BLG Sees an 80% Reduction in False Positives with CrowdStrike

Borden Ladner Gervais LLP is Canada's largest law firm with 850 lawyers and 2,300 employees working in five offices spread across the country. The firm is 200 years old and fully bilingual across its wide array of practices, which include intellectual property, mergers and acquisitions, health law, commercial law, cybersecurity and privacy. BLG's lawyers are proud of their mission and expect the vendors they rely on to be similarly passionate about their work.

Securing a law firm that has thousands of endpoints and more than 800 servers is challenging, says Wayne Cross, the director for cybersecurity and infrastructure operations in BLG's chief security office. In 2018, BLG deployed the CrowdStrike Falcon® cybersecurity platform, beginning a transformative partnership that has enhanced security, reduced costs and supported the firm's innovative approach to legal services.

Address Complexity with a Seamless Deployment

Most lawyers want cybersecurity to be silent, running in the background and working without their knowledge. "Like they say … the best change for a lawyer is no change," he said. But as any cybersecurity professional knows, the cyber threat landscape - and the technology needed to defend against it - is constantly evolving.

Cross started at BLG in 2010. In 2017, he decided to replace the endpoint protection vendor he had inherited with the Falcon platform. BLG has a small security staff, which had grown tired of supporting a legacy product and maintaining the on-premises infrastructure associated with it. Maintaining its servers across the country also required significant work.

"We just knew there was this vendor on the market that everyone was talking about, so we decided to bring them in and try it," he said. "We never looked back." Thus began an enduring relationship between BLG and CrowdStrike.

Rolling out a new security product or service can be challenging. While Cross and his team are primarily based in Toronto, the deployment would involve employees throughout Canada. But the rollout of the Falcon platform was so seamless that BLG employees weren't aware any changes were happening when it was introduced.

This positive experience would lead BLG on a path of becoming a customer of CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Next-Gen SIEM.

Immediate Results: Fewer False Positives, Greater Efficiency

After deploying the Falcon platform, the impact was immediate. BLG saw an 80% reduction in false positives from its previous platform, and much of the noise the team had previously seen disappeared. The threat alerts they received were legitimate and actionable. "We were seeing things that we never saw before, and the things that were coming at us were truly things that we needed to pay attention to," said Cross.

Also significant was the 70% drop in operational resource needs that Cross said his team experienced, as they no longer had to manage servers and devices. This freed up Cross and his team to become more proactive and focus on network detection and response - something they had previously wanted to do for years but couldn't. The Falcon platform allowed them to incorporate detection and response activities spanning email, identity and the broader IT network.

"The reason why we were able to do all of those things was because of the comfort and the confidence we had in the efficacy of the Falcon platform over the years," Cross said.

Stronger Security, Lower Costs with Falcon Complete Next-Gen MDR and Falcon Next-Gen SIEM

As a result of adopting Falcon Complete Next-Gen MDR, Cross said BLG saw a 40% drop in operational expenses related to managing their security infrastructure.

BLG was able to use a portion of this cost savings to reinvest in cybersecurity controls that could enable its legal professionals to work more effectively and efficiently. "It's a win-win for the firm," Cross said. "They reduce costs, we increase our operational efficiency, and of course, improve the overall cybersecurity posture for the firm as well."

An added benefit for BLG is the combination of Falcon Complete Next-Gen MDR with Falcon Next-Gen SIEM, which allows it to integrate and correlate all of its data into the SIEM. "The ability for us to put all of our logs into CrowdStrike's Next-Gen SIEM and then keep that log for one year has always been something that's pivotal to the move to CrowdStrike," he added.

"The cool thing about Falcon Next-Gen SIEM is that we can integrate all of those logs into the [Falcon] platform and we can do the correlation," said Cross. "We can look and understand what's going on in our environment."

Identity Threat Protection Proactively Improves Security Posture

BLG was facing identity attacks, with compromised passwords being a risk - so the team addressed the threats with proactive protection from CrowdStrike Falcon® Identity Threat Protection. Cross explained this solution has had the most impact on his team among any single component associated with Falcon Complete because it allows them to be proactive and focus on areas where improvements are needed. He relies on Falcon Identity Threat Protection's risk score that sends red, yellow or green alerts to identify areas that pose the greatest risk.

A specific example Cross cited for how Falcon Identity Threat Protection has benefitted BLG is the compromised password feature. He noted that some employees will use the same username and password on external websites, including social media platforms that sometimes become compromised. Falcon Identity Threat Protection will send an alert indicating such a password is being used in BLG's network.

Cross said employees using a compromised password will be required to use a different password the next time a password update is scheduled. Additionally, he said Falcon Identity Threat Protection has helped his team identify passwords associated with privileged accounts that have been inactive for a dozen years or more, with some of them being found on the dark web.

Cross emphasized that all Falcon Complete users have access to Falcon Identity Threat Protection and should be using it to improve their cybersecurity posture.

Leaning into the CrowdStrike Partner Ecosystem

With the confidence of its successful Falcon Complete Next-Gen MDR deployment, BLG began asking its other vendors if they integrate with CrowdStrike. "If you don't, good luck selling us anything because we can have confidence that CrowdStrike is the way we are going," Cross said.

When considering new vendors, Cross goes to the CrowdStrike website to see which can be integrated and whether to consider discussions with them. One example is Netskope, which he noted is a CrowdStrike premier partner with a strong integration into the Falcon platform. It's important to BLG that vendors are ready to support them and understand their needs. Cross says CrowdStrike and Netskope have that similarity.

Looking Toward an AI-Powered Future

Cross is focused on the future and believes that GenAI will be critical in accelerating security operations and making his team more productive. He believes it will include CrowdStrike® Charlotte AI™, CrowdStrike's conversational AI assistant, which can compress 8 hours of work into minutes. "We are looking at Charlotte AI and we feel that in the next six months or a year when we have everything together, we are just right where we want to be. And that's important for a small team. We don't have the time or energy to go search into millions of logs. So having AI layered on top of CrowdStrike's SIEM product is where we want to be," Cross said.

This forward-looking approach is consistent with BLG's reputation as an innovative law firm and Cross' efforts to develop an innovative security team. He knows his partners are important for enabling his small team's innovations. "We want vendors that can push us forward for five years, vendors that we can grow with. We need someone who we can call and who understands our culture, someone who can grow with us over the years, and CrowdStrike has certainly done that with us since we deployed it in 2018."

Public link

Please use the above public link if you want to share this noodl on another website.