Briefly Speaking: Information Security Essentials and the Benefits of Entity Management

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo. To set up a live demo or to request more information, please complete the form to the right. Or if you are currently not on CSC Global, there is a link to the website in the description of this video. Thank you.

Caitlin: Hello, everyone, and welcome to today's webinar, "Briefly Speaking: Cyber Risk for Law Firms." My name is Caitlin Alaburda, and I will be your moderator.

Joining us today are Mark Flegg, Mark Eggleston, and Helena Ledic. Mark Flegg is the Global Product Director of Security Services at CSC. He is responsible for advising a global client base on digital risk and the preventative measures brands can take to safeguard their digital assets. Mark Eggleston is the Chief Information Security Officer for CSC, responsible for the continual maturation of CSC's global security and privacy program design and operations. Helena is the associate general counsel for CSC in the Chicago office.

And with that, let's welcome Helena, Mark, and Mark Flegg.

Helena: Thank you, Caitlin, and first a little bit about CSC before we get started. We like to say that we're the business behind business. CSC provides knowledge-based solutions to our clients throughout the world. We provide solutions for every phase of the business life cycle. We help form entities, maintain compliance, and support M&A and other corporate transactions. We help effectively manage, promote, and secure our clients' valuable brand assets against threats of the online world. We work with more than 10,000 law firms, 180,000 corporate customers, 3,000 financial market customers, and 90% of the Fortune 500.

Today's Briefly Speaking webinar is on cyber risks for law firms. And today's agenda is we'll be discussing understanding those cyber risks and threats and how they can impact your law firm, what digital asset security is and how it can help mitigate cyber attacks, and which domain security and risk prevention measures are necessary. So we'll have both Mark Eggleston and Mark Flegg walking us through this today.

And now we're going to get started off with Mark Flegg taking us through understanding cyber risks and threats and how they can impact your law firms.

Mark Flegg: Thanks again, Helena. So the first thing that I want to show everybody today is the phishing and fraud increase that the Anti-Phishing Working Group have published, and that's increased by more than 500% over the last three, four years or so. And the majority of this can be put down predominantly to COVID, the pandemic. A lot of the cyber criminals out there that are performing these activities, they're smart people. They will play on anything that is happening to try and engineer a way to getting your credentials or whatever else that it is that they are after. And it's not just COVID. There are wars around the world that they play on, supply chain problems, inflation, all of these things. They're watching the behavior of users.

It's fair to say that during the pandemic we all did a lot more online shopping. So they will perform phishing scams against those organizations to try and get your credit card information or your credentials to log in to their systems. And this is something that we track very closely at CSC. We want to make sure that our customers are aware of what's going on for their particular brand.

So how does cyber risk affect law firms? I think first and foremost we can't forget that cyber risk affects every single company out there. But specifically for yourselves, the American Bar Association recently conducted a survey, and this survey basically looks at organizations' security threats and what safeguards the reporting attorneys and the law firms are using to protect themselves. And significantly, as the statistic shows there, 25% of the respondents overall reported that they had experienced a data breach at some time.

Again, if you think about our poll question earlier, it's not unusual these days. It's a pretty common occurrence. And today we want to help you understand what are some of the things that you can do to prevent that happening to you and your clients.

So you might wonder, from a law firm perspective, how it affects you, why is it affecting you, why are they being targeted. And if you think about what you all do, it's very important work and you have access to very sensitive data, whether it's mergers, acquisitions, litigation, legal services. Whatever it is that you're doing for your clients, it's data, and data is the new gold. This is what everybody is trying to get a hold of. It's what all of the companies, social media, ad agencies, they're all after data to build profiles so they can understand consumers' behavior, all the rest of it.

And of course, from a cyber criminal perspective, there is that financial gain as well. And sometimes it's not just cyber criminals. It could also be hacktivists, so the Anonymous group, the Lizard Squad, etc. It could be state-sponsored as we've seen of late with the war on Ukraine.

All of these organizations, if you like, are trying to get data, get intelligence so that they can benefit, and law firms are a very, very lucrative target these days. And if you become breached, that can have a very, very big impact not just on your brand reputation but on your clients' reputation as well.

So at CSC, we have a concept, if you like, called digital assets, and this is essentially your digital footprint online. It's your intellectual property amongst other things.

