective and scalable manner. Additionally, proactive search efforts can identify potential security violations such as misplaced sensitive IP, or personal customer data or even password “cheat sheets” stored in local documents.

To date, organizations have employed limited technical approaches to try and identify unstructured distributed data stored across the enterprise, enduring many struggles. For instance, forensic software agent-based crawling methods are commonly attempted but cause repeated high user computer resource utilization for each search initiated and network bandwidth limitations are being pushed to the limits rendering this approach ineffective. So being able to search and audit across at least several hundred distributed end points in a repeatable and quick fashion is effectively impossible under this approach.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the traditional approaches come close to meeting this requirement. This requirement, however, can be met by the latest innovations in enterprise eDiscovery software.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints from a central location.  Legal, cybersecurity, and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can proactively or reactively search for confidential data leakage and also keyword signatures of customized spear phishing attacks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs and quickens response times while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations.

Beyond providing enterprise eDiscovery and information governance functionality for an organization, employees benefit from having use of the award-winning X1 Search product to improve their productivity, with the added benefit of allowing the business to address the prevalent cybersecurity gap in addressing spear phishing attacks and other insider threats.

 

Leave a comment

Filed under compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance

Tagged as , , ,

July 21, 2016 · 8:29 AM

Recent Court Decisions, Key Industry Report Reveal Broken eDiscovery Collection Processes

 

While the eDiscovery industry has seen notable advancements and gained efficiencies in widespread adoption of hosted document review and supporting technologies, the same is not yet true for the collection and preservation of Electronically Stored Information (ESI). Leading industry research firm Gartner notes in a recent Market Guide report that eDiscovery collection and preservation process “especially when involving device collection, can be intrusive, time consuming and costly..”  And some recent court decisions imposing sanctions on corporate litigants who failed to meet their ESI preservation obligations are symptomatic of these pain points.

Earlier this year, a Magistrate judge imposed spoliation sanctions for destruction of ESI in a commercial dispute, where the Plaintiff made no effort to preserve such emails — even after it sent a letter to the defendant threatening litigation. (Matthew Enter., Inc. v. Chrysler Grp. LLC, 2016 WL 2957133 (N.D. Cal. May 23, 2016). The court, finding that the defendant suffered substantial prejudice by the loss of potentially relevant ESI, imposed severe evidentiary sanctions under Rule 37(e)(1), including allowing the defense to use the fact of spoliation to rebut testimony from the plaintiff’s witnesses. The court also awarded reasonable attorney’s fees incurred by the defendant in bringing the motion.  And in another case this year,  Internmatch v. Nxtbigthing, LLC, 2016 WL 491483 (N.D. Cal. Feb. 8, 2016), a U.S. District Court imposed similar sanctions based upon the corporate defendant’s suspect preservation efforts.

In her June 30, 2016 “Market Guide for E-Discovery Solutions,” Gartner eDiscovery analyst Jie Zhang notes that “searching across multiple and hybrid data repositories becomes more onerous and leads to overinvestment.” Given that most enterprises’ retention policy efforts are often unenforced or immature, there is often a glut of content to search through. Accordingly, almost every e-discovery request is different and often time pressured, as IT typically handles e-discovery requests in an ad hoc manner.” As such, Jie observes that “In order to guarantee data identification and collection quality, IT tends to err on the side of being overly inclusive in data preservation approach. This could result in too much legal hold or preservation. For example, it is not rare for an organization to put all mailboxes on legal hold or put them on legal hold over time (due to multiple holds and never-released holds). Being put on hold not only adds to IT management overhead and prime storage cost, but also makes any archive or records management difficult.”

The common theme between the cited cases and Zhang’s analysis is a perceived infeasibility of systemized and efficient enterprise eDiscovery collection process, causing legal and IT executives to wring their hands over the resulting disruption and expense of ESI collection. In some situations, the corporate litigant opts to roll the dice with non-compliance — a clearly misguided and faulty cost benefit analysis.

What is needed is an effective, scalable and systemized ESI collection process that makes enterprise eDiscovery collection much more feasible. More advanced enterprise class technology, such as X1 Distributed Discovery, can accomplish system-wide searches that are narrowly tailored to collect only potentially relevant information in a legally defensible manner. This process is better, faster and dramatically less expensive than other methods currently employed.

