42 Seconds with a Code42 Customer: Lehigh University

Code42 provides your business with a variety of data security benefits, including increased productivity, risk mitigation, streamlined user workflows, and more–all in a single product that’s been proven to ultimately save you money. While Code42 has a few primary use cases–backup and recovery, device migration, etc.–we’ve learned that our different customers use Code42 in different ways. To explore how customers use our product, we recently partnered with the talented team at creative agency Crash+Sues to create a series of animated videos featuring the voices and likenesses of actual Code42 users.

In our latest video, Naazer Ashraf, senior computing consultant at Lehigh University, explains why they rely on Code42 over sync and share products for data backup and restore. As one of the nation’s premier research universities, Lehigh’s faculty are known for their excellence in research. Obviously, data is extremely important (and valuable) to researchers, so imagine the reaction when one researcher deleted files from Google Drive to save space–and discovered that doing so wiped the files for 10 other researchers. Naazer tells the story in just 42 seconds. Check it out below.

Protect Your Data from Insider Threats with Code42

Code42 provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows, and more – all in a single product that’s been proven to ultimately save you money. Recently, Code42 launched Security Center, a new suite of tools to help you spot suspicious data use behaviors in your workforce – and respond to them if necessary. There’s a big reason why we added this feature – the facts show that 89 percent of corporate data loss involves the actions of an insider.

We recently partnered with the talented team at creative agency Crash+Sues to create a series of videos about the core features of Code42. This most recent video focuses on an all-too common scenario in which an employee decides to steal valuable data from his employer. Unfortunately for him, this company has Code42’s Security Center.

Take a look today for an illustration of how Code42 and Security Center can help keep your enterprise’s data safe from insider threats.

YMCA Twin Cities Takes a Next-Gen Approach to Data Loss Protection

The Y connects with youth, adults, families and seniors of all backgrounds to explore and enjoy opportunities to learn, grow and thrive. In order to strengthen the community, which is our cause, it’s important that we make it easy for our employees and volunteers to do their work in supporting our programs and services — and data security plays a vital role.

The importance of data security for us lies in our ability to keep our data safe while enabling our users to get their jobs done efficiently and fast, without hindering what they’re trying to do. If our users aren’t able to access their data, it impedes their ability to accomplish the mission of the YMCA of the Greater Twin Cities. Specifically, data loss means time wasted in redoing work; it means time spent researching where that data went; it means determining whether that data movement created a new risk for the organization; and ultimately, it means not being able to serve our community so all can thrive.

People want to embrace technology and expect that it will allow them to get their jobs done quicker. As a security director, it is my responsibility to layer in security in a way that enables employees to use technology the way they want to. That’s critical, because if we don’t, they’ll stop using the organization sponsored technology entirely. Providing for this flexibility requires strong governance, and faster detection and response to data loss incidents.

I don’t think traditional data loss prevention (DLP) works. Policy sets with traditional DLP are hard to tune, and it takes months or maybe even a year or two to get to the point where you can enforce policy rather than just monitor. I am not willing to accept the risk associated with imperfect policies, resulting in blind spots. Instead, to enhance the security of the YMCA of the Greater Twin Cities, I prioritize faster detection and response.

When our existing DLP solution was due for an upgrade, we took a cloud-first approach to looking for a replacement. We also wanted to get away from the burden that traditional DLP places on user productivity when policies block the movement of data for legitimate workflows.  Considering this, we found that it made sense fiscally, strategically and technologically, to replace our legacy DLP solution with Code42 Next-Gen Data Loss Protection.

Code42 Next-Gen Data Loss Protection gives us the visibility we need across our endpoints and cloud applications — visibility that I haven’t had through other tools. We can create alerts to help us find any data exfiltration attempts so we can quickly take action, in the event of insider threats. It also helps us detect, respond and recover should there be an incident where a departing employee takes data.

