Is This the Hour of the Wolf?

Arctic Wolf Networks was painting a bleak picture. And they didn’t have to look very hard for ammunition. Law firms have been under attack. You don’t have to look farther than the headlines. There was the Panama Papers hack. DLA Piper had its computers frozen for days. Cravath and Weil Gotshal also suffered data breaches.

More recently, a group of hackers called Maze have hit firms of various sizes with ransomware attacks. To make matters worse, after freezing the firms’ computers, the hackers threaten to release client data if the lawyers don’t pay up. An American Bar Association survey found that more than a quarter of the firms surveyed had experienced a security incident last year.

Arctic Wolf, a managed security service provider (MSSP), was briefing TAG Cyber analysts and suggesting that firms that try to tackle this themselves are in over their heads. They don’t have the staffing to manage this themselves. It would take eight to 12 fulltime security analysts to monitor security 24/7 for a midsize enterprise.

What was the solution? Todd Thiemann, Arctic Wolf’s director of product marketing (who was sitting in Sunnyvale, California) and Dan Deeth, head of communications (based in Waterloo, Canada) said that it’s a Security Operations Center (SOC).

But how can a law firm afford to build, much less staff, one of those?

Good question. Arctic seems to be betting that many of them can’t, or won’t. And that’s why it offers SOC-as-a-service. Thiemann and Deeth had detailed slides that explained how it works.

Firms are monitored at all times. Two Arctic employees are assigned to each firm, and they join together to monitor the customer environment and work with clients. Not only are logs monitored, customers can review the telemetry themselves. And the SOC services can work seamlessly with whatever security technology stack the client uses.

Most important, firms can rest easy knowing that their own clients’ data is protected and their costs are predictable (as opposed to the potential costs of breaches and attacks). One key factor for law firms is that services like Arctic Wolf’s enable them to more easily answer vendor risk management questionnaires.

How Much Will That Cost?

Speaking of costs, we asked Thiemann and Deeth if they would provide the range of fees they charge for these services. They didn’t have these in their slide deck, but they promptly sent us another presentation with the answers.

The costs were calculated for three years, based on the business size. For small shops (500 end users), the Arctic Wolf Managed Detection and Response range was from $279,000-346,000. For medium (1,000 end users), it ran from $502,000-$551,000. For large (3,000 end users), it cost $1,304,000-$1,563,000.

For comparison’s sake, Arctic Wolf ran the costs of building and staffing a SOC yourself versus outsourcing the service. A three-year comparison showed that doing it yourself for a small firm was almost nine times as expensive as outsourcing; for a medium firm, it was more than seven times as expensive; and for a large firm, it was almost four times as costly.

All told, it seemed like a pretty persuasive presentation. Except that the clients they were discussing were law firms.

Lawyers are often uncomfortable with technology. The ABA actually had to adopt a rule a few years ago to tell lawyers they have a professional and ethical responsibility to get up to speed on technology, if only to protect the interests of their clients. Trained in a field that is built on precedent, lawyers are often uncomfortable when forced to change old practices.

On top of that, partners at a firm can be a cantankerous group of joint owners. Getting them to agree on a new venture often proves difficult—especially when it involves a large outlay of money.

We wondered whether Arctic Wolf had studied these issues before diving into this particular market. We also wondered whether they had prepared for the possibility that a client that suffers a painful breach, despite the equipment and expenses, might decide to sue.

When we asked Thiemann and Deeth that last question, they had indeed considered the prospect. Thiemann pointed out that Arctic Wolf’s terms of service minimize any legal exposure (and it certainly reads as though it was prepared by teams of lawyers, and vetted by dozens more). And none of the firms they’ve worked with, he added, has yet decided to sue.

As for the other challenges the company faces in its bid to sign up law firms, we note that in its slide deck were statistics from last year’s ILTA survey on technology. In head-to-head competition with other MSSPs, Arctic Wolf was doing well in the two categories of firms ranging from 50 to 350 lawyers, though it had struck out with the largest firms.

Ultimately, time may be on this company’s side. Technology invariably grows familiar as it’s widely adopted. If the risks of cyberattack continue to be scary and unpredictable—and sometimes ruinous—another well-known quality of lawyers may hold sway. Lawyers are known to be risk-averse.