So you can see on the illustration here your digital assets comprise of many things — your domain names, your DNS, your digital certificates, your email. And 15 years ago we didn't have mobile apps and we didn't have social media handles per se, certainly not used well in business. Today we do, and this is expanding. There'll be other things coming on here in the future no doubt that we have to protect. And these are the things that are often overlooked by organizations.

If you think about your entire online presence, whether it's yours or your clients, everything relies on the domain name and the DNS and the management of it. And if you mismanage those assets, then your online reputation can be tarnished, people can't find you, and they get a bad perception of you, and many other things that we won't go into today, but things like your email stops, your website is down, those kind of things.

So we've just talked about digital assets, and they are part of what we call your digital identity. And your digital brand, if you like, is actualized through those digital assets, i.e., your online brand can't exist without the website, your apps, your email. It's the base of continual presence.

Digital assets also help promote and expand the brand, so it increases the scope and the method of which the brand and presence can interact with customers. And your intellectual property, your IP helps protect the digital assets.

So, for example, if somebody registers a domain name containing your brand, there are mechanisms that you can seize that domain name. The most common is what we call UDRP, uniform dispute resolution policy, this is under ICANN sanctioned TLDs, that allow you to have your case heard, and then you can get the domain name back. Or you can take down an infringing app. And all of these things require trademarks. So on the other hand digital assets reinforce your IP rights. You're using that mark. It's proving that you're doing something with it.

And if you look at the diagram here, you've got your digital identity, so you want to represent, you want to reserve right, you want to actualize, you want to promote, protect obviously at the bottom, and reinforce, so making sure that this comes full circle. If somebody does infringe on you, then there are mechanisms you can do to get that back, which further strengthens your trademark rights.

Another important thing that you should consider is brand monitoring. Now why is that important? The internet is evolving. It's a living, breathing thing. It's constantly growing, and the environment changes very, very quickly. Infringing online content can damage your brand. A valuable brand should be a protected brand in our eyes. And poorly protected brands can make the news for the wrong reasons. I know there's a saying there's no such thing as bad publicity. I disagree because it does make people think twice about where they're going to enter their personal information. It certainly makes them think twice where they're going to enter their credit card information if they've heard stories, and that could impact your clients here.

And in this digital age, opinion travels further and faster than ever before.. Reviews, comments, blogs, everybody has a voice on the internet, and it doesn't take too much to give you that brand damage on your reputation. So it's super important to understand what's going on out there, how are people evaluating you, what are the cyber criminals doing against your brand that you would not want them to be doing.

That concludes this section. I will now pass it back to Helena.

Helena: And thanks for that reminder, Mark, that there can be such a thing such as bad publicity. For our next section of the presentation, Mark Eggleston is going to walk us through understanding cyber risks and threats and how they can impact your law firm.

Mark Eggleston: Thanks so much, Helena. So it's really important when you're talking about securing your business, wherever that is, because in today's world so many of us are still continuing to work from home. So how do you get some things secured?

First off, we have to acknowledge that we get three resources in cybersecurity. You get people, you get process, and of course technology. And it's important to really start with the people stuff first.

So let's start with executive support and education, making sure that you have top-down support, that you are reporting up in an organization where you can get the budget to do the things is very, very helpful. Making sure that you're also talking in business language, not technology really, really helps secure a cybersecurity program.

Other things to do is role-based access control, or RBAC as we say in the profession, making sure that people only have access to the things they need to do their job and nothing more. This is so important too as it comes to ransomware because ransomware exploits this tremendously. If a ransomware can hop over to an unsecured folder, an unsecured application under that user who clicked on the malicious link, it's just going to continue to spread. So this is a simple thing that doesn't always require a bunch of technology to fix either. Making sure that you do an annual review of someone's rights in a system can be very, very helpful.

Threat intelligence and monitoring, another very, very helpful piece to come in there. When you're looking at all the different threats in the world, you want to make sure that you have some appliances and some technology that helps you distill what is bad out there and how that's really impacting not only your brand but your internal networks.

Secure home network. Two things are really important there. Making sure that you have secure Wi-Fi for your folks at home, making sure they're using secure Wi-Fi, and of course a VPN client that leverages that. Both of those things will make sure they have robust security while they're doing their business.

A secure email gateway. As I mentioned at the beginning of the presentation, this is one of those things that only or less than half of a lot of law firms are employing now. A secure email gateway is one of the most important technologies to use because email continues to be one of the most pervasive threats or the biggest used attack vector that the cyber criminals use. So putting something in place that helps filter out business email compromise, helps filter out some of the phishing attacks, etc. can be very, very helpful to help position your firm above others in security.