“ The simplicity of the Code42 deployment was amazing. It’s been invaluable for us to be able to deploy efficiently and in such a short time because it freed us to work on other projects. ”

And, we were able to replace more than 10 on-premise servers with a cloud deployment, bringing financial savings. Code42 Next-Gen Data Loss Protection accelerates our detection and response to data loss and leak, at a fraction of the cost of alternatives, all without impeding users from accomplishing the YMCA of the Greater Twin Cities’ mission.

From advocacy to aquatics, child care to camps, mentoring to multicultural experiences, sports to safe spaces, water safety to wellness, the Y strengthens the community with life-changing programs and services. With Code42, we’ve been able to advance our data security program to support these efforts.

Building a Security-Minded Organization

Tips from the Trenches: Building a Security-Minded Organization

As a security software company, it’s essential that everyone at Code42 thoroughly understands the security industry. This is true for nearly every position. Our sales teams need to fully understand the needs of our customers—and human resources need to understand security as they recruit candidates in the security industry, where it’s highly competitive to find the requisite talent. 

Marketing clearly needs to understand not only the big-picture security needs of our customers, but also the daily life and day-to-day challenges of a security analyst. Furthermore, as security becomes an integral component in DevSecOps, developers need to better understand application security, which means that security folks also need to up their code writing skills.

Of course, not everyone requires the deep depth-of-knowledge one would expect to find with a professional security team, but everyone who works at a security software company should understand security basics. With that goal in mind, we have created the new Security Ninja program designed to teach security and enable employees to earn new belts as their mastery progresses. These belts start with a white belt and culminate with a black belt, which requires a security certification to earn. These Code42 security ninjas will become our security ambassadors within the company.  

This self-driven program, which begins when an employee registers to earn a belt, can be completed per an employee’s individual schedule. Credits are allocated by time spent learning and consist of a mix of free training that can be found online, including through YouTube videos, attending a security lunch, and learning and sharing their learnings on our company’s Slack channel. When an employee does share his or her lessons learned on our internal Slack channels, it makes me smile because we now have employees who are teaching each other what they know about information security. 

For security awareness teams, watching employees gain more security knowledge that exceeds what is required for compliance, is literally a dream come true. These trainings are no cakewalk, mind you: The belts require the applicant to not be late on any of his/her security or privacy trainings, and the applicants must not have clicked on a link in a test phishing email. If they do, they can apply to continue their training in the following quarter. Since we implemented the Ninja program last January, we’ve seen our training completions rise and fewer links in phishing tests clicked. This is a huge win.

To keep engagement high, we’ve built the program to be competitive and also fun and lighthearted. We regularly communicate about the program on our company-wide Slack channel. Some managers have set goals for their teams to gain their belts and initiate a bit of friendly competition in the process. Our sales teams are thrilled to expand their security expertise to better understand our customers and prospects and to speak their language.

Here’s how applicants earn their belts: First, they must provide evidence of completion on the learning activities they chose, even if it’s just a screenshot. Once they’ve gained the required amount of training credits, applicants can then take an online exam in our Learning Management System (LMS). At the end of the quarter, the LMS list of successful exam completions becomes my starting list to check off evidence submitted by each applicant. I check evidence “audit style” by randomly selecting people to audit; the truth is, however, that I’m so thrilled at the work they are all doing that I tend to review all evidence submitted, especially the “lessons learned.” There is no greater sense of satisfaction for a security awareness professional. 

Each quarter, we celebrate all of the new ninjas and award them their “belt,” i.e., a colored badge with an outline of a ninja. The ninjas can attach the belt to their badge holder or lanyard to proudly display their ninja level status. Of course, we have fun with this, too, by inviting everyone to our main meeting area and provide donuts for their accomplishments. We call it “Donuts in the Dojo,” and our CISO is there to congratulate everyone on their newfound security expertise.

This is not only a win for the security team, it’s also a win for the employees. They can more confidently navigate the world of security professionals and better understand our customers. All of this means it’s a huge win for Code42.

Code42 Helps Accelerate the Alert Data Pipeline for Ping Identity through Enhanced Detection and Response

Code42 Helps Accelerate the Alert Data Pipeline for Ping Identity through Enhanced Detection and Response (Video)

At Ping Identity, our whole business is built around security. Our unified platform provides intelligent access for customers, employees and partners so they can securely connect to cloud, mobile, SaaS and on-premises applications and APIs. With more than 2 billion identities under management, data security is critical to our mission. 

