IP theft is on the rise. Companies are hemorrhaging vital intellectual property such as financial information, software codes, proprietary content and customer information. The Department of Justice estimates IP losses cost U.S. companies as much as $250 billion last year and the Chamber of Commerce estimates losses of 750,000 jobs as a result of IP theft.

Who is to blame? Most IP thefts involve current and former employees.

The process of identifying security breaches often requires examining a variety of data and communications sources – from databases and network systems to laptops and personal digital assistants. Most valuable among all such sources is e-mail because it is a time-stamped, first person account of the sender’s statements and actions.

The automatic capture of e-mail communication in messaging systems creates a natural record of critical messages, conversational context and inherent communication patterns. It is a goldmine of information – but only the most progressive organizations are able to effectively access, analyze and benefit from this valuable data source.

E-Discovery software helps security investigate e-mail communications.

The new haystack

E-mail has become the number-one source of evidence in corporate investigations, comprising more than half of all evidence. Yet, most e-mail investigations are conducted using labor-intensive methods that are expensive, inconsistent and often incomplete.

It is estimated that each year a typical Fortune 1000 company will conduct more than 25 investigations in response to internal matters, more than 15 in response to litigation, and more than 10 in response to regulatory inquiries. Large corporations make these numbers seem small by comparison. For example, a Fortune100 technology company recently indicated it has received over 50 lawsuits so far this year.

This activity is fueling the rapid growth of the Electronic Discovery market, which will swell more than 40 percent this year to $1.5 billion. In addition, it is estimated that corporations will spend over $4 billion in 2005 in expenses related to internal investigations and e-mail analysis.

What’s in Corporate Email? Only 50% of email is used for legitimate business purposes.
E-mail has become the proverbial haystack in IP fraud and security management, causing many organizations to reconsider their approaches to finding the decisive needle of evidence. A growing number of organizations are implementing e-mail security procedures and monitoring messages to comply with new internal and external policies. Still, a recent survey by AIIM Intl. and Kahn Consulting found that over 60 percent of companies have no formal policy regarding the capture, management and disposition of e-mail.

Despite the fast changing pace of e-mail messaging systems management, there is good reason for companies to jump on the E-Discovery bandwagon: e-mail analysis can be well worth the effort in uncovering fraud, protecting corporate images and deriving value from a natural data source.

The true security value of e-mail is its ability to be more revealing than traditional sources of information. E-mail is packed with data – information such as temporal attributes, attached documents, sender and recipient data, and a wealth of other metadata. This complex level of information produces more usable and reliable evidence than traditional paper sources.

E-mails are also usually more candid and accurate than other sources (e.g., individual’s own memory of events and facts). The conversational tone, patterns of communication and spontaneity of e-mail often give evidence a contextual background that is likely to produce a more complete picture of events surrounding an investigation. This information is far more powerful than data found from search engine results, standard paper trails or personal interviews.

Do You Unsubscribe to Spam Messages by Following the Unsubscribe Directions of the Message?

Sifting through the stack

To take full advantage of the abundance of data inherent in e-mail evidence, security needs to be able to quickly locate and analyze relevant information. However, current methods are inefficient and fail to leverage the qualities of e-messages that make them so valuable.

Have You Ever Clicked on a Link

within a Spam Message (other

than unsubscribe?

Traditional Method – Many organizations are still conducting e-mail investigations the old-fashioned way: reading through volumes of e-mail. These companies either identify and analyze e-mails by hand or pay expensive, specialized firms to do the legwork for them. This requires a great deal of time and labor, and is ineffective because hand coding of e-mails is inconsistent and incomplete. More troubling, however, is that as the volume and importance of e-mail grows, this method will quickly become impractical. Reviewing individual e-mails ultimately makes thorough analysis nearly impossible because groups of reviewers will invariably miss relationships and communication patterns that are not immediately obvious.