Secure web gateways, or SWGs as we call them, those are pieces of technology that make sure that your users, your workforce aren't going out to malicious sites or naughty sites. But they certainly have come a long way in the last several years that they've been in existence by really making sure that they're looking for certain behavioral type things, not just signature-based detections.

And, of course, endpoint detection and response (EDR), this is helping making sure that your endpoint is continually patched, making sure there's nothing suspicious going on that endpoint, and if there is, you have some immediate response. And a lot of this works very well with a third party, a managed detection and response vendor.

Last, but certainly not least, let's make sure that we have MFA in place. MFA kills password breaches in its tracks. It's one of the most single, most powerful technologies to make sure that when your employees get phished, and eventually they will in some form or way, some form or fashion, this makes sure that they can't get in with just that breached password because there's another layer of security, something they have, something else that they have on their possession, a biometric, really helps secure networks. And, of course, going past the firewall, we're going to be talking a lot more about some of the threats out there as we get into some of the other internet threats that are out there.

All right. So as we're getting past that firewall and you're looking to protect your internal networks, so many bad things can get out there on the website, and you see your cyber criminal poised to take advantage of those entryways across the internet. So some of the external dependencies that you're looking at, folks can come across on websites. Malicious hackers can come across on mobile apps. Social media of course. Social media is not necessarily evil in and of itself, but social media is something that's so used by so many individuals and can be used for pre-texting, in other words finding out a lot about somebody so that you can start to build some level of trust by exploiting what they're posting out on social media, common interests, what their job is, common connections. It all helps be abused unfortunately in some cases.

Cloud-based authentication, email, VPN, and voice over IP or internet protocol, those are all other technologies that can be used because now you have things like phishing or voice phishing. So folks can use those voice over IP networks to make ways or make inroads into your workforce.

Mark, can you tell us a little bit more about some of the third-party vendors and suppliers and what some of the threats are around those areas?

Mark Flegg: Yeah, I can, Mark. Thank you. Yeah, and what we're seeing is, gosh, it's probably what 10, 12 years ago the attacks on Wall Street, the cyber attacks. Since then, business has done a very good job at beefing up the firewall, and it makes it increasingly difficult for cyber criminals to breach. So they are turning their attention, they're turning it to the whole supply chain, if you like, of how you're enabled online.

And you're going to outsource it to a domain registrar, a DNS provider, a website hosting company more often than not. And there is a trend now that rather than storing the website's physical location with a company-owned data center, they're using cloud providers, so your Amazons, your Azures, Akamai, Cloudflare, etc.

And cybercriminals know this, and they're turning their attention. If I want to get data or your users' credentials, it's very difficult for me to break that firewall down and get through. Instead I can go to the domain registrar, and as I said earlier on the on the webinar, the domain name and the DNS are kind of the foundation of your online presence. If I were able to hijack your domain or your DNS, I essentially route everybody to my server instead, where I can set up a spoof site. I can harvest credentials, credit card numbers, whatever it might be that your website collects or your customer's website collects, and I don't need to breach that firewall. I get all of the data that I want.

And it's super important that those third-party vendors and suppliers that you're contracting with that you do a proper security questionnaire. Make sure that they're upholding to the same standards that you stand by for your own organization.

Mark Eggleston: Thanks, Mark. Great call-outs. Great call-outs. Thanks so much, Mark.

Okay. So let's continue to talk about some of the recommendations, some of the controls, whether it's administrative, technical, or other controls to put in place to help secure your law firm.

One of the things we like to do is always put down endpoint agents, and a lot of this stuff can be free or included in some of your current subscriptions. So endpoint agents, they used to start off with antivirus. Now they have advanced persistent threat technologies. Basically, when you go and look at endpoint agents, you're looking for something I referred to earlier, called EDR, endpoint detection and response. Or if you're a smaller shop, you get something with MDR, managed detection and response. These are folks that can help you deploy agents to your laptops and making sure they're on the current versions of software patched and looking for anything suspicious at that endpoint because that's sometimes where the cyber criminals can come in.

Also end-user education, this has come a long way in the last 10 years in cybersecurity. We used to all have to take those dreaded annual learning management system courses, but now there's many vendors out there that are actually giving very engaging, very humorous, and most importantly very succinct trainings and they can really, really help you and give you what's called just-in- time training.