Data security comprises three critical areas: detection, protection and response. And no one solution can focus on all areas. Just like there’s no one tool you’d use to work on a car, different tools focus on different areas of security. Using them together enables a security team to deliver the greatest protection for their company. 

Code42 Next-Gen Data Loss Protection is one of the solutions that Ping uses to help detect and respond to data threats. Code42 has always been a data organization. Now with their next-gen solution, they’re evolving into a tool that handles a wide level of alerting, no matter where data lives and moves. At Ping, like many other companies, our data lives in many places: endpoints, cell phones, servers and cloud applications. Data is always moving, and detecting its movement as it exits the organization is critical. 

I would argue that the biggest challenge for security professionals today is managing a collection of disparate security tools along with the sheer volume of alerts that they drive.  While coordinating all these tools is a challenge, it would be impossible to secure an organization without them. This is why it is critical to bring alert data onto a central plane, where it can be seen by all security professionals and business partners in a singular manner. 

To achieve this at Ping Identity, I built an alert data pipeline. This highly scalable pipeline enables us to act quickly by routing the alerts directly to the individual accountable for responding. For example, in a situation where a departing employee moves data onto a USB, an alert would be automatically sent to Human Resources. Code42 is one of the security tools that fits into our alert data pipeline solution. It provides visibility to potentially risky data movement and accelerates our detection and response. 

For Ping, adding Code42 Next-Gen Data Loss Protection to our security toolkit has been critical in helping us achieve our mission — to keep our customers’ data safe.

I’m Taking Data, and DLP Can’t Stop Me (Video)

Here’s my confession: I plan to take data with me whenever I leave my employment at Code42. I know exactly what data I will take and how I will take it. Am I concerned about getting caught? Not really. Most data loss prevention products won’t even see me doing it, let alone prevent me.

I’m not alone in my data scheming. Code42’s 2018 Data Exposure Report revealed that up to 72 percent of employees admit to taking data from their previous employer to their new one­—and that’s just those who will admit to the data theft. On top of that, 90 percent of companies feel vulnerable to insider threat.

Thankfully, in my case, all of the data on my list consist simply of pictures of me and my dog. But when I’m taking data with me upon my departure, shouldn’t the company security team be able to tell? Ideally, yes. The challenge is that humans are unpredictable, and prevention toolsets don’t take our chaotic nature into account.

“ At its core, data loss prevention (DLP) isn’t new. In fact, the desire to prevent data from disappearing is universal. Sadly, the failures to prevent data loss are as common as they are ancient—just ask the librarians at Alexandria how well their plans to prevent data loss worked. ”

While Code42 isn’t in the business of securing burning libraries, we do focus on data loss protection. Unfortunately, data loss prevention as a software category has experienced innumerable failures. Whether it’s trying to prevent the loss of source code, client lists, CAD drawings, or the latest episode of a certain winter-obsessed TV show: people put their date into places they shouldn’t—and they’re able to do this regardless of how good their data loss prevention tools and polices are, or how large a security team they have in place, or how many ports on their machines are disabled: data loss prevention is failing. If you have data loss prevention deployed, there’s a good chance it is failing you right now.

Scared yet? Concerned?

You should be. People, even when set loose in a perfectly architected, immaculately maintained environment, will still wreak havoc intentionally or accidentally. If you build a wall, someone will build a taller ladder. If you block USB access, someone will use any number of other options to obtain that access. For everything else, there’s Florida Man. The TL;DR version: No plan survives first contact with the enemy.

What does all of this mean for data loss prevention tools? It means policies don’t stop people from taking data. One can’t out-engineer the malicious intent of a determined human. This is why Code42 moves beyond prevention to data loss protection; in other words, prevention on its own simply doesn’t work—and it doesn’t work for all of the reasons I just cited. At Code42, we focus on protecting from data loss. That’s because it’s possible and it’s critical to be able to rapidly detect, investigate and respond to a potential data loss incident.