With X1 Distributed Discovery (X1DD), parties can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

1 Comment

Filed under eDiscovery

Tagged as , , , , ,

May 19, 2016 · 8:43 AM

Changing the Game for Rule 26(f) Meet and Confer Efforts with Pre-Collection Early Data Assessment

One of the most important provisions of the Federal Rules of Civil Procedure that impact eDiscovery is Rule 26(f), which requires the parties’ counsel to “meet and confer” in Meet and Conferadvance of the pre-trial scheduling conference on key discovery matters, including the preservation, disclosure and exchange of potentially relevant electronically stored information (ESI).  With the risks and costs associated with eDiscovery, this early meeting of counsel is a critically important means to manage and control the cost of eDiscovery, and to prevent the failure to preserve relevant ESI.

A key authority on the Rule 26(f) eDiscovery topics to be addressed is the “Suggested Protocol for Discovery of Electronically Stored Information,” provided by Magistrate Judge Paul W. Grimm and his joint bar-court committee. Under Section 8 of the Model Protocol, the topics to be discussed at the Rule 26(f) conference include: “Search methodologies for retrieving or reviewing ESI such as identification of the systems to be searched;” and “the use of key word searches, with an agreement on the words or terms to be searched” and “limitations on the time frame of ESI to be searched; limitations on the fields or document types to be searched.”

However, Rule 26(f) conferences occur early on in the litigation, typically within weeks of the case’s filing. As such, attorneys representing enterprises are essentially flying blind at this pre-collection stage, without any real visibility into the potentially relevant ESI across an organization. This is especially true in regard to unstructured, distributed data, which is invariably the majority of ESI that is ultimately collected in a given matter.

Ideally, an effective early data assessment (EDA) capability can enable counsel to set reasonable discovery limits and ultimately process, host, review and produce less ESI.  Counsel can further use EDA to gather key information, develop a litigation budget, and better manage litigation deadlines. EDA also can foster cooperation and proportionality in discovery by informing the parties early in the process about where relevant ESI is located and what ESI is significant to the case.

The problem is any keyword protocols are mostly guesswork at the early stage of litigation, as under current eDiscovery practices, the costly and time consuming step of actual data collection must occur before pre-processing EDA can take place. When you hear eDiscovery practitioners talk about EDA, they are invariably speaking of a post-collection, pre-review process. But without requisite pre-collection visibility into distributed ESI, counsel typically resort to directing broad collection efforts, resulting in much greater costs, burden and delays.

What is clearly needed is the ability to perform pre-collection early data assessment, instead of EDA after the costly, time consuming and disruptive collection phase.  X1 Distributed Discovery (X1DD) offers a game-changing new approach to the traditional eDiscovery model.  X1DD enables enterprises to quickly and easily search across thousands of distributed endpoints from a central location.  This allows organizations to easily perform unified complex searches across content, metadata, or both and obtain full results in minutes, enabling true pre-collection EDA with live keyword analysis and distributed processing and collection in parallel at the custodian level. This dramatically shortens the identification/collection process by weeks if not months, curtails processing and review costs from not over-collecting data, and provides confidence to the legal team with a highly transparent, consistent and systemized process.

A recent webinar featuring Duff & Phelps Managing Director and 20-year eDiscovery and computer forensics veteran Erik Laykin included a live demonstration of X1DD searching across 20 distributed endpoints in a manner of seconds. In reaction to this demonstration, Laykin commented “the ability to instantaneously search for keywords across the enterprise for a small or large group of custodians is in its own right a killer application. This particular feature gives you instantaneous answers to one of the key questions folks have been wrestling with for quite some time.”

You can now view a recording of last month’s webinar: eDiscovery Collection: Existing Challenges and a Game Changing Solution, which features an overview of the existing broken state of enterprise eDiscovery collection, culminating with a demonstration of X1 Distributed Discovery. The recorded demo will help illustrate how pre-collection EDA can greatly strengthen counsel’s approach to eDiscovery collection and meet and confer processes.

Leave a comment

Filed under eDiscovery, Preservation & Collection

Tagged as , , , , , ,