And, of course, so many people are starting to roll out now the anti-phishing button, which allows you to easily report a phishing incident that comes into your email just using your email client. That's so super important these days because it allows cybersecurity professionals at your firm or your managed services vendors, as the case may be, to go out and then stop that phish, stop that malicious email from reaching other people. So always make sure that you use those buttons and report things to your security staff.

Threat intelligence feeds, these are really, really helpful as well because you can put in certain keywords, certain contextual strings of information that then you have commercially available solutions that go out there and look for your brand. They go out there and look for mentions of your brand and your intellectual property on the dark net. But then they can stay proactive to let you know when these things might be coming out there so that you can take decisive and defensive actions.

Secure email gateways, again just so important to detecting impersonation attacks. This is one of the ones that you hear so much about. Most places I've worked have experienced some level of this type of attack, where someone says, "Hey, we've changed our payment provider. We need you to now wire funds to this new account." So important to making sure that your financial staff fully understand that they shouldn't be changing those wire things over any email. It should be a face-to-face or some type of a Zoom or video call to make sure that you can see that person and confirm the legitimacy of that new account.

And, of course, the other business email attacks of folks trying to be somebody else and trying to exfiltrate either data or other funds with gift cards and things of that nature. The cyber criminals out there know no lows and will certainly continue to take advantage of horrific things that happen in the news and headlines to pull at our heart strings to try and get us to fall for the phish. Making sure that, again back to number two, that folks have great user education and know how to report things immediately and incredibly easily will go a long, long way.

Last, but certainly not least, is access reviews and authorization protocols. Access reviews, Excel can be your best friend here. Simply doing an export who has access to what in any given system or any given folder and then giving it to the appropriate manager to review annually, maybe every six months if you want to be more bleeding edge, but doing that helps make sure that you're only giving the right information to the right individuals at the right time. Minimum necessary can go a long way. A lot of times you don't have to invest in very, very expensive technical solutions. Doing some hygiene steps along the way will reap you very large rewards if you continue to stay consistent at it.

So we're going to talk a little bit more right now about digital threats and some of these categories that you should really be paying attention to. Mark, you want to help kick us off on this one?

Mark Flegg: Absolutely. Thanks, Mark. So yeah, I won't go into too much detail on all of them because there are a lot of threats, but it might help with understanding some of the terminology that's used here.

So DNS hijacking, this is where somebody can breach your DNS provider and basically repoint the records to their site. DNS, for those that don't know, it's the modern day Yellowbook. It's how we're found on the internet, whether it's a website or how to send an email, how to get it to the right server. It could have your VPN on there that we're all using today. So how we find that to authenticate, etc. So if I can hijack your DNS, I can basically do whatever I want, and that's a really bad thing.

DNS cache poisoning, because there's lots of records, lots of Yellowbooks out there on DNS, lots of companies take copies. Your internet service provider, your ISP, for example, whether you're with Comcast or DISH Network or somebody like that, they will keep their own copies for the most queried domain names. So, for example, google.com has a specific IP address that's cached. It's stored with your ISP. Again, if I can break into that ISP and just change that IP address from whatever it is, 1.2.3.4 to mine, which is 4.5.6.7, then I intercept that traffic. So there's a threat there, and DNSSEC will prevent that for you.

Expired digital certificates, believe it or not, this is a huge problem for business. The certificates that we put on our website to encrypt the data, which means you see the padlock in the browser, they're not managed very well by business today, and there's plenty of examples in the press where an expired certificate has caused havoc. There's many companies, really big companies that you would expect not to fail at this, that consistently do. So getting a proper handle on your digital certificates, the management, the life cycle, and renewing them in a good time is something that's a big threat.

And then you've got your expired or abandoned domain names. So when we look at this from a legal perspective, a lot of customers, end users, they want to save money, they will allow domain names to lapse. But then somebody else re-registers it and picks it up. And whilst there are processes and protocols that you can do to get that domain name back, there's a cost involved, and that ROI is normally a lot less for reclaiming a domain than it is for just renewing it in the first place. And just like your SSL certificates, your digital certificates, making sure your domains don't expire. Again, if it expires and it gets dropped by the registry, somebody else is free to pick it up. We don't really own a domain name. We lease them.