To these ends, there are three additions we’ve made to our product that will help you to better protect your organization from data loss. Here they are:

Data Exposure Dashboards

Our data exposure dashboards enable you to quickly visualize exfiltration events across removable media as well as personal and corporate cloud accounts. They provide a 1-, 7-, 30-, or 90-day view of events across your organization in order to quickly investigate anomalous findings. Additionally, these dashboards reveal which files have been shared externally in your corporate Google Drive, OneDrive, and Box environments over the same period of time.

Data Exfiltration Alerts

The new data exfiltration alerts enable the creation of alert profiles for some, or all, of the users in your organization based upon how much data are being moved to removable media and cloud services. These alerts show exactly what data were moved, down to the specific file content. This makes it easy to assess whether the exfiltration poses a data loss risk to your organization.

SOAR BABY SOAR

Alerts are great, but they don’t work in a vacuum. Alerts need context. Previously, we’ve written about our integration with Splunk Phantom, and now we’re happy to announce support for IBM’s Resilient Security Orchestration and Automation (SOAR) platform. With this new integration, it’s now possible to include Code42’s data exfiltration and forensic metadata in your existing incident response automations. You can learn more and download the Code42 Resilient app by visiting IBM Security App Exchange.

And with that, I’m afraid this post has come to an end.

But not before I take a moment to brag. Code42 keeps racking up hardware in the form of industry awards. Most recently, we were honored with the Black Unicorn award from CyberDefense. If you want to see how awesome we are, head over to our honors page.

Stay safe out there.

Using Slack to Enhance Security Blog post

Tips From the Trenches: Using Slack to Enhance Security

Slack, the popular collaboration tool, got more than its share of media attention last month. All this Slack buzz gives us an opportunity to share how we use Slack here at Code42. We’ve thoroughly vetted Slack, and rather than banning it as a security risk, we actually use the tool to enhance our security capabilities.

Why Code42 uses Slack

So, what about those security concerns? Any tool that facilitates the sharing of information brings some risk of user abuse or error , such as oversharing, mis-sharing, etc. That’s true for Slack, just as it’s true for Google Docs, Dropbox — and even, yes, Microsoft Teams. Just like our approach to data loss protection, our internal security strategy takes an honest look at risk mitigation that focuses on the biggest risks — without unnecessarily impeding productivity, collaboration and innovation. Like all our third-party vendors, we hold Slack to our rigorous vendor security standard, which includes an annual vendor security risk reassessment process. Moreover, we’ve put security controls in place that balance the need to mitigate the inherent risks of information-sharing with the productivity and innovation value of the tool itself.

How we use Slack

At Code42, nearly every employee uses Slack every day for real-time direct messaging, increasing productivity and helping us deliver on one of our core company values: Get it Done, Do it Right. The Code42 security team, in particular, leverages Slack in unique and powerful ways.  Here are a couple ways we have integrated Slack functionality to improve our internal security program:

  1. Security alert notifications: Slack’s Incoming WebHooks allow you to connect applications and services to your Enterprise Slack. We use this capability to implement security notifications tied to activities in our security applications, which are then posted in a corresponding Slack channel. This provides our security analysts and partners across the business with real-time alerts right in the application where they are already communicating and collaborating throughout the day, helping them take appropriate and timely action.

    For instance, we have created private channels to alert on critical events within different environments, such as alerts from Capital One’s Cloud Custodian. The alerts are based on policy violations that we define in YAML policy files. Cloud Custodian then alerts our team — and takes action when needed. For example, if Cloud Custodian sees an S3 bucket configured as public, it will make it private by changing permissions in the access control lists (ACLs) and bucket policies — and then notify our teams of the change via Slack as depicted below.



