Code42 Blog

Improved Risk Management Through Better Data Insights

Let’s face it: security professionals are overrun with data. Their logs are brimming with it. Their security tools are continually alerting them to potential anomalies, attacks, new vulnerabilities, changes in system configurations and all of the other things that could put enterprise data at risk. It’s safe to say that when it comes to data, security analysts and administrators are beyond overwhelmed. However, when it comes to business executives, the opposite is true: they often aren’t getting the information they need to assess what type of risk their organization’s data is under. 

The problem is, without the right data — data specific to their roles in the organization — neither security analysts nor business leaders can make effective risk management decisions regarding their corporate data. With version 7 of our Code42®Next-Gen Data Loss Protection solution, we’re tackling that challenge head-on. The goal is to get the right type of information, in the right amounts, at just the right time to those who need it so they can make the best decisions they can relevant to their job. 

“ The problem is, without the right data — data specific to their roles in the organization — neither security analysts nor business leaders can make effective risk management decisions regarding their corporate data. ”

What do I mean, exactly, when I say security professionals get too much data and business executives not enough? I’m talking about a signal to noise ratio: security pros typically get flooded with so much data that they have a challenging time finding the risks they need to focus on, yet business executives get so little relevant security information that they can’t make effective data-driven decisions. 

This can, of course, have profound deleterious effects on security. Bad decision making driven by poor access to the right information will negatively impact regulatory compliance; the protection of intellectual property, business plans and confidential customer data. When it comes to security analysts, if they can’t see the data they need to take immediate steps to mitigate danger, then breaches will go unnoticed until it’s too late. It’s one of the reasons enterprise data breaches, more often than not, go undetected for months. To be specific, the latest research tells us it takes an average of 49.6 days to detect a breach, which is up year-over-year. 

Code42 is taking steps to eliminate these barriers to effective security. At Evolution19, we are announcing a series of enhancements when it comes to our alerts, reports and dashboards within our Next-Gen DLP solution. 

“ At Evolution19, we are announcing a series of enhancements when it comes to our alerts, reports and dashboards within our Next-Gen DLP solution. ”

These improvements will help business leaders get the precise information they need about data risks lurking within their organization. Of course, we will also be providing numerous enhancements needed by front-line analysts to do their jobs more effectively. 

These efforts tightly align with Code42’s belief that security’s ability to be successful is directly tied to their ability to quickly detect and respond to data threats. As such, our goal is to demonstrate that security products can be both powerful and easy to use. That’s why we designed our Next-Gen Data Loss Protection solution with ease-of-use in mind. Customers don’t have to spend their time writing complex DLP rules and policies to reduce data risk like they do with traditional DLP — and now we are making it easy to get actionable information whether one is a security analyst or business leader.

What do I mean when talking about security analytics for business leaders? I’m talking about providing them with the insights they need to understand where the data-related risks hide within their organization. This includes attributes such as where their data resides, where it may be inadvertently exposed and show them how and where users are moving that data around the organization. We also will provide other high-level views about their data so they can make better decisions about managing their data, determining their risk level and even investing in security defenses more effectively.   

“ I’m talking about providing business leaders with the insights they need to understand where the data-related risks hide within their organization. ”

I’ll give you some examples. With these enhancements, business leaders will be able to see not only how many files are shared outside of the organization, but also the kinds of data being shared outside the organization. It will reveal how many file exfiltration events are occurring within your environment and show trends and patterns in data movements that business leaders should know.

Let’s consider insider risks. Often when we think of insider risks, the first thing that comes to mind is the nefarious insider. The insider stealing data to sell to competitors, or to take intellectual property to their next job. Employees acting maliciously isn’t the only cause for concern, though. Sometimes employees simply are careless, or make unintentional or uneducated mistakes. They may not follow the rules around data protection because they’re not convenient, or they may not even be aware of what the rules are.  In all cases, it’s crucial that the organization is aware of trends in data usage and movement so that corrective and mitigative actions can be taken. 

Of course, we are prioritizing enhancements that also will help security admins get a better signal when it comes to data visibility. This includes improved alerting so that security analysts and managers will be sure to see the security-related situations they need to investigate. While we have always provided security managers information about where all of their data resides within their environment, where their files are located, and how that data travels, in the future we will provide them with alerts that will bring potentially risky situations to their immediate attention. Situations like:

  • When a file has a shared link that allows public access to an internal file.
  • When a file is shared publicly and indexed on the internet.
  • When a user copies files to removable media.
  • When a user syncs a file to a cloud service.
  • When user browsers or applications read a file from a device.

That’s a lot of powerful information and will help organizations go a long way in reducing their data security risks.

This is an exciting time for us at Code42; we continue to evolve our Next-Gen Data Loss Protection solution. It’s so rewarding to see all of our efforts come to fruition and I can’t wait to see how our customers put these new capabilities to use.

