As many firms continue to receive increased security demands from their clients, iManage has created a governance suite of products to help satisfy and surpass these requirements. Security Policy Manager, Threat Manager and Records Manager make up this suite of new products. Today we will take a high-level look at Threat Manager and why it is useful.
Analyze user transactions to detect patterns
Threat Manager can provide firms direct insight into what activities its users are performing on clients, matters and documents for any time frame. It continuously collects user history data from the iManage system 24/7, and then utilizes machine learning to analyze these transactions to detect patterns of normal and abnormal user behavior. This allows the system to detect threats using statistically generated thresholds. These thresholds are based on the user’s normal behavior, and not an arbitrary number. This significantly reduces false positives.
Different thresholds for different users
User A shows normal daily activity with 4 or 5 documents daily, and User B shows activity on 20-30 documents daily. Threat Manager will automatically set thresholds for these individuals separately. If one day User A exports 50 documents, Threat Manager will recognize this as abnormal behavior, and can send an email alert or a report. The same goes for User B. If they show daily activity on 100 documents, this could also be reported. As you can see, completely different thresholds for different types of users. The same type of analytics can be done with users accessing Clients and Matters.
Alert administrators to potential threats
This information is very powerful. The application can alert firm administrators to potential threats of users leaving the firm or even an outside threat of access to documents. A proprietary algorithm also scores the alerts based on deviations from individual users as well as group behavioral patterns. For example, you can configure monitoring rules to analyze your litigation users group differently than you IP users group.
The system also provides very nice bubble and exceptions charts which you can dive into to get more granular details of the data.
The application can be deployed as an appliance (on premises) or in the iManage cloud.
Example of a bubble chart:
Example of an exceptions chart:
For a more detailed explanation of Threat Manager, as well as iManage’s Governance Suite of Products, email us at firstname.lastname@example.org.