    Screenshot of Slack’s Incoming WebHooks tool:


  2. Security news and updates: Our security team also created a public channel (open to everyone at Code42) as a collaborative workspace for all users. The public channel enables staff to crowdsource and share security knowledge, and to have discussions around the latest security news. Anyone can post security articles, whitepapers, podcasts, blogs or news — highlighting interesting ideas — and weighing in on each other’s responses. This channel acts as a security news feed, delivering just-in-time security-related information to employees to keep them aware of the latest security threats and trends. Code42 employees also often post what they are seeing in their own news feeds as they become more security savvy.

Walking the Talk

At Code42, we talk a lot about the fundamental paradox of enterprise information security: Information-sharing is both the key to success — and the biggest risk — in organizations. The smart approach focuses on controlling the risk, so you can unlock that value. We’ve vetted Slack and put security controls in place, so we can leverage its capabilities to fuel collaboration, enhance productivity and improve our internal security capabilities. Slack integrates with our security tools for real-time alerting and allows us to quickly disseminate security knowledge throughout the organization. Our internal use of Slack demonstrates how we walk the talk in our own approach to information security.

Leave the World a Better, and More Accessible, Place - Code42

Leave the World a Better, and More Accessible, Place

It doesn’t take long after a new employee joins Code42 for them to realize that we are a company that knows having values isn’t meaningful unless you truly LIVE the values. From the way we greet employees when they walk through the door, to the way we show them around the office, our cultural values are front and center. We assume positive intent. We get it done and do it right. We are not afraid. We believe that corporations should have more than solely an investor responsibility; they also should have a civic responsibility to “leave the world a better place.” For many of us at Code42, leaving the world a better place gives us a great purpose through work, one that encourages us to give back.

At Code42, we’re always striving to create a more diverse workplace. That diversity takes many forms, including but not exclusive to race, ethnicity, age, gender, sexual orientation, spiritual belief, socioeconomic status, ability and disability. We try to encourage engaging in each dimension across our business.  

Throughout 2018, we made strong strides to address diversity head-on. Going into 2019, we knew we wanted to accelerate our efforts on web accessibility within our product. There were two main events that precipitated that goal. First, a colleague gave a lightning talk about how accessibility improves the experience for all users, not just those with different accessibility needs. That talk really resonated across our team. Perhaps one of the most poignant examples of that talk was the “curb cut effect,” as highlighted in an episode of the 99% Invisible podcast. In the 1970’s, after cities began implementing curb cuts, they found that the impact of those accessibility improvements was wider-reaching than they anticipated. It turns out that everyone benefited by having access over the curb, whether they were in wheelchairs, on bikes, pushing a stroller, or towing a cart behind them.

The second event happened this year during the Superbowl. An ad caught my eye. Microsoft aired a commercial that debuted their Accessibility Controller, which allows anyone, regardless of their needs, to be able to use the controller effectively. They took a bold stance in the market with the phrase, “When we all play, we all win,” which struck right at the heart of the issue. Nobody should feel as though they cannot use or engage with a product. Put more succinctly, when technology empowers each of us, it empowers all of us.

So, what does that mean for Code42? We’re making a commitment to ensure our product is more accessible. While we can’t magically change where we are today, we can change where we go in the future. We’re happy to announce that we’ve launched an initiative called, “Acutely Aware for Accessibility.” The goal of this initiative is to ensure we test to WCAG 2.1 standards and begin to ensure the new capabilities we create use technology choices that empower everyone. No longer will it be acceptable to simply mark defects against the function of the product for mouse users who don’t employ assistive technology. Instead, we will now expect our employees and customers to log defects against our product when we fail to live up to the accessibility standards that we’ve set. In the coming months and years, we’ll be excited to announce more on this initiative and share our progress. For the time being, we want to emphasize our commitment to inclusion with our products here at Code42.

At Code42, our values define how we work, play and engage with each other, not just in the four walls of our workplace, but also in our community. Each day we are committed to leaving the world a better place. And each day when we arise, we know that while we’ll never reach the finish line of this journey, we know that we can contribute more back to the society that raised the caring, creative and innovative employees that we have here. 

