iManage customers discuss "Marrying Threat analytics with usage analytics"

James Ainsworth
Creative Content Strategist, iManage
17 September 2021

iManage Threat Manager helps organizations protect sensitive information from internal and external threat vectors and prevent data loss. Using innovative technologies that include adaptive behavior modeling and machine learning, the application continuously monitors and secures critical knowledge work, sending alerts as appropriate.

Aaron Rangel, Director of Product Management at iManage, recently explored with a panel of our customers how their firms use Threat Manager to protect valuable knowledge assets and client information and the value and peace of mind it delivers. The discussions reveal how to bring about organizational and process alignment and the best routes to user adoption and best-practice training opportunities to help guard against non-filers and poor document hygiene.

Aaron Rangel chaired the discussion with Ken Jones. Chief Technologist at Tanenbaum Keale LLP, C. Paul Courtney Firmwide Manager of Records and Information Governance at Baker Botts LLP, and Esther Wilson. Application Analyst at Steptoe & Johnson LLP. To hear their experiences and lessons learned first-hand, you can view the entire session in the video or scroll down and continue reading to learn from those that protect their institutional knowledge every day.

How do you use iManage Threat Manager?

Aaron Rangel

Would you please tell us about how you use the product today and the benefits it has delivered for your firms?

Esther Wilson

We use it typically for compliance and risk of document usage. Our primary usage will be risk-based and determine if there's anything anomalous happening on our system. That could be someone departing and attempting to take content with them, or possibly just risky behavior, like exporting documents and sending them via email when there are better methods to transmit that information.

As far as the compliance piece, as we've gotten into the product and gone through the whole COVID era, which, of course, really upped the usage of iManage with the whole "work from home" scene coming upon many other firms and us. It helped us determine how much that use increased, and it also helped determine the workload for some types of employees or groups of employees. So, as an example, I might request an office manager to provide a report of all activity from all the legal assistants in that particular office, trying to determine if there's any room for someone to take on additional duties. And that's primarily our usage with Threat Manager at this point.

C Paul Courtney

We use Threat Manager in two buckets. One is the risk assessment bucket, and the other is compliance.

For risk assessment, Threat Manager allows us to address potential data loss or leakage quickly. The compliance side of Threat Manager allows us to see a detailed view of how our internal customers are using our document management system, iManage [Work].

Before Threat Manager, we didn't have any empirical data on ways to take action if there was a threat. But since [we implemented] Threat Manager, we've been able to quickly address numerous occasions — both of which are not really events, just probably poor training in some cases, but just knowing that you have that opportunity is worth it.

Ken Jones

At its core, Threat Manager is a Data Loss Prevention product. It's of great comfort to know that if an employee has some anomalous behavior or some excessive usage, that is brought to the attention of management for appropriate action.

Additionally, knowing that you have statistics and logging in a reporting framework is of great use and tremendous value.

Process and organizational alignment using iManage Threat Manager

Aaron Rangel

Which functional area within your organization is responsible for the product, and please talk about the investigative process.

C Paul Courtney

At Baker Bots, Records and Information Governance are responsible for the management of Threat Manager. When we receive alerts, I have a great team of Regional Records Managers who immediately take action and contact the user who may have triggered that alert to get additional detail around why that alert was triggered. And in 99.9% of the cases, that alert comes from something where maybe the user didn't use a best practice, which provides us with an opportunity to train. In Records and Information Governance, one of the things we're constantly doing is training the user. And this is just one additional opportunity for us to do that.

Ken Jones

One of the other areas where we use the product that we think's a different use case and very useful to us is we have created monthly reports, that go out to the partner in charge of a client, that list the usage by employee and workgroup for a particular client. I found that to be interesting to see which partners, associates, and legal professionals are working with documents, how they're working with documents, who is editing them, who is emailing them, who is doing this, who is doing that. It's very enlightening and insightful as to what the work processes are in the firm. And the information in these reports helps us streamline our functions and make our legal operations more productive for our clients. So again, Threat Manager, both the alerts and the empirical data collected in the reporting platform, are very valuable to Tanenbaum Keale and our clients.

User compliance and adoption of iManage as the DMS

Aaron Rangel

Would you please talk about how your organizations view compliance with the DMS? Is it mandatory or opt-in? How do you identify non-filers, and how do they encourage people to adopt the software?

Esther Wilson

Within Steptoe and Johnson, certainly, iManage is the preferred location for all documents. With that [said], we recognize there are some types of practices like litigation where they are going to have large volumes of large files, such as medical records and transcripts and things of that nature, that it's simply not practical to keep that content in iManage.

C Paul Courtney

We view the DMS as both mandatory and optional. And that might take a bit of clarification. So let me explain. I think the industry has evolved from a document management system to more of a document management ecosystem. So, in other words, iManage, Microsoft Teams, SharePoint, Common Share, Fileshare are all legitimate places for data repositories.

