Tips From the Trenches: Cloud Custodian–Automating AWS Security, Cost and Compliance Code42 Blog

Tips From the Trenches: Cloud Custodian–Automating AWS Security, Cost and Compliance

“We’re moving to the cloud.” If you haven’t heard this already, it’s likely you will soon. Moving to the public cloud poses many challenges upfront for businesses today. Primary problems that come to the forefront are security, cost and compliance. Where do businesses even start? How many tools do they need to purchase to fulfill these needs?

After deciding to jump start our own cloud journey, we spun up our first account in AWS and it was immediately apparent that traditional security controls weren’t going to necessarily adapt. Trying to lift and shift firewalls, threat vulnerability management solutions, etc. ran into a multitude of issues including but not limited to networking, AWS IAM roles and permissions and tool integrations. It was clear that tools built for on-premise deployments were no longer cost or technologically effective in AWS and a new solution was needed.

“ It was clear that tools built for on-premise deployments were no longer cost or technologically effective in AWS and a new solution was needed. ”

To remedy these discoveries, we decided to move to a multi-account strategy and automate our resource controls to support increasing consumption and account growth. Our answer to this was Capital One’s Cloud Custodian open source tool because it helps us manage our AWS environments by ensuring the following business needs are met:

  • Compliance with security policies
  • AWS tagging requirements
  • Identifying unused resources for removal/review
  • Off-hours are enforced to maximize cost reduction
  • Encryption needs are enforced
  • AWS Security Groups are not over permissive
  • And many more…

After identifying a tool that could automate our required controls in multiple accounts, it was time to implement the tool. The rest of this blog will focus on how Cloud Custodian works, how Code42 uses the tool, what kind of policies (with examples) Code42 implemented and resources to help one get started in implementing Cloud Custodian into their own environment.

How Code42 uses Cloud Custodian

Cloud Custodian is an open source tool created by Capital One. You can use it to automatically manage and monitor public cloud resources as defined by user written policies. Cloud Custodian works in AWS, Google Cloud Platform and Azure. We, of course, use it in AWS.

As a flexible “rules engine,” Cloud Custodian allowed us to define rules and remediation efforts into one policy. Cloud Custodian utilizes policies to target cloud resources with specified actions on a scheduled cadence. These policies are written in a simple YAML configuration file that specifies a resource type, resource filters and actions to be taken on specified targets. Once a policy is written, Cloud Custodian can interpret the policy file and deploy it as a Lambda function into an AWS account. Each policy gets its own Lambda function that enforces the user-defined rules on a user-defined cadence. At the time of this writing, Cloud Custodian supports 109 resources, 524 unique actions and 376 unique filters.

As opposed to writing and combining multiple custom scripts that make AWS API calls, retrieving responses, and then executing further actions from the results, the Cloud Custodian simply interprets an easy-to-write policy that then takes into consideration the resources, filters and actions and translates them into the appropriate AWS API calls. These simplifications make this type of work easy and achievable for even non-developers.

“ As a flexible rules engine, Cloud Custodian allowed us to define rules and remediation efforts into one policy. Cloud Custodian utilizes policies to target cloud resources with specified actions on a scheduled cadence. ”

Now that we understand the basic concepts of Cloud Custodian, let’s cover the general implementation. Cloud Custodian policies are written and validated locally. These policies are then deployed by either running Cloud Custodian locally and authenticating to AWS or in our case via CI/CD pipelines. At Code42, we deploy a baseline set of policies to every AWS account as part of the bootstrapping process and then add/remove policies as needed for specific environments. In addition to account specific policies, there are scenarios where a team may need an exemption, as such, we typically allow an “opt-out” tag for some policies. Code42 has policy violations report to a Slack channel via webhook created for each AWS account. In addition, we also distribute the resources.json logs directly into a SIEM for more robust handling/alerting.

Broadly speaking, Code42 has categorized policies into two types – (i) notify only and (ii) action and notify. Notify policies are more hygiene-related and include policies like tag compliance checks, multi-factor authentication checks and more. Action and notify policies are policies that take actions after meeting certain conditions, unless tagged for exemptions. Action and notify policies include policies like s3-global-grants, ec2-off-hours-enforcement and more.  The output from the custodian policies are also ingested into a SIEM solution to provide more robust visualization and alerting. This allows the individual account owners to review policy violations and perform the assign remediation actions to their teams. For Code42, these dashboards provide both the security team and account owners the overall health of our security controls and account hygiene. Examples of Code42 policies may be found at GitHub.

