AI Underpinned Document Management Essential to Detecting Malicious Behaviour

The frequency with which high-profile data breaches and massive data privacy violations appear in global headlines clearly demonstrates the need to manage information with more stringent security and privacy controls. By Aaron Rangel, Director Product Management at iManage.

  • Thursday, 11th April 2019 Posted 5 years ago in by Phil Alsop

For many organisations, including professional services firms, the most valuable and confidential intellectual property resides in documents: propriety designs, patent filings, client advice, contracts, etc. In document-centric organisations, C-level executives embarking on a digital transformation journey recognise the need to deliver a highly secure, cyber-attack resistant document management platform that not only accelerates collaboration, but also systematically classifies content so it can be easily mined to deliver deeper insight and knowledge.

 

Organisations using traditional document management systems (DMS), or cloud-based drive solutions for managing and securing content, often believe they have a leg-up when compared to others that store documents on personal computers or shared drives; while this used to be true, today traditional DM is no longer sufficient to protect or leverage an organisation’s most valuable asset – their information.  To fuel digital transformation, a DMS needs additional technologies to ensure significantly more robust security and to facilitate meaningful access to the goldmine of information collected and stored everyday by the DMS.

 

To advance a digital transformation journey, a traditional DMS or cloud-based drive solution now must incorporate AI and machine learning technologies to provide the following two essential advantages:

 

1.       Use of AI-enabled behavioral analysis to detect modern day security attacks and prevent data loss:

 

It’s been reported that in the first six months of 2018, a total of 945 data breaches exposed 4.5 billion records. These numbers demonstrate that the traditional software security stack is no longer sufficient. Today, over 90% of all attacks are regarded as modern-day security breaches, where the perpetrator is either an insider, who has valid network credentials, or an external hacker who has stolen the credentials of a legitimate user through a phishing scheme. Fortifying the network perimeter does not prevent a modem day security attack that bypasses the perimeter through stolen credentials.  Such attacks can only be detected by harnessing the power of AI to review all data stored in the DMS to develop a deep understanding how individual users behave, making it possible to trigger alerts when anomalous behavioral patterns are discovered. The number of users accessing the DMS and the variability in the actions they perform as they collaborate -- namely open, close, view, mail, copy and print documents -- makes it impossible and cost prohibitive for humans to analyse at scale. Some of the common patterns of malicious DMS activity that AI and machine learning technologies can detect include:

 

Disgruntled users: An example threat pattern for this type of attack is an employee simply downloading privileged client content and posting it in a public forum to exact revenge.

 

Un-intentional high-risk behavior: Here the high-risk behavior is not intentional but habitual. Example threat patterns for this type of attack include an employee sending documents to a manager who recently departed, an employee copying a high volume of privileged data to a personal computer before leaving on vacation (instead of accessing the DMS through a browser).

 

Sophisticated malicious insider: An example threat pattern in this category is that of an employee slowly but systematically accessing content across projects outside the assigned job function with the intention of finding the best information to monetise.

 

Abuse of privileged accounts: Administrator accounts have broad privileges over content management operations making these accounts top candidates for misappropriation and for phishing attacks. An example threat pattern in this category would be when an administration account typically only associated with administrative activity -- suddenly starts emailing and printing documents.

 

Non-filers: Non-filers are those users who circumvent the document management system. They pose a risk to the organisation because they store firm content on local drives or on other non-sanctioned repositories where the content is not under the organisation’s control.

 

Stolen credentials (a.k.a phishing attacks): It’s a well-known fact that heads of departments and high-stake employees with public profiles are prime targets for phishing attacks. Whether the perpetrator is an insider or an external party who has obtained stolen credentials, the signature threat pattern of such an attack is access of content outside the victim’s normal access pattern.

 

Departing Employees:

The risk posed by departing employees is well understood. They often leave to join competing organisations and there is a strong incentive for them to take sensitive information with them when they leave. It’s a well-known fact that the months prior to an employee’s leaving the firm is a high-risk period. By monitoring a group of employees who have given notice or predicting the departure of one or more high -stake employees, AI can play an important role in risk mitigation.

 

Managing information with the highest levels of security and privacy controls is critical for all businesses. To address the new security and privacy imperative, DMS systems should not only provide advanced security models that lock down access to only those who “need to know,” but must also integrate AI-based threat detection models with real time intervention frameworks to stop data loss in the event of a malicious attack.

 

2.       Use of AI-enabled deep content analysis to classify and mine deeper insights and knowledge from data

 

Leading organisations understand that they need to make radical changes enabled by the use of digital technologies to drive faster innovation and agility. Real transformation comes when technologies like AI, analytics and machine learning are used to mine deeper insights and knowledge from customer transactions to develop new service offerings that change how an organisation operates. For document intensive businesses, AI-powered deep content analysis is essential to classify and study vast volumes of information. It’s this very same knowledge that fuels the delivery of new applications that automate routine tasks, commoditize services or help predict outcomes that enable firms to gain a critical advantage in business.

 

About the author

Aaron Rangel is responsible for the Threat Manager product within the iManage Govern product suite. Aaron has extensive experience in launching innovative products to the marketplace. Prior to iManage, Aaron held senior product management positions at SPSS, IBM and has extensive experience with both the document management and analytics space.