Managed Security Plugs Law Firm's Virus Holes

KazanLaw turned to real-time malware monitoring to protect its clients' information and its network security, and got an extra bonus when the system pinpointed risky surfing.

First, there were the viruses that got through to the law firm's network as if its antivirus software had holes in it. Then, there were the times when Internet access slowed down to a crawl for no apparent reason.

How to tighten security and keep the network available when you're working with a small staff and a tight budget?

After all, tight security and high productivity are a concern for any business, but when you're representing victims of asbestos-related cancer, protecting sensitive, personally identifiable information just isn't something you can trust to antivirus software that's not foolproof.

That's why Kazan, McClain, Abrams, Lyons & Greenwood, PLC-a 70-employee law firm based in Oakland, Calif.,-decided to turn to an MSS (managed security service) to give it a hand.

IT manager Tara Runyan consulted with the company's long-time security partner, which recommended ScanSafe. ScanSafe is designed to be a comprehensive security monitoring SAAS (Software as a Service) that offers real-time Web malware scanning, Web filtering and IM control.

Gradually rolled out, the MSS went live in early 2007. It's not only doing a better job at ferreting out viruses than the software the firm was using previously, it's also giving the IT staff a portrait of where KazanLaw, as it's known, is suffering because of dangerous or unproductive Web surfing on behalf of employees. ScanSafe is even opening up opportunities to educate staff in real-time, as their surfing habits take a spin toward the dangerous or unproductive.

One example: Runyan recalls a time when the Internet seemed to slow down for no apparent reason.

"I looked in ScanSafe and found that a much larger percentage than normal of the connections that were being made were being made on ESPN and other sports-related sites and it was really slowing down our performance," she recalled. "So I sent out a company-wide e-mail saying that it was really impacting performance, and requesting that people stop."

Runyan also remembers a user who had several viruses blocked by the system in a relatively short amount of time. Although the company doesn't generally monitor users' traffic, this was a red flag, prompting Runyan to look at the situation more closely. She quickly discovered that the user was doing some inappropriate Web surfing, and she notified the human resources department, which took corrective action.

For many years, the company's IT department had worked hard to block viruses from entering the firm by using Trend Micro's InterScan VirusWall. As far as blocking viruses and malicious Web traffic goes, the software just wasn't stopping all viruses. However, the company's use of other Trend Micro products, including Trend ServerProtect and OfficeScan for server and desktop virus protection, continue to work well for the firm.

Still, the InterScan VirusWall had too many holes and wasn't justifying the manpower it required for maintenance. "We were maintaining a server for something that was giving us very little benefit," Runyan said. "We were still seeing more infections via Web traffic than we wanted to see, and we were seeing more and more spyware. We needed something more comprehensive to handle Web filtering and Web malware scanning, instead of just virus traffic."

In particular, Runyan believed the ability to monitor content was imperative. Not only would it increase productivity, but it would help the company better implement its policy, which stated that employees could use computers for limited personal use as long as it didn't interfere with productivity, and that visiting inappropriate sites, such as gambling and pornography sites, was prohibited.

Even sites that aren't necessarily inappropriate had to be blocked, Runyan and the company's partners believed, in the interest of high productivity and security risk; hence, the firm wanted to block employee use of MySpace, for example. That's where ScanSafe came in.

"There used to be a perceived link between bad sites and malicious content, but now people realize that users can go anywhere and get infected," said Dan Nadir, vice president of product strategy at ScanSafe. "We scan all content in real time, without a front-end expense."

Although ScanSafe looked like a service that would answer the law firm's needs, Runyan started small, first piloting the concept by running everything through ScanSafe directly. The next step was to install a ScanSafe component on KazanLaw's servers that allows the company to know not only that something has been blocked, but who has been accessing a particular site. Finally, the system went live in early 2007.

So far, the system seems to be living up to its promise, protecting the company and improving productivity.

Now that the system is working well, the next step might be to implement upcoming technology from ScanSafe that installs remote agents on laptops to offer the same level of security as office-bound workers.

Check out eWEEK Midmarket for the latest news, views and analysis on the issues and technologies that matter to midsize businesses.