What policies did we implement?

There are three primary policy types Code42 deployed; cost-savings, hygiene and security. Since policies can take actions on resources, we learned that it is imperative that the team implementing the policies must collaborate closely with any teams affected by said policies in order to ensure all stakeholders know how to find and react to alerts and can provide proper feedback and adjustments when necessary. Good collaboration with your stakeholders will ultimately drive the level of success you achieve with this tool. Let’s hit on a few specific policies.

Cost Savings Policy – ec2-off-hours-enforcement

EC2 instances are one of AWS’s most commonly used services. EC2 allows a user to deploy cloud compute resources on-demand as necessary, however there are many cases where the compute gets left “on” even when it’s not used, which racks up costs. With Cloud Custodian we’ve allowed teams to define “off-hours” for their compute resources. For example, if I have a machine that only needs to be online 2 hours a day, I can automate the start and stop of that instance on a schedule. This saves 22 hours of compute time per day. As AWS usage increases and expands, these cost savings add up exponentially.

Hygiene Policy – ec2-tag-enforcement

AWS resource tagging is highly recommended in any environment. Tagging allows you to define multiple keys with values on resources that can be used for sorting, tracking, accountability, etc. At Code42, we require a pre-defined set of tags on every resource that supports tagging in every account. Manually enforcing this would be nearly impossible. As such, we utilized a custodian policy to enforce our tagging requirements across the board. This policy performs a series of actions as actions described below.

  1. The policy applies filters to look for all EC2 resources missing the required tags.
  2. When a violation is found, the policy adds a new tag to the resource “marking” it as a violation.
  3. The policy notifies account owners of the violation and that the violating instance will be stopped and terminated after a set time if it is not fixed.

If Cloud Custodian finds tags have been added within 24 hours, it will remove the tag “violation.” If the proper tags are not added after, the policy continues to notify account owners that their instance will be terminated. If not fixed within the specified time period, the instance will terminate and a final notification is sent.

This policy ultimately ensures we have tags that distinguish things like a resource “owner.” An owner tag allows us to identify which team owns a resource and where the deployment code for that resource might exist. With this information, we can drastically reduce investigation/remediation times for misconfigurations or for troubleshooting live issues.

Security Policy – S3-delete-unencrypted-on-creation

At Code42, we require that all S3 buckets have either KMS or AES-256 encryption enabled. It is important to remember that we have an “opt-out” capability built into these policies so they can be bypassed when necessary and after approval. The bypass is done via a tag that is easy for us to search for and review to ensure bucket scope and drift are managed appropriately.

This policy is relatively straightforward. If the policy sees a “CreateBucket” Cloudtrail event, it checks the bucket for encryption. If no encryption is enabled and an appropriate bypass tag is not found, then the policy will delete the bucket immediately and notify the account owners. It’s likely by this point you’ve heard of a data leak due to a misconfigured S3 bucket.  It can be nearly impossible to manually manage a large scale S3 deployment or buckets created by shadow IT. This policy helps account owners learn good security hygiene, and at the same time it ensures our security controls are met automatically without having to search through accounts and buckets by hand. Ultimately, this helps verify that S3 misconfigurations don’t lead to unexpected data leaks.

Just starting out?

Hopefully this blog helped highlight the power of Capital One’s Cloud Custodian and its automation capabilities. The Cloud Custodian policies can be easily learned and written by non-developers, and provides needed security capabilities. Check out the links in the “Resources” section below regarding Capital One’s documentation, as well as examples of some of Code42’s baseline policies that get deployed into every AWS account during our bootstrap process. Note: these policies should be tuned accordingly to your business and environment needs and not all will be applicable to you.

Resources:

Authors:

Aakif Shaikh, CISSP, CISA, CEH, CHFI is a senior security analyst at Code42. His responsibilities include cloud security, security consulting, penetration testing and inside threat management. Aakif brings 12+ years of experience into a wide variety of technical domains within information security including information assurance, compliance and risk management. Connect with Aakif Shaikh on LinkedIn.