The Five Big Themes I’ll Be Looking for Next Week at Black Hat

If there was one annual event that encapsulates cybersecurity, it’s Black Hat. For more than 20 years, thousands have gathered to learn security during the Black Hat training sessions and see cutting-edge research on display at the Black Hat Briefings. Black Hat has been doing this every year in Las Vegas since 1997. That’s right about the time enterprise data security started maturing into widespread practice. Over the years, the crowds have grown, and so has the importance of data security. 

Every year at Black Hat, I try to keep an eye out for different trends. These are themes that I believe will be important and drive a lot of the conversation at the conference, not to mention the months that follow. Here’s what I’m looking at this year:

“ What piques my interest about insider threat isn’t just the number of attacks perpetrated by insiders; it’s about how damaging insiders can be to an organization. After all, insiders know where the data is and what data is valuable. ”

The insider threat

There have been several recent news stories that highlight insider threat and it’s no fluke that they dominate the news cycle. Insider threats are up 50 percent in the past four years alone. Recently, we learned about the McAfee employees who quit and were sued for allegedly taking intellectual property to a competitor. Then there was the SunPower exec who emailed himself highly sensitive trade secrets. And the Desjardin employee who accessed the data of nearly three million bank customers. Earlier this year, the Verizon Insider Threat Report found that 20 percent of cybersecurity incidents originated from trusted insiders and often went unnoticed for weeks, months, and even years. 

What piques my interest about insider threat isn’t just the number of attacks perpetrated by insiders; it’s about how damaging insiders can be to an organization. After all, insiders know where the data is and what data is valuable. I’ll be looking for lots of conversations in this area, and new insights into ways to better detect and respond to insider threats before IP is gone and the damage is done.

The increased importance of DevSecOps

The popularity of DevOps keeps growing. According to Allied Market Research, the global market for DevOps tools was nearly $3 billion in 2016 and is expected to reach over $9 billion by 2023 — growing at a healthy 19% annual clip. Yet, enterprises have a challenge when it comes to incorporating security into the DevOps application development and management processes. That’s what DevSecOps is all about. I think we’re going to hear some great advice and ways to maximize the incorporation of strong security practices into DevOps.

Insight into the emerging threat landscape

We always look toward finding a fresh perspective on the threat landscape at Black Hat. The conference presenters are always examining new attack methods in detail. This year will be no different, and I’m expecting to see interesting approaches to attacks via social media and insider threat exploits.

Latest trends in Zero Trust security

Zero Trust has moved from buzzword to reality, but we’re just beginning to see organizations move beyond superficial Zero Trust implementations. I expect the conversations around Zero Trust, a concept of security centered on the belief that companies shouldn’t trust anyone or anything inside or outside their perimeters, and instead must verify and monitor anything and everything trying to access company data, to become more meaningful and results-based. This will continue to be an interesting and compelling topic in the months following Black Hat.

A deep look inside a few interesting security vulnerabilities

At Black Hat, if you don’t make it to a few sessions where they dive deep into a security flaw or exploit, you’re really missing out. These sessions are eye-opening, heart-stopping, and mind-jarring to see. It opens your eyes to the ways in which people make new inroads to devices, hack into large enterprises, and leverage vulnerable software to do it silently.

I’m also going to keep a lookout for new buzzwords and emerging attack trends. For instance, we already see the rapid rise of deepfake movies. And let’s face it, these videos are getting incredibly good, thanks to sophisticated algorithms that create unprecedented reality. Soon, we’ll have issues trusting our own eyes and ears and their ability to discern what is real. This will be fun to see take shape this year.  

Finally, we all know that the IT industry is increasingly turning to artificial intelligence (AI) and machine learning to help secure our increasingly complex environments. But when it comes to new security technologies, it’s a bit of a double-edged sword. What can be used for our defense can also be used to attack us. AI is no different, and in the near future, we’re going to see AI used more commonly to attack enterprises. AI-based attacks are on their way. You can count on it.

Code42 Next-Gen Data Loss Protection Customer Success

CrowdStrike and Code42 vs. External and Insider Threats (Video)

After working on security teams at large retail organizations, I’m now in the unique, and fortunate, position to be the director of security at Code42, an organization that makes one of the products that my team uses daily. This gives us direct access to Code42’s latest product features, beta testing, and the opportunity to network with organizations like CrowdStrike both as peers and as customers of each other’s products.