However, while you are able to use any one of those locations, the official client file is always going to be in iManage. So as much as you would like to use Microsoft Teams or Common Share, eventually, that data will make its way into iManage, because that is the official client file. So as such, we are both mandatory and optional in that way.

Ken Jones

We strongly encourage compliance; we do not mandate it in all instances.

Esther Wilson 

As far as identifying non-filers, that is typically something that is done upon request. It's not something that we actively pursue at this point. I think that that was a change for us, but we hit the COVID work-from-home era here earlier in 2020. At that point, it became pretty much necessary for everyone to use iManage, to be able to work in that work-from-home environment. Certainly, we saw an uptick at that point in activity on Threat Manager and a lot of alerts that came out of that because there was some drastic change in behavior because of that sudden adoption by folks that may not have used iManage [previously].

C Paul Courtney 

How do we identify non-filers? For example, we have monitoring rules set up. There's one in particular that I have set up for partner email filings. And that report, which I receive once a week, lets me know which partners have filed emails in that week or have not filed emails in that week. And that provides yet another opportunity for the Records and Information Governance team to address the user or the internal customer and share with them some best practices, maybe do a little training along the way.

Because again, in Records and Information Governance, that is an underlying theme for us. We're always training, always trying to improve by sharing best practices, etc. And over time, as you have those opportunities to train and share best practices. I believe that will encourage the adoption of the document management system, in our case, iManage.

Esther Wilson 

As far as compliance with the DMS, we encourage that, at this point, we don't enforce that. I think our objective is to make more of the productivity gains for the user. As far as using iManage, keeping all your documents in one place just makes things flow better; it helps with their process, helps with their workflow, and helps when they quickly need to file something. So we've taken more of the approach that, "here are the advantages to utilizing iManage and making that your primary storage location," rather than mandating that.

As far as encouraging adoption, we offer robust training on a monthly basis, little 30-minute segments on how to best get the most out of the product: learn about things that you're not currently using, identify ways that it could make your job easier, and streamline the processes that you deal with each and every day.

Ken Jones

One of the goals is to help employees understand how, by filing work, essentially, it makes their life easier, it makes their job easier. That's really a winning strategy. And so, for example, having the opportunity to do cross-client searches or functional searches on content is one way that we've seen employees use iManage as a true benefit.

Download the datasheet

Read more about how your organization can reduce risk and save operational costs with iManage Threat Manager.

Resources and training for effective Threat Manager deployment

Aaron Rangel

A vital ingredient to any successful product is having the right resources, staffing and training; if each of the panelists could talk about staffing requirements, training.

Esther Wilson

So with staffing requirements here, we have basically one person, and that's me, I typically do most of the daily care and upkeep of Threat Manager. I would imagine that could be somewhat different in you may have on-prem environments, but in the environment we are – with everything cloud based –  that works out fairly well.

We do have others, of course, who have access to Threat Manager — both to do their own investigations as needed within the IT department, and then also as a backup.

Training was fairly simple for this product. I found it really intuitive as far as going through the different features that are available. It's not over-complicated. Outliers would be the one thing that was a little interesting to get your arms around the capabilities of that, which is my go-to for finding data in an ad hoc type format.

C Paul Courtney

It doesn't take an army. At my firm, we have five people who really manage the Threat Manager software. And the reason for that is that all of the analytics, alerts and reports come from the software itself. So you just need someone to be able to receive and review those reports and alerts and then take action on them when needed.

Ken Jones 

So to frame from a staffing and training perspective, I wholeheartedly agree that once the product is set up and configured, that the requirements are minimal, it works well. It's automated, generates alerts, and it's very, very helpful.

The speed to value with Threat Manager

Aaron Rangel

How long did it take for you to see value?

Esther Wilson 

I would say two to three months in, we started to get value. By the time we hit the nine-month point, I would say it had become quite valuable as far as becoming that reporting repository for activity. And then we use that across many things other than just compliance and anomalies. There is a lot of use for being able to look at activity within a specific matter or activity by a specific user within a specific date range.

C Paul Courtney 

In my opinion, it doesn't take very long to see the value. We were able to add three years of data, so we were able to get some good information pretty quickly. So I don't think that will be an issue if you're worried about how long it takes to see the value.

The one thing I will caution you on, though is, if you're not a statistician, which I am not, you might want to get a little bit of assistance in setting up your monitoring rules and so forth. iManage really helped us with that. But if that is your forte, you should be just fine. You'll have no issues.

Aaron Rangel 

Thanks, Paul. And we are continuing to invest in making the product easier to use and share more training.

Has the frontline experience of customers piqued your interest? Discover how to achieve peace of mind through advanced threat detection, mitigation, and compliance monitoring with iManage Threat Manager.

Technology Adoption Best Practice

Get this free practical guide from the research and consulting firm The Content Advisory that outlines 7 steps on how organizations can successfully realize the benefits of new technology with user adoption.