Byron Enos Code42

Byron Enos is a senior security engineer at Code42, focused on cloud security and DevSecOps. Byron has spent the last four years helping develop secure solutions for multiple public and private clouds. Connect with Byron Enos on LinkedIn.

Code42 Jim Razmus

Jim Razmus II is director of cloud architecture at Code42. He tames complexity, seeks simplicity and designs elegantly. Connect with Jim Razmus II on LinkedIn.

Finally, a DLP for Macs

Finally, a DLP for Macs

It’s time to face the facts, Macs are everywhere in the enterprise. In fact, a 2018 survey from Jamf pointed to the fact that more than half of enterprise organizations (52%) offer their employees a choice in their device of preference. Not entirely surprising, 72% of employees choose Mac. The Apple wave within business environments has begun and only promises to grow over time.

“ Legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. ”

The problem is that legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. As a result, legacy DLPs often approach Macs as an afterthought rather than a core strategy. Customer opinions of their DLP for Macs continue to be unfavorable. In fact, last year at Jamf’s JNUC event in Minneapolis, Mac users quickly revealed their sheer frustration with DLP and how it wasn’t built for Macs. Code42 customers currently using legacy DLP vendors vented about their Mac DLP experience saying, “It just sucks!”

Naturally, we asked why.

  1. No Support – Mac updates can be fast and furious. Unfortunately, DLP has traditionally struggled to keep up with those updates. The result? Errors, Kernel panics and increased risk for data loss.
  2. No OS Consistency – We often forget that today’s businesses often use both Mac and Windows. DLP has traditionally maintained a very Windows-centric approach that has made the Mac experience secondary and inconsistent with Windows. Having two sets of users with varying levels of data risk is never good.
  3. It’s Slow – The number one issue often stems from performance-sucking agents that bring the productivity of Mac users to a screeching halt.
  4. Kernel Panics – This is worth reiterating. Macs are sensitive to anything that poses a threat, so whenever perceived unsanctioned DLP software threatens Mac, it means reboots and an increased risk of downtime.
  5. It’s Complicated – Traditional DLP still relies on legacy hardware and manual updates, which is time consuming and expensive.

Recently, Code42 unveiled its Next-Gen Data Loss Protection Solution at the RSA Conference 2019. One of the reasons our 50,000+ customers love us is precisely because of the superior Mac experience we deliver. Our next-gen DLP solution was built with the Mac user in mind. Learn more about our trusted and proven take on DLP for Mac.

Code42 Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

When it comes to data loss protection, there are fundamental security questions that every organization needs to answer. These include, “Who has access to what files?” and “When and how are those files leaving my organization?”

Code42 Next-Gen Data Loss Protection helps you get answers to these questions in seconds by monitoring and investigating file activity across endpoints and cloud services. And now, Code42 has expanded its investigation capabilities to provide greater visibility into removable media, personal cloud and web browser usage by allowing security analysts to search file activity such as:

  • Files synced to personal cloud services. Code42 monitors files that exist in a folder used for syncing with cloud services, including iCloud, Box, Dropbox, Google Drive and Microsoft OneDrive.
  • Use of removable media. Code42 monitors file activity on external devices, such as an external drive or memory card.
  • Files read by browsers and apps. Code42 monitors files opened in an app that is commonly used for uploading files, such as a web browser, Slack, FTP client or curl.

Advanced Exfiltration Detection can be applied to proactively monitor risky user activity — such as the use of USBs across an organization — as well as to eliminate blind spots during security investigations. For example, imagine you’ve just learned that a confidential roadmap presentation was accidentally sent to the wrong email distribution list. Sure, it can later be deleted from the email server. But did anyone download it? Has anyone shared it? By using Code42 to perform a quick search of the file name, you can answer those questions in seconds. You’ll not only see which users have downloaded the attachment, but also that one has since saved the file to a personal Dropbox account. With this information in hand, you can quickly take action against this risky data exposure.

See Advanced Exfiltration Detection in action.


Code42 Security Team Talks Predictions for 2019

The Code42 Security Team Talks Predictions for 2019

As companies plan their data security strategy for 2019, they’re faced with a particularly challenging set of unknowns. On top of shifts in the market and political uncertainties, businesses must operate in an ever-changing threat landscape as they make decisions about how best to protect their most valuable asset: their data.