Have You Ever Purchased a Product

or Service as a Result of Spam? Source: Radicati Group & Mirapoint survey, March 2005

Survey from The Radicati Group and Mirapoint find end-users still engaging in bad email behavior. (PRNewsFoto)

Monitoring Software – Growing in popularity, monitoring software provides organizations with the ability to detect and flag e-mails based on continuous but basic policy rules and search parameters. Corporations can use these simple filters to identify and flag suspicious e-mail.

However, monitoring and investigation are two separate issues. Finding suspicious e-mail triggers an investigation of the parties involved. This investigation requires the retrieval and analysis of a large number of historical e-mails to fully understand the situation and events. Monitoring technologies are not applicable to retrieval, investigation and analysis.

Search Technologies – Most organizations are now able to do simple searches to locate suspicious e-mail. But these searches are not analytical; they offer only a narrow view of an organization’s intellectual capital.

Search technology provides haystacks, but leaves it up to investigators to find the needle. Important evidence may be buried within enormous search result lists. These lists contain individual messages without any context or broad perspective of the overall information obtained. Users must also know in advance the exact terms to search for, which causes much evidence to go undiscovered.

Right mix of technologies

The next stage in the evolution of e-mail analysis will produce solutions that fully leverage the rich content and metadata in e-mail. In order to do this, unique and intelligent combinations of multiple technologies will be required. Merging diverse aspects of specialized search techniques, messaging systems, scalable computing architectures, guided navigation and multi-dimensional visualization of the analysis will result in a powerful new blend of essential investigative capabilities.

With current methods, a company investigating fraud may turn to traditional search techniques. But what if the perpetrators are using evasive code words?

Traditional search tools would not readily identify these patterns and related terms. However, an intelligent software application that can search for and automatically analyze similarities, relationships, temporal contexts and other important connections within large volumes of e-mail would be able to identify the suspicious code words and link people, documents, events and other information relevant to the investigation.

In addition to being thorough, an effective e-mail analysis application must be usable. Even if a solution is well rounded, offering deep layers of analysis, the technology will not be adopted unless non-technical employees and investigators can be guided through the discovery process and directed to relevant information. Users must also be able to visualize the big picture, i.e., an application needs to be able to present its findings – such as relationships between people, time, events, documents and communication patterns – in a straightforward, understandable way.

Most importantly, e-mail analysis can no longer function as an outsourced service. With the types and sources of electronic evidence expanding, a comprehensive e-mail discovery solution must be able to collect, retrieve, preserve, process, analyze, review and produce evidence directly from a wide variety of enterprise content sources.

Sidebar: A Software Investigation

Analysis is the most critical aspect of the e-discovery process, yet most organizations continue to rely on manual reading and searching. The right analysis tool can cut investigation time and costs in half and produce more reliable and successful outcomes.

MetaLINCS, a startup in Mountain View, Calif., recently released its E-Discovery application, a software application that automatically guides users through the discovery process for electronic messages. The software algorithms quickly analyze e-mail data sets and visually represent relationships between people, events, time and communication patterns, thereby expediting the discovery of relevant evidence in the correct context.

The application combines a diverse set of innovative features, including:

  • Core Discovery – Processing, indexing, search, review, reporting and production.

  • Visual Analysis – Presents visual message analysis of concepts, people, events,

    time and communications patterns.

  • Thread Analysis – Organizes all of the messages in a thread along with

    all related threads.

  • People Analysis – Groups e-mails based on both an individual and a topic,

    and visually shows communication patterns, which helps reveal unexpected

    participants in conversations.

  • Related Concepts – Dynamically suggests additional key words and phrases

    to analyze, ensuring a more complete investigation.

  • Dynamic Directory – Automatically categorizes results into eight dimensions.

  • Collaboration Folders – Queries and results can be organized, saved in folders, annotated and shared by investigation teams.

  • E-Document Acquisition Engine – Extracts documents and messages from

    diverse sources; normalizes, categorizes and indexes information; integrates

    additional metadata from corporate directories.