Distributed denial of service attacks, or DDoS as it's known, this is where somebody will flood your server with a lot of data, a lot of requests. And an easy way to think about this, it's a lovely summer's afternoon in Manhattan, and if I were to drop five million cars in there, how quickly are you going to get to the beach? And the answer is not very. It's going to gridlock. Nothing can get in, nothing can go out. It's exactly how a server works. If you flood it with so many requests, it simply can't handle it, and it basically crashes. It just can't process it. And that's what a lot of cyber threats are these days where people will do a DDoS attack.

Domain infringements, we talked a little bit about that earlier, and we will a little bit further on the presentation today. We've got people that will register your domain with your brand name and a registry domain name with your brand name in it. There are counterfeits, misspelled domains. So again, the cyber criminals are looking at what the different typo versions of your name are and registering the domains as necessary.

And then you've got your IP infringement, things that will dilute your brand. It will damage your profits, and it will damage your reputation.

Mark, do you want to cover the last three there for us?

Mark Eggleston: Yeah, those are great. And speaking of IP infringement, insider risk or insider threat is one of the ones that's really starting to pop up in a lot of my circles, and the reason being is the Verizon Data Breach Report and other annual studies of where the genesis of a lot of threats and risks are show that insider threat is one of those ones that it doesn't happen a ton of time, but when it does, they're one of the most successful attacks. And go figure. If you have an insider, they'll probably come with them a certain level of trust. They probably have a certain level of much more access than anyone outside, a cyber criminal outside your four walls would have.

So there's been some promising technology, things such as UEBA or entity user behavior analysis. Other long-standing technologies continue to get better and better, such as DLP, data loss or data leakage prevention. So it's really, really important to making sure that you're continuing to monitor and have traditional or some hopefully more creative ways of looking at what people are accessing and what they're doing with that.

Certain technologies I've used in the past can tell you how much data a person typically uses in their job. And then when you start to see a point where they're starting to slurp much more data than they have on the average, it's typically an indication that they may be getting ready to put in their resignation. That's right. They're taking a lot of their data before they give their resignation out the door. So having technologies in place that can detect and alert on those type of things can be very, very helpful, in addition to things we should all be doing already, such as thorough background checks and recurring background checks.

Phishing, I know we've talked about it a lot already, but we're going to talk about it just a few more seconds. So, so important to make sure that folks know how to detect things. It's going back to the education. Despite our best intentions and so many different vendors putting a lot of different things here to help detect phishing, the bad guys, the cyber criminals, it's a cat and mouse game. So making sure that your folks know how to spot those things, beyond some of the grammar checks, the domain typos type squatting type things that Mark Flegg was speaking about. Your end users can be that human firewall to really, really help you with that. So making sure that you're surely educating your workforce on those type of things can be very, very helpful.

And last, but certainly not least, email fraud. That continues to be something that we're seeing more and more. And I'll also talk just for a second here about something like third-party, even fourth-party risk. So I have seen in certain cases where one of your suppliers gets hacked, and then they go ahead and send you an invoice. It's a trusted supplier. It is an actual email from that supplier. But what you're not seeing is that their email system got hacked, and then they're going ahead and impostering to be that person at the other email. So you have to be really careful. Just because it is a legitimate email from a legitimate vendor, you still have to really, really scrutinize that email to make sure that it's not an atypical request.

So things to look for, again, would be some type of grammar, some sense of urgency, and of course any type of payment transfer change, asking you to send it to some place that you have not sent prior are all good indicators to stop, pause, and hit that anti-phishing button or make sure that you let your cybersecurity staff know that it's out there.

So I hope you've learned a lot about a lot of these digital threats. Helena, back to you.

Helena: Thank you to both Mark and Mark for walking us through all those different situations where we could be exposed and learning a little bit more about those. Now what Mark Flegg is going to do is he's going to walk us through digital security and how it can help mitigate cyber attacks.

Mark Flegg: Thanks again, Helena. So I'll introduce you all, if you haven't heard of it, of a defense in depth approach. And quite simply it's just additional layers of security that you can put on to your digital assets so that if one layer becomes compromised, you've got subsequent layers. It's the reason that we have a lock on the door and we might have a bolt, etc., etc. We want to protect our assets.

And for me this kind of starts on the outside, if you like, with making sure that you have enterprise class providers. So if you recall the firewall slide, where the cyber criminal is turning more to your supply chain, your vendors and suppliers, making sure that those vendors and suppliers have a good knowledge of security, that they have good standards, good process, that their staff are trained correctly is fundamental in my eyes. If you don't start with that, then all bets are off in terms of how that organization is going to perform for you.