We gathered members of the Code42 security team for a roundtable discussion to get their cybersecurity predictions for 2019. The upshot: Employee behavior and need for collaboration will challenge security teams as they face an increasingly hostile threat landscape and tightened regulations.

Employee behavior and corporate practices will be front-and-center for data security strategies.

Chrysa Freeman, senior analyst, security awareness and training: Security awareness isn’t always a hot topic, but we’re going to see a lot of change in this space in 2019. Annual compliance trainings and e-learnings will be replaced by interactive, short, frequent trainings to increase employee engagement and retention of the content. Companies will start using humor instead of the somber, scare-your-socks-off tone of years past because they’ll recognize they’ll be more successful when trainings are engaging and to the point.

Jeremy Thimmesch, senior information security analyst: We will continue to see organizations struggling with the basics: patching, asset management, access control and data management. Vulnerabilities in operating systems, applications and infrastructure will go unpatched due to IT constraints, leadership priorities, and poorly implemented vulnerability and risk management programs. As a result, we will continue to see breaches from the usual suspects: phishing, lack of user awareness and poor patch management.

“ Employee behavior and need for collaboration will challenge security teams as they face an increasingly hostile threat landscape and tightened regulations. ”

Use of two-factor authentication and password managers will increase.

Jeff Holschuh, manager of identity: 2019 will be the year of two-factor authentication for consumer websites. With the huge number of compromised username/password combinations currently for sale on the dark web, the number of banks and e-commerce sites that allow a second authentication factor will increase substantially.

Chris Way, senior security engineer: As breaches continue to become more commonplace, more users will embrace password managers. They are timesavers when the alternative is having to manually update your passwords across the board

The regulatory environment will tighten, but companies may not change anything.

Chris Ulrich, senior information security analyst: 2019 will be the beginning of the “Data Responsibility” movement, partly because of GDPR and partly because people are tired of having their data spilled all over the Internet with little to no recourse for the responsible party. Most breaches are a result of vulnerability and carelessness. I’m always hearing people ask, “What could security have done better?” But not once have I heard, “Why did we have this data in the first place?”

Nathan Hunstad, director of security: I’m a bit more pessimistic: nothing will change. Systems will continue to go unpatched; and as a result, avoidable exploits will not be avoided. People will click on links. There will be at least one breach with more than 100 million records lost. GDPR will increase the fines for some of these breaches, but not enough to motivate companies to approach security differently; the recent fine of Google for €50 million is pocket change to such a company. Instead, we will see companies just leave the EU market to avoid regulatory burden.

Cyber warfare will escalate and create more mistrust in our digital world.

Andrew Moravec, security architect: 2019 will be the year when cyber warfare moves further out of the shadows. We’ll see nations actively spying on foreign citizens and bugging officials and executives via their own gadgets and technology. We’ll see foreign leaders and states use hacks and cyberattacks against global corporations as a form of extortion for political influence. With successful attacks, we’ll see bravado — “Big deal, what are you going to do about it?” — and  fewer denials.

There will also be a resurgence of troubled and misguided attempts to regulate and monitor social networks and calls to ban VPNs and limit civilian cryptography, which is currently the case in Australia.

You will see a cable or DSL network go down for a prolonged period of time, perhaps for days. It will be unclear if this is an attack or the result of poor management or overwhelmed staff. The result will be a conversation on how dependent we are on computer networks for day-to-day life, and just who do we trust with our link to the world.

Despite the increasing challenges, security teams will need to allow employee collaboration—and be collaborators themselves.

Michelle Killian, senior manager of security and risk compliance: I’d love to see security get better at real information sharing and collaboration in 2019. The DevOps community is awesome at sharing their failures as much as their wins, which allows the community to benefit. Security is, understandably, a bit more tight-lipped about our failures. But I think we’re only hurting ourselves and making adversaries out of what should be great security partners.

Byron Enos, senior security engineer: In 2019, security teams will be forced to become more agile to keep up with business demands. They will start moving away from big gates and bars, and instead gravitate towards automation and providing “security as a service” to internal business partners.