The Code42 Next-Gen Data Loss Protection solution is an incredibly helpful tool to have in the toolkit. I’m proud of how my company is innovating to help fill a critical need in data security, particularly around protecting data from insider threats. But as any savvy security professional knows, there’s no one silver bullet to address all of an organization’s data security needs. For this, I rely on different products to protect Code42’s data from an ever-present array of threats.

One of the key solutions we use at Code42 is CrowdStrike, the fastest-growing endpoint detection and response solution on the market. Some of the things I love about CrowdStrike are its high-fidelity rate and its low rate of false positives; how it has a lot of searchable, granular event data; and its Falcon OverWatch service, which provides a “second set of eyes” to alert us to unusual activity in our environment. 

CrowdStrike and Code42 work shoulder-to-shoulder to protect our data. CrowdStrike protects our organizations from external threats such as malware, while Code42 accelerates our detection of and response to insider threats, like departing employees

“ CrowdStrike and Code42 work shoulder-to-shoulder to protect our data. CrowdStrike protects our organizations from external threats such as malware, while Code42 accelerates our detection of and response to insider threats, like departing employees. ”

As you can tell, I’m a huge advocate for CrowdStrike, which made it particularly cool to meet with Tim Briggs, CrowdStrike’s incident response analyst, at our Evolution19 conference in Denver earlier this year. I learned a lot from Tim, and even got a few tips from the trenches about how he uses Code42 and CrowdStrike in their environment. For example, Tim shared a story about a recent incident, when their security team received an alert from the CrowdStrike platform that was related to torrent activity in their system. Torrent activity could be extremely malicious, in that an employee may be exfiltrating valuable IP, or it could simply mean an employee was misusing company assets. 

With the alert in hand, the CrowdStrike security team was able to use Code42 to look at the files and download history of the employee in question. They quickly figured out that the employee was downloading movies onto their device. With that context, the CrowdStrike team was able to ascertain that, while the employee was misusing company assets, he wasn’t behaving maliciously or exfiltrating data. The security team was then able to report that to their executive team. 

While the threat landscape is in a constant state of flux, two things will never change. Breaches will happen, and employees will take data when they leave. It is that simple. Together, CrowdStrike and Code42 are dedicated to making it faster and easier for our respective customers to detect and respond to insider and external threats. 

Code42 Next-Gen Data Loss Protection Customer Success

Code42 and Splunk Protect IP from Employee Misuse for MACOM (Video)

As a semi-conductor design and manufacturer company, MACOM’s data includes proprietary designs and CAD drawings that are extremely valuable forms of IP. Making sure that data stays within the company and is protected from employee misuse is key to our success as a business. Part of our challenge in protecting our data is that we’re about 1,500 employees spread across roughly 50 sites globally. For such a large global organization, our security team runs lean. Jeff Litwinowich, director of IT and Security, and I are really the only two members of the team who are accountable for security at MACOM. To give us some extra horsepower, we need tools that provide visibility into what’s happening in regards to our data on both endpoints and in cloud applications.  

Having had a positive experience as a Code42 customer at a previous organization, Jeff and I were eager to look at Code42 Next-Gen Data Loss Protection as we were evaluating products which could help lay the foundation of our data loss protection strategy. At the time, MACOM was in the midst of our digital transformation, with the intention to go from IT 1.0 to 3.0 within the year. We needed a product to ensure that our data is always protected, as we were rapidly adopting cloud solutions and going through organizational changes. We needed to accomplish this without placing an administrative burden on our lean IT or security teams, or requiring on-premises infrastructure to support.   

Our initial POC validated that Code42 was easy to deploy and could detect data movement that previously would have gone unnoticed. The POC soon expanded to a company-wide deployment of Code42 Next-Gen Data Loss Protection. The global deployment went very smoothly. It was complete within about a month, which was a fast turnaround for us. Today, we have gone a step further, and integrated Code42 and Splunk. Together, these solutions not only help us monitor data activity, but also consolidate that information for a clear snapshot of what’s happening at an individual and organizational level. Having these tools provides efficiencies and enhanced security beyond what we had before. 

