King & Wood Mallesons CISO relies on Elastic to “spot and identify” security threats
King & Wood Mallesons (KWM) is among the world’s most innovative law firms and is represented by 2,400 lawyers in 28 locations across the globe. The international law firm, based in Australia, helps clients flourish in Asian markets by helping them understand and navigate local challenges and by delivering solutions that provide clients with a competitive advantage.
The firm believes in taking a partnership approach with clients and in pushing boundaries to connect Asia to the world and the world to Asia.
To succeed in that mission, John Reeman, the Chief Information Security Officer for KWM, says the firm began leveraging Elastic about two years ago for security operations. The move has provided the firm with fresh insights to quickly pinpoint security events across the enterprise.
“We're using it predominantly for security operations, so looking at log sources, threat hunting, taking information in from endpoints, and a wide variety of critical applications to give us context about our environment so that we can spot and identify the bad guys and hopefully keep them out,” Reeman says.
Machine learning, maturing the security platform
Reeman states the firm is working to refine and mature its security platform. That’s a constant battle businesses face when it comes to securing the enterprise as threat actors evolve.
“Am I collecting all of the right logs from every log source that I feel is critical? You're always going to be playing that game probably for a long time, because you never know what you don't know,” he says.
As part of that maturation process, and to gain even more insights into its security data, Reeman says KWM is experimenting with Elastic machine learning on domain name system (DNS) activity, user behavior, and other processes. However, understanding the benefits of machine learning takes time, Reeman cautions.
With machine learning, businesses must first acquire an understanding of a baseline for normal behavior. Once that is known, a clearer picture of anomalous behavior is more easily surfaced as time passes, Reeman says.
“I come from a digital forensics background and we always say, ‘you have to know normal to find evil,’” Reeman says.
Securing the endpoints
Beyond securing the enterprise perimeter and applications, Reeman says the firm is adding log data into Elastic from endpoints scattered around the globe. Reeman says endpoint data, processed with machine learning, is important to capture because it's the “last bastion” of where security information resides.
“Pulling that information into Elastic,” he says, “was very important for us to be able to understand the environment and again, bring it back to understanding normal to find evil.”
Watch the full presentation to learn more about how King & Wood Mallesons harnesses Elastic to secure endpoints, push boundaries, and connect Asia to the world, and the world to Asia.