Shape Technologies Group Relies on Next-Gen DLP

Shape Technologies Group Relies on Code42 Next-Gen Data Loss Protection to Safeguard Data

As industry leaders seek to consolidate their positioning in the global marketplace, mergers and acquisition activity continues to surge. In 2017, companies announced more than 50,000 transactions worldwide for a total value of $3.5 trillion.  However, only one out of five M&As achieves its potential value. 

One culprit for lackluster M&A results? Losing valuable IP—much of which lives on employee endpoints—from the sell-side company during the acquisition process. Much of an acquisition target’s value lies in its IP. In order to get the full value of an acquisition, buy-side organizations must identify, locate, secure and safely migrate the IP of the sell-side company. And it has to happen fast.

IT implications for growth

One company that’s garnering top value from the IP of its merger and acquisitions is SHAPE. You likely encounter the results of SHAPE’s waterjet cutting solutions every day. Its technologies are integral in many industries such as auto, aerospace, food, mobile and fabrication. Since 1974, the Kent, Washington-based company has delivered more than 13,000 waterjet systems to customers in more than 100 countries.

The global company employs 1,400 workers in more than 20 offices in North and South America, Asia and Europe. The organization’s goal is to double in size over the next four years to reach $1 billion. In addition to strong organic growth, one of SHAPE’s growth strategies is acquisitions — many of which are smaller companies and some are overseas.

With such aggressive growth targets come data security and IT challenges. 

SHAPE turned to Code42 for its Next-Gen Data Loss Protection (DLP) to help protect precious IP during M&As and against loss or theft during employee departures.

“ Some of the companies SHAPE acquires don’t have sophisticated security and IT programs, so SHAPE’s IT team must quickly get their data secured, integrated with their core technologies and aligned with IT standards. ”

Protecting sell-side company data

A large part of the value proposition when SHAPE buys a company is the IP that comes along with it. Unfortunately, that data is easily put at risk by employee actions and departures. That’s why it’s critical to protect the files and information on the sell-side company’s devices. The IT department at SHAPE understands the reality of this risk and proactively takes steps to protect the organization’s IP and secure the data. 

“Our initial goal is to get the data captured and backed up,” says Jeff Zuniga, director of IT operations. “Some people have taken it upon themselves to delete files thinking they’re helping by cleaning things up. Once we get the data protected, we are able to manage it and consume it as needed.”

Some of the companies SHAPE acquires don’t have sophisticated security and IT programs, so SHAPE’s IT team must quickly get their data secured, integrated with their core technologies and aligned with IT standards.

“We needed a quick way to be able to start collecting the data that resided on their machines,” says Zuniga. “A lot of them ran on a shoestring budget and workstation backups weren’t part of their vocabulary.”

Safeguarding data during consolidation

Organizational consolidation often accompanies acquisitions — and often includes employee departures. To monitor IP and determine whether there’s any suspicious file movement or deletion during this process, SHAPE is using Code42. 

“Being able to make sure we’re protecting our IP, that it’s not walking out the door, is important,” says Zuniga.

At a company that’s the innovator in its field, IP carries a premium—and without the right tools, it could be vulnerable to insider threats.

“We have a lot of IP like our drawings, sensitive information like cost of goods, where we purchase things, vendor lists,” says Zuniga. “We’ve been running reports and looking at users who have copied their local drives. We have to sort through and see if they’re personal files or does it contain IP.”

As it maintains its growth trajectory, SHAPE’s strategic approach to IT will continue to serve it well. And Code42 Next-Gen Data Loss Protection capabilities like data collection and monitoring, will help the industry leader safeguard its valuable IP—that of its acquisition targets and the homegrown ideas that have made it the industry leader for more than four decades.

Using-Delayed-Client-Updates-to-Test-the-Code42-App

Product Spotlight: Using Delayed Client Updates to Test the Code42 App

One of the benefits of selecting a Code42 cloud deployment is that that you don’t need to manage software upgrades. Code42 manages all infrastructure, and the Code42 app installed on endpoints is automatically updated when new versions are released. This process ensures your organization always has the latest security updates and newest functionality.

However, some customers have told us their change management process requires them to test new versions of the Code42 app with internal groups prior to distributing to the entire organization. Today we’re excited to announce new functionality that allows you to do just that.

With the new delayed client updates functionality, Code42 cloud deployment customers have up to thirty days to test new versions of the Code42 app before all endpoints are updated. In most cases, you will be notified one week prior to the release date so that you can prepare for the start of the testing period.

