Teramind for Legal

Teramind for Legal Overview

Law firm insider threat management

In today’s highly regulated business landscape, law firms are faced with the ever evolving challenge of addressing their insider risk issues as it pertains to securing attorney-client privileged information and client/matter data, ensuring the security of the work product offshored, and securing access to critical systems by privileged users and third party vendors/contractors.

Teramind for Legal is designed to assist law firms to address these requirements to deliver peace of mind and product/demonstrate effective oversight to compliance initiatives to your clients.

Demonstrable compliance

In addition, the rapidly expanding regulatory landscape, your clients are demanding for your firm to adhere to the same standards as you are granted access to and store their sensitive data. This means product/demonstrating your firm’s ability to comply with AML/KYC, HIPAA, ISO27001/27002, GDPR to name a few.

GDPRCompliance HIPAACompliance PCI DSSCompliance

Insider and cyber threats on the rise:


of all attacks resulted in financial damage of more than US $500,000, including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs.


was paid in ransom in the first quarter of 2016, compared to just $24 million in ransom payments in all of 2015 the FBI reported.


of business identified privileged users as a top cloud security concern


Estimated annual losses for the US from cyber crime targeting IP and perhaps $50 billion to $60 billion globally.

Effectively Detect, Investigate, and Report on Data Breaches

Teramind provides essential security monitoring capabilities to help you detect, investigate, and report on data breaches within your environments.


Teramind identifies sensitive data in structured and unstructured data across organization data stores, leveraging fingerprinting, OCR and other advanced capabilities.


Teramind leverages its activity monitoring and data loss prevention capabilities to defend sensitive data from attack and misuse.


Teramind’s powerful policy and rules engine enables a strong detection net over the entire organization, allowing for quick detection of insider threats and data incidents.


Broad set of actions in the Teramind platform enables real-time notification and immediate action, satisfying timely data breach reporting requirements, with full forensics.


All threats identified and monitored user behavior allow for a constant feedback loop and better policies to be implemented, ensure a stronger security policy implementation and oversight.

Teramind for Legal ensures oversight and compliance:

User session recording, live view and playback

Teramind’s Session Recording feature captures all user activity and screen content. User session recordings can be viewed live or for past dates and exported as a video file. With the session recording feature, you can:

•   Find out, and have forensic evidence, if your users are engaged in unproductive or harmful activities while at work.

•   Take control of a user's desktop in a potential breach situation.

•   With the help of immutable logs, alert reports and audit trails, the recording can serve as forensic evidence for investigation.

•   The insight derived from the reports and recordings can be used to train employees about security best practices.

Privileged user monitoring

Privileged insiders such as system administrators, network administrators, conflicts department and other personnel have access to otherwise restricted critical information systems containing client/matter data. As such, a malicious privileged user can cause serious damage to a law firm by accessing, leaking or potentially destroying client/matter data and work product. To prevent these insider threats, Teramind can:

•   Set up power-user rules to check for backdoor account creation, attempt to gain additional system privileges, editing configuration files etc.

•   Receive real-time alerts when a privileged user tries to tamper with sensitive systems, databases or content.

•   Immutable session log keeps a permanent record of all privileged user actions.

Intelligent session mining with OCR

Teramind can capture all data on a computer screen, including text in images and video streams, and apply OCR technology to provide the firm with the ability to:

•   Search for certain keywords using regular expressions or natural language to find any relevant content that was visible to the user.

•   Discover which users have seen relevant information as it pertains to a particular client/matter to ensure ethical walls remained in place and report any violations.

•   Create rules for identifying content that is not easily parsable because the text is embedded inside images or videos.

•   Build rules that trigger an action when certain text appears on screen.

Process and productivity optimization

With work product offshored and contracted out on a regular basis, it’s important to be able to monitor and improve the process and productivity of the extended legal workforce. Teramind can assist by providing a framework within which your law firm can:

•   Classify apps and websites you consider productive then get in-depth reports on their usage.

•   Track tasks, hours and cost by outsourced/remote worker by department.

•   Detailed reports for departments and teams for productivity KPIs like session, active, productive, unproductive and idle time..

•   Set up automated alerts to discourage unproductive activity and excessive idling.

Policy and rules engine

With Teramind’s visual Policy and Rules creation engine, law firms can establish:

•   Rules and policies to monitor and protect client/matter and other sensitive data from insider threats, breaches and exfiltration.

•   100s of pre-built policies and rules to protect you against common mistakes and perilous activities like unauthorized access, content sharing or other dangerous activities that can put your firm at risk.

•   Automatically take action during a rule violation. For example, you can create a rule that blocks a paralegal attempting to upload confidential documents to cloud shares.

Privacy-aware recording and monitoring

With Teramind, your firm is in complete control on when, who and how much to monitor, when to record and when not to. Teramind is flexible to accommodate all use cases:

•   Monitor activity and alert/block actions only, with no user session recording.

•   Record only during rule and policy violations, by setting Teramind to trigger a recording action when a rule is triggered.

•   Record groups of users all the time (example privileged user access to critical systems), and other groups of users based on other criteria. For example, you may choose to record entire user sessions for your contractors and only record privileged users when they access specific applications such as your document and records management systems which contain your client/matter data and work product.

Revealed or stealth desktop agent

Teramind can be deployed with a revealed desktop agent, whereby users are aware of the Teramind system and its monitoring functions, and can control when to turn on and off the agent. Alternatively, the desktop agent can be deployed in stealth mode with no visible controls to the end users being monitored.
With the revealed agent you can:

•   Monitor employee activity and work product non-obtrusively and transparently with the user’s consent and knowledge.

•   Users can decide when/what activities should be tracked.

•   User can select their own task/project in the agent.

With the stealth agent, you can:

•   Set up full-time or scheduled monitoring.

•   Users can be monitored as soon as a user logs on.

•   Automatic task assignment by user's application / website usage.

•   Users don’t see or interact with the agent software.

Data loss prevention

Compliance, competition and customer trust means law firms have to ensure the safety of client/matter information and work product. To ensure data safety and integrity, Teramind has a robust, four-step data loss prevention process:

•   Defining what constitutes sensitive or classified data.

•   Set security perimeter by setting rules for how the data should be handled.

•   Automatically prevent any rule violation incident with actions that block, notify, or warn.

•   In case of a data breach, pinpoint the exact cause and source of the incident with audit and forensic data available in the Teramind system.

Flexible Deployment Options

On-premise - control the Teramind implementation in its entirety, stay off-cloud if that’s your firm’s operational model, leverage LDAP groups and users to identify which users and groups to apply which policies and rules to.

Teramind Private Cloud - use your own secure, scalable private cloud implementation including AWS, Google Cloud, Azure and more.

Teramind Cloud - trust us the management of the Teramind deployment and infrastructure. Only install Teramind Agents on the machines you want to monitor and set up your users, policies and rules and let us take care of the rest.

Interested? Try it! take a guided tour