Then some of the things that Mark was speaking to, the secure portal access, so things like IP validation, two-factor authentication or multi-factor authentication, and also an increasingly popular now method called federated identity. This is where two systems can hook up together to authenticate your users that you have on your network. If somebody leaves your organization, you don't have to worry about, "Oh, who are they signed up for with third parties that we need to notify they have left?" It becomes automatic that they will be removed access when it's removed on your own side.

And then again, as Mark mentioned, controlling those user permissions. In the domain name world, there are many things that you can do to the domain, to the DNS, to your certificates, but there are kind of what we call elevated permission, where somebody has the right to lapse a domain or modify a domain. You really want to be reviewing those on a frequent basis to make sure that somebody doesn't have access to things they shouldn't.

And then finally, at the core, this is where we get into the advanced security features, some more kind of layers of protection. We can talk about your business critical domain names and your clients' business critical domain names. Things like MultiLock, which basically stops any unauthorized changes to that domain name. DNSSEC, that's the solution to the cache poisoning that an ISP might have. Making sure you've got your certificates in order. That's your HTTPS, the secure part of it. DMARC, which is what you would use to stop email spoofing for your organization. And then, finally, CAA records, which is certificate authority authorization to make sure people can't just issue certificates, digital certificates with your brand for your domain name.

Helena: So Mark, how about you now take us through which domain security and risk prevention measures are necessary for law firms?

Mark Flegg: Thanks again, Helena. So look, when I look at this and looking at it from a holistic approach to protecting your online assets, the core of this is your domain portfolio management. So this is your domains, your DNS, your digital certificates, etc. that we've just covered on the prior slide there. And this all makes up your digital assets. They have to be looked after first and foremost, and the cost to do that can be off-putting for some organizations. We recognize that you can't do everything as much as you would like to. Nobody has unlimited budget. We get it.

So you need to secure those critical business assets in the first instance and then understand what's going on outside. So that's where we have online brand protection services. This is going to do all of the monitoring out there for you and tell you if there are things that you should be paying attention to and also recommendations as to whether you should be filing that UDRP to get domain names back for yourself or your clients.

And then the outer core, of course, is the online fraud protection. Again, you need those monitoring solutions in place to understand if somebody is trying to copy your organization, pretend to be your organization, and make sure your clients are protected as well of course.

And from a CSC perspective, we have a product called DomainSec, which is our cybersecurity protection platform. And this is constantly getting data feeds, going out and looking at what's happening on the internet and distilling this up and giving you the right view of what you need to be paying attention to.

So just a little bit on DomainSec. So what we're doing here, as I said, we're taking in all of this information, looking at all the different attack vectors, whether it's phishing, ransomware, business email compromise, hijacked domains, impersonation fraud, and all the other different types of attack, as well DDoS and cache poisoning, etc., and we feed that into a couple of areas, into our data lake and also into our 3D Domain Monitoring product. And this has artificial intelligence, machine learning, and also clustering technology so that we can see the big picture. We can connect the dots together to understand who's behind it, what else are they doing, and basically map the activity. And that feeds into our engine as security intelligence. And then we've got those intelligence-based security measures that we can apply, which will then help protect you and your clients from any external attacks on the company.

And finally, from me, just a note on the 3D Monitoring and why it's different. So historically, what monitoring products have done is they've gone out and they've been looking at an exact match. And what we mean by that, as you see by the example, cscglobal123.com, that's a domain string with a TLD on the end. And we'd look at typos, so csbglobal.com. We'd look at internationalized domain names. So you can register the mains with foreign character sets. And then we do a wildcard as well, so putting a character string in the center of it.

What 3D is doing with that machine learning and deep search, that's the MLDS, is it's doing everything that the basic is doing, but we're also applying fuzzy logic to it, to come up with different combinations. We're looking at homoglyphs, homophones, and cousins. And what we mean by cousins is, because of the monitoring that we do on such a scale, we're detecting patterns using machine learning, and we know that if somebody registers a co.jp or a .jp, which is Japan, we've seen trends where if they register in Japan, they're going to register in india, .in. And we can find these out very, very quickly because of that intelligence that we've built into the systems.

And not only that, it's also doing the left and right-hand side of a brand as well. So, for example, I could have if my brand is cscglobal, I could have mycscglobal.com. I could have cscglobalonline.com. So all of those kind of almost infinite combinations, when you get into numbers as well, we're searching for.