“ If a departing employee tells us they’re just taking personal pictures that were on their device, we can look back and validate if that is true. If we access the files and find that it was actually company property, the conversation changes. ”

Code42 and Splunk allow us to trust our employees, but verify. We’re a company of people and everyone needs to trust each other and work together. While I want to believe that no one is doing anything malicious, it’s my duty to verify, to ensure we’re all in the clear. Code42 is the validator. 

Validation happens in a few ways. When a rule is broken, we need to understand why it was broken. Was there a legitimate business reason, and was that a good enough reason not to follow that rule? Should we make an exception to the rule?

Validation can also be thought of as our way of responding to data exfiltration incidents. In times when we detect data leaving the company, we are able to access the file in question and determine if it was inadvertent or malicious. For example, if a departing employee tells us they’re just taking personal pictures that were on their device, we can look back and validate if that is true. If we access the files and find that it was actually company property, the conversation changes. 

“ Code42 and Splunk allow us to trust our employees, but verify. ”

In my role, I have a general idea of what data is important and what’s not, but I rely on the business to tell me what is truly critical. HR and legal are my primary stakeholders when it comes to protecting data from insider threats. Generally, they are looking at users who are involved in litigation or someone who’s leaving the company. They ask us to monitor the user’s activity and provide insight related to actions the user has taken in regards to their data in the past. By analyzing the Code42 data in the Splunk dashboard, I can easily go back and look at somebody’s activities after the fact to make sure we’re protecting what’s most critical to the business. 

With Code42 and Splunk, I am also able to be proactive. By setting up alerts, I can look at specific users and get immediate notification if they’re engaging in suspicious behavior like moving something to an unsanctioned cloud application or a USB. The best thing about Code42 is we have all the data and it gives us an incredible amount of visibility that we’ve never had before. 

Code42 security industry awards

Gosh, Well, What Can We Say Except “Thank You?”

Wherever their sensitive data and IP lives or moves, whether on endpoints, Google Drive or portable hard drives, companies trust us to protect their ideas and most valuable data, and we take that trust seriously. Ensuring their success is our number one mission at Code42.

That’s why it is especially gratifying when we are recognized among the industry’s most innovative and progressive companies for finding new ways to help our customers’ speed their detection and response to insider threats and other data loss and exfiltration events. We are thrilled to announce that in the first half of 2019 our Code42®Next-Gen Data Loss Protection solution has earned a number of industry honors:

  • Cybersecurity Insiders named Code42 a Gold Winner for Data Leakage Protection and a Silver Winner for Best Cybersecurity Company in the 2019 Cybersecurity Excellence Awards. These awards are produced in partnership with more than 400,000 cybersecurity professionals on LinkedIn to make award selections. 
  • Code42 was twice named a winner in the Cyber Defense Magazine 2019 InfoSec Awards in the categories of Next-Gen Data Loss Prevention and Next-Gen Insider Threat Detection. The Code42 Next-Gen DLP was selected by a panel of security professionals for the honor, which seeks to recognize industry innovators and those poised to become the next generation of industry leaders. 
  • Code42 Next-Gen DLP won the Bronze Stevie® Award in the Endpoint Security Management Solution category as part of the 17thAnnual American Business Awards®. More than 200 professionals worldwide participate in judging the Stevie® Awards. 

While we’re proud to make a difference in the businesses of our customers, we also take pride in making Code42 a great place to work for employees. 

  • For the fifth time, Code42 was named one of the Top Workplaces in Minnesota by the Star Tribune, our local Minneapolis newspaper. As a Top Workplace, Code42 joins the ranks of the most progressive companies in Minnesota, based on employee opinions measuring engagement, organizational health and satisfaction.

It’s the dedication and hard work of our employees that enable us to continue to fulfill our customer-first mission. With that said, we want to extend a special thanks to our employees and customers whose passion for what they do has driven us for the last 18 years to become an industry leader in data security.