Finally, a DLP for Macs

Finally, a DLP for Macs

It’s time to face the facts, Macs are everywhere in the enterprise. In fact, a 2018 survey from Jamf pointed to the fact that more than half of enterprise organizations (52%) offer their employees a choice in their device of preference. Not entirely surprising, 72% of employees choose Mac. The Apple wave within business environments has begun and only promises to grow over time.

“ Legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. ”

The problem is that legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. As a result, legacy DLPs often approach Macs as an afterthought rather than a core strategy. Customer opinions of their DLP for Macs continue to be unfavorable. In fact, last year at Jamf’s JNUC event in Minneapolis, Mac users quickly revealed their sheer frustration with DLP and how it wasn’t built for Macs. Code42 customers currently using legacy DLP vendors vented about their Mac DLP experience saying, “It just sucks!”

Naturally, we asked why.

  1. No Support – Mac updates can be fast and furious. Unfortunately, DLP has traditionally struggled to keep up with those updates. The result? Errors, Kernel panics and increased risk for data loss.
  2. No OS Consistency – We often forget that today’s businesses often use both Mac and Windows. DLP has traditionally maintained a very Windows-centric approach that has made the Mac experience secondary and inconsistent with Windows. Having two sets of users with varying levels of data risk is never good.
  3. It’s Slow – The number one issue often stems from performance-sucking agents that bring the productivity of Mac users to a screeching halt.
  4. Kernel Panics – This is worth reiterating. Macs are sensitive to anything that poses a threat, so whenever perceived unsanctioned DLP software threatens Mac, it means reboots and an increased risk of downtime.
  5. It’s Complicated – Traditional DLP still relies on legacy hardware and manual updates, which is time consuming and expensive.

Recently, Code42 unveiled its Next-Gen Data Loss Protection Solution at the RSA Conference 2019. One of the reasons our 50,000+ customers love us is precisely because of the superior Mac experience we deliver. Our next-gen DLP solution was built with the Mac user in mind. Learn more about our trusted and proven take on DLP for Mac.

Code42 Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

When it comes to data loss protection, there are fundamental security questions that every organization needs to answer. These include, “Who has access to what files?” and “When and how are those files leaving my organization?”

Code42 Next-Gen Data Loss Protection helps you get answers to these questions in seconds by monitoring and investigating file activity across endpoints and cloud services. And now, Code42 has expanded its investigation capabilities to provide greater visibility into removable media, personal cloud and web browser usage by allowing security analysts to search file activity such as:

  • Files synced to personal cloud services. Code42 monitors files that exist in a folder used for syncing with cloud services, including iCloud, Box, Dropbox, Google Drive and Microsoft OneDrive.
  • Use of removable media. Code42 monitors file activity on external devices, such as an external drive or memory card.
  • Files read by browsers and apps. Code42 monitors files opened in an app that is commonly used for uploading files, such as a web browser, Slack, FTP client or curl.

Advanced Exfiltration Detection can be applied to proactively monitor risky user activity — such as the use of USBs across an organization — as well as to eliminate blind spots during security investigations. For example, imagine you’ve just learned that a confidential roadmap presentation was accidentally sent to the wrong email distribution list. Sure, it can later be deleted from the email server. But did anyone download it? Has anyone shared it? By using Code42 to perform a quick search of the file name, you can answer those questions in seconds. You’ll not only see which users have downloaded the attachment, but also that one has since saved the file to a personal Dropbox account. With this information in hand, you can quickly take action against this risky data exposure.

See Advanced Exfiltration Detection in action.


Using-Delayed-Client-Updates-to-Test-the-Code42-App

Product Spotlight: Using Delayed Client Updates to Test the Code42 App

One of the benefits of selecting a Code42 cloud deployment is that that you don’t need to manage software upgrades. Code42 manages all infrastructure, and the Code42 app installed on endpoints is automatically updated when new versions are released. This process ensures your organization always has the latest security updates and newest functionality.

However, some customers have told us their change management process requires them to test new versions of the Code42 app with internal groups prior to distributing to the entire organization. Today we’re excited to announce new functionality that allows you to do just that.

With the new delayed client updates functionality, Code42 cloud deployment customers have up to thirty days to test new versions of the Code42 app before all endpoints are updated. In most cases, you will be notified one week prior to the release date so that you can prepare for the start of the testing period.

How to use delayed client updates

First, you must opt into this functionality by setting a global delay for all Code42 app updates. This delay can be set for up to thirty days. The selected global delay becomes the date on which all endpoints will receive a new version of the Code42 app after its release. Customers who do not set a global delay will continue to receive new versions of the Code42 app automatically on release date.

Once you’ve selected your global delay, you can specify organizations as “exceptions” to the delay date. These will become your test organizations. For example, if you’ve set your global delay to the thirty day maximum, you can arrange for the IT organization to receive the update on the general availability date, and for the marketing organization to receive the new app ten days after the release. This allows for sequenced testing with multiple test groups. If needed, you can also deploy to individual devices for targeted testing.

Once you’ve completed any desired testing, all Code42 apps will update automatically according to your global delay setting.