How to use delayed client updates

First, you must opt into this functionality by setting a global delay for all Code42 app updates. This delay can be set for up to thirty days. The selected global delay becomes the date on which all endpoints will receive a new version of the Code42 app after its release. Customers who do not set a global delay will continue to receive new versions of the Code42 app automatically on release date.

Once you’ve selected your global delay, you can specify organizations as “exceptions” to the delay date. These will become your test organizations. For example, if you’ve set your global delay to the thirty day maximum, you can arrange for the IT organization to receive the update on the general availability date, and for the marketing organization to receive the new app ten days after the release. This allows for sequenced testing with multiple test groups. If needed, you can also deploy to individual devices for targeted testing.

Once you’ve completed any desired testing, all Code42 apps will update automatically according to your global delay setting.

We hope this process allows you to follow your established change management process while still benefiting from the automatic updates that come with a cloud deployment. Happy testing!




Best of the Code42 Blog November 2018

The Best of the Blog: December 2018

Catch up on the best stories from the Code42 blog that you might have missed in December. Here’s a roundup of the highlights.

Tips From the Trenches: Threat-Hunting Weapons: Defensive tools are essential for any cybersecurity team. But to take your security to the next level, it’s time to go on offense. Learn how proactive threat hunting can improve the effectiveness of any security program.

It’s Time to Rethink DLP: Three of the five most common data loss incidents involve insiders. Today’s idea-focused organizations need to keep their valuable IP safe, but the prevention-only focus of their legacy DLP solutions no longer matches their needs. Learn how Code42 Next-Gen DLP protects all data without hampering employee productivity.

Product Spotlight: Saved Searches: Most organizations have “crown jewels” —data that makes or breaks the business. Learn how to quickly — and repeatedly — find where these crucial files exist in your organization with the new saved searches feature of Code42 Next-Gen DLP

2018: The Year in Review at Code42: It has been an eventful year for Code42. Catch up on all the new ways Code42 can help you protect your data.

The-Year-in-Review-at-Code42

2018: The Year in Review at Code42

The end of the year is always a great time for reflection. The last 12 months have been especially eventful for Code42. This year, the Code42 product grew and evolved in significant ways. We made product enhancements and introduced more tools to gather actionable intelligence about data risk. Most importantly, we added capabilities that paved the way for our biggest product yet: Code42 Next-Gen Data Loss Protection. We couldn’t have brought this exciting new solution to life without the foundational features unveiled throughout 2018. Here’s a look back at the highlights.

Code42 Forensic File Search

In April, we launched Code42 Forensic File Search, which now forms the core investigation capabilities of Code42 Next-Gen Data Loss Protection. By collecting file metadata and events from endpoints and making them searchable via the cloud, Code42 Forensic File Search enables security teams to get comprehensive answers to challenging security questions in seconds versus days or weeks.

Code42 Forensic File Search expands into cloud services

Our September release included several more enhancements, both big and small. We extended the capabilities of Code42 Forensic File Search so security teams can search for files by SHA256 hash and across cloud services, including Microsoft OneDrive and Google Drive. These capabilities truly unified and broadened the investigation capabilities of Code42 Next-Gen Data Loss Protection, providing full visibility to where corporate files live and move.

With the ability to search file activity in the cloud, IT and security teams are now able to more quickly see what files are shared and with whom; how and when files are added to cloud services; and what files a departing employee accessed, shared, downloaded or transferred before resigning. To further strengthen this capability in 2019, we’ll continue to expand across other cloud services.

With our November release, we added even more improvements to Code42’s investigation and monitoring capabilities. File Exfiltration Detection support was introduced for Mac devices, which now detects files being sent to Slack, FileZilla, FTP and cURL. To make it even easier to keep track of the most critical files, we also rolled out the ability to save search queries.

Code42 customers embraced cloud architectures

Meanwhile, customers told us their cloud strategies were changing. Companies who had originally chosen on-premises and hybrid deployment models were ready to fully embrace the benefits of cloud. We set out to deliver a secure and seamless way for our customers to move to cloud without needing to re-deploy or lose their historical data. This fall, we were proud to deliver a migration path that enables customers to deploy in the cloud in a couple of hours, without any user downtime or data loss. We’ve already had many customers upgrade to the cloud in order to eliminate on-premises hardware and take advantage of all the newest Code42 functionality. If you are a Code42 customer interested in moving to a cloud deployment, contact your CSM today to learn more.

“ Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. ”

Next-gen data loss protection

In October, we brought all of our core capabilities together into a single holistic solution and unveiled Code42 Next-Gen Data Loss Protection. We heard from our customers and the market that while traditional data loss prevention (DLP) solutions sound good in concept, they’re failing to live up to their potential in several key ways. Most companies are only using a fraction of the capabilities of their traditional DLP solutions. Security teams describe using traditional DLP as “painful.” Deployments of these tools can take months or years, because proper setup requires an extensive data classification process, and refining DLP policies to fit unique users is complex and iterative. To make the situation even more challenging, traditional DLP blocks employees from getting their work done with rigid data restrictions that interfere with productivity and collaboration.

Most importantly, traditional DLP solutions are narrowly focused on prevention — and business and security leaders now recognize that prevention alone does not work. Data loss will happen. Being able to protect a business from data loss and quickly recover from an incident is more important than the constant efforts needed to prevent an attack from happening — especially when, in the end, prevention fails.

Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. Unlike traditional DLP, it does not require policies, which has multiple benefits. The solution deploys in days instead of months; it is not resource-intensive to manage; and it doesn’t burden administrators with false positives. Most importantly, it doesn’t drain user productivity with rigid restrictions on data use.

Code42 Next-Gen Data Loss Protection is cloud-native and preserves every version of every file on every endpoint, forever. It monitors file activity across all endpoints and an ever-expanding list of cloud services. As a result, it provides unified visibility to where files live and move as well as access to the contents of files involved in data security investigations. Code42 Next-Gen Data Loss Protection preserves current and historical endpoint files for rapid content retrieval and investigation, as well as to help meet regulatory requirements.

To achieve these benefits, Code42 Next-Gen DLP leverages five key capabilities:

  • Collection: Automatically collects and stores every version of every file across all endpoints, and indexes all file activity across endpoints and cloud. 
  • Monitoring: Helps identify file exfiltration, providing visibility into files being moved by users to external hard drives, or shared via cloud services, including Microsoft OneDrive and Google Drive.
  • Investigation: Helps quickly triage and prioritize data threats by searching file activity across all endpoints and cloud services in seconds, even when endpoints are offline; and rapidly retrieves actual files — one file, multiple files or all files on a device — to determine the sensitivity of data at risk.
  • Preservation: Allows configuration to retain files for any number of employees, for as long as the files are needed to satisfy data retention requirements related to compliance or litigation.
  • Recovery: Enables rapid retrieval of one file, multiple files or all files on a device even when the device is offline, or in the event files are deleted, corrupted or ransomed.

It’s been a big year for Code42, and with the launch of Code42 Next-Gen Data Loss Protection, next year will be even bigger. Thanks for taking this trip down memory lane with us and see you in 2019!

Code42 Learning for Life

At Code42, We Embrace Learning as Part of Life

As human beings, we are constantly learning. While we work, we’re constantly getting better at our job skills and becoming more knowledgeable in our field. But we also learn from our experiences at work — how we interact with one another and our environment. Learning on the job is inevitable. Employers that embrace that fact and support their employees’ learning journey can help them develop faster and with more confidence.

At Code42, learning is a core part of our culture. This fall, we embraced that by launching a two-month program called “Learning for Life.” Our mission was to highlight the programs, resources and brilliant minds at Code42 through internal education sessions, keynote speakers and opportunities to learn something new. We encouraged curiosity and expanded perspectives for the amazing lifelong learners we are fortunate to employ. We were quite happy to hear the reactions of those who participated in the program:

“ Our mission was to highlight the programs, resources and brilliant minds at Code42 through internal education sessions, keynote speakers and opportunities to learn something new. ”

“I enjoyed the variety of topics and that Code42 was intentionally planning content for this program,” said participant Eileen Potter. “This made me think about the ways I am continually learning. While I’ve always done that in my career, it’s really nice to have an employer actively supporting me with a learning culture.”