We hope this process allows you to follow your established change management process while still benefiting from the automatic updates that come with a cloud deployment. Happy testing!




The-Year-in-Review-at-Code42

2018: The Year in Review at Code42

The end of the year is always a great time for reflection. The last 12 months have been especially eventful for Code42. This year, the Code42 product grew and evolved in significant ways. We made product enhancements and introduced more tools to gather actionable intelligence about data risk. Most importantly, we added capabilities that paved the way for our biggest product yet: Code42 Next-Gen Data Loss Protection. We couldn’t have brought this exciting new solution to life without the foundational features unveiled throughout 2018. Here’s a look back at the highlights.

Code42 Forensic File Search

In April, we launched Code42 Forensic File Search, which now forms the core investigation capabilities of Code42 Next-Gen Data Loss Protection. By collecting file metadata and events from endpoints and making them searchable via the cloud, Code42 Forensic File Search enables security teams to get comprehensive answers to challenging security questions in seconds versus days or weeks.

Code42 Forensic File Search expands into cloud services

Our September release included several more enhancements, both big and small. We extended the capabilities of Code42 Forensic File Search so security teams can search for files by SHA256 hash and across cloud services, including Microsoft OneDrive and Google Drive. These capabilities truly unified and broadened the investigation capabilities of Code42 Next-Gen Data Loss Protection, providing full visibility to where corporate files live and move.

With the ability to search file activity in the cloud, IT and security teams are now able to more quickly see what files are shared and with whom; how and when files are added to cloud services; and what files a departing employee accessed, shared, downloaded or transferred before resigning. To further strengthen this capability in 2019, we’ll continue to expand across other cloud services.

With our November release, we added even more improvements to Code42’s investigation and monitoring capabilities. File Exfiltration Detection support was introduced for Mac devices, which now detects files being sent to Slack, FileZilla, FTP and cURL. To make it even easier to keep track of the most critical files, we also rolled out the ability to save search queries.

Code42 customers embraced cloud architectures

Meanwhile, customers told us their cloud strategies were changing. Companies who had originally chosen on-premises and hybrid deployment models were ready to fully embrace the benefits of cloud. We set out to deliver a secure and seamless way for our customers to move to cloud without needing to re-deploy or lose their historical data. This fall, we were proud to deliver a migration path that enables customers to deploy in the cloud in a couple of hours, without any user downtime or data loss. We’ve already had many customers upgrade to the cloud in order to eliminate on-premises hardware and take advantage of all the newest Code42 functionality. If you are a Code42 customer interested in moving to a cloud deployment, contact your CSM today to learn more.

“ Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. ”

Next-gen data loss protection

In October, we brought all of our core capabilities together into a single holistic solution and unveiled Code42 Next-Gen Data Loss Protection. We heard from our customers and the market that while traditional data loss prevention (DLP) solutions sound good in concept, they’re failing to live up to their potential in several key ways. Most companies are only using a fraction of the capabilities of their traditional DLP solutions. Security teams describe using traditional DLP as “painful.” Deployments of these tools can take months or years, because proper setup requires an extensive data classification process, and refining DLP policies to fit unique users is complex and iterative. To make the situation even more challenging, traditional DLP blocks employees from getting their work done with rigid data restrictions that interfere with productivity and collaboration.

Most importantly, traditional DLP solutions are narrowly focused on prevention — and business and security leaders now recognize that prevention alone does not work. Data loss will happen. Being able to protect a business from data loss and quickly recover from an incident is more important than the constant efforts needed to prevent an attack from happening — especially when, in the end, prevention fails.

Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. Unlike traditional DLP, it does not require policies, which has multiple benefits. The solution deploys in days instead of months; it is not resource-intensive to manage; and it doesn’t burden administrators with false positives. Most importantly, it doesn’t drain user productivity with rigid restrictions on data use.

Code42 Next-Gen Data Loss Protection is cloud-native and preserves every version of every file on every endpoint, forever. It monitors file activity across all endpoints and an ever-expanding list of cloud services. As a result, it provides unified visibility to where files live and move as well as access to the contents of files involved in data security investigations. Code42 Next-Gen Data Loss Protection preserves current and historical endpoint files for rapid content retrieval and investigation, as well as to help meet regulatory requirements.

To achieve these benefits, Code42 Next-Gen DLP leverages five key capabilities:

  • Collection: Automatically collects and stores every version of every file across all endpoints, and indexes all file activity across endpoints and cloud. 
  • Monitoring: Helps identify file exfiltration, providing visibility into files being moved by users to external hard drives, or shared via cloud services, including Microsoft OneDrive and Google Drive.
  • Investigation: Helps quickly triage and prioritize data threats by searching file activity across all endpoints and cloud services in seconds, even when endpoints are offline; and rapidly retrieves actual files — one file, multiple files or all files on a device — to determine the sensitivity of data at risk.
  • Preservation: Allows configuration to retain files for any number of employees, for as long as the files are needed to satisfy data retention requirements related to compliance or litigation