“I loved having the chance to hear from a variety of people throughout the company,” said attendee Beth Bornhoeft. “As someone who’s relatively new to the Code42, I felt like this was a chance to get a crash course in institutional knowledge. I found myself with a ton of takeaways that I can use in my job.”

As part of an incredibly dynamic tech industry, we at Code42 are committed to providing learning opportunities that are critical to our success and that of our employees. We know that, in order to remain competitive in the ever-changing market, we need to create an environment that is nimble, agile and flexible to keep pace. That means developing learning and training opportunities that support the personal and professional development of our people.

We believe that a learning mindset is a conscious choice on how to approach work and life. If we cultivate an environment that encourages trial and error as well as resilience and growth, we have a formula for success.

#BeCode42

Diversity is the Answer to the Cybersecurity Talent Shortage

Anyone in the cybersecurity profession understands that organizations are facing a severe shortage of skills in virtually every aspect of information security.

In October, (ISC)², an international nonprofit association of cybersecurity professionals, released its latest Cybersecurity Workforce Study, which found that the cybersecurity workforce gap has increased to more than 2.9 million globally. About two-thirds of those surveyed (63 percent) report that their organizations have a shortage of IT staff dedicated to cybersecurity, and 48 percent said their organizations plan to increase cybersecurity staffing over the next 12 months.

For anyone looking to fill open positions in security programs, those are discouraging numbers. And there are no clear signs that the situation will get better any time soon.

“ Those who embrace diversity now will have a distinct advantage over those who are slower to realize its benefits. ”

Greater diversity can help

The good news is there are things we can do to ease the talent shortage, including bringing more women into the cybersecurity field.

Perhaps one of the more positive findings in the (ISC)² report was that there is a younger workforce and greater representation of women in the study. Women now represent 24 percent of the cybersecurity workforce surveyed, compared with 11 percent from previous studies.

In the cybersecurity world today, we are facing some of the same threats that we faced a decade ago, albeit with new packaging. A variety of viewpoints informed by different backgrounds and experiences will allow the security industry to take new approaches to identify and solve today’s most challenging and persistent threats. These need to include not only more women, but also people of varying ethnicities, countries of origin, ages and other factors.

How to implement diversity

There are steps we can take to increase workforce diversity, and they start before an employee is even hired.

One peer I recently spoke with shared that her organization reviews all job postings for gender-biased language. For example, security practitioners love to use the word “ninja,” as it speaks to precision and accuracy. However, it’s also a word that conjures up images of conflict and danger that may be less appealing to female candidates. Reviewing your job posting for language that may unconsciously favor one gender in the first step to attracting diverse candidates.

Another key is to create programs within your organization that promote diversity and inclusion. This isn’t a particularly progressive stance to take today — it’s simply table stakes. People in the workforce today want to be able to bring their authentic selves to their jobs. If job seekers and employees of all backgrounds believe they won’t be welcome in your organization, they’ll look for work elsewhere.

Mentorship programs within companies are also powerful tools. Through these programs, women working in security professions can provide guidance and encouragement to others in the company or those in the community showing an interest in cybersecurity.

Another initiative is to work with youth organizations to create more awareness about opportunities for women in technology fields in general and in cybersecurity specifically.

For example, Code42 has been partnering with the Girl Scouts for two years on events focused on fostering an interest in technology.

Last year, we hosted “Think Like a Programmer,” an event at which girls worked to earn badges related to Science, Technology, Engineering and Math (STEM). This year, they had an opportunity to work on a new Cybersecurity badge. The purpose of the program is to help girls understand not only the basics of programming, but also that there is a spot for them in cybersecurity.

Events such as these offer an opportunity for girls to meet, talk with and learn from women in the field of technology at Code42; create forums for dialogue about the advantages of STEM; encourage women to pursue careers in high technology by celebrating accomplished female leaders and role models; and bring more awareness to women in technology.

Organizations can also look to recruit diverse candidates who are working in completely different areas to join security teams, if they have skills that apply. For example, someone with a strong background in technology or analytics might have the ability to learn about large, complex systems, and could understand the logic behind how those systems work and their vulnerabilities.

Security executives such as CISOs need to work closely with human resources to recruit a broad array of talent that could make the security team stronger. It’s only a matter of time before this field will be truly diverse, but those who embrace diversity now will have a distinct advantage over those who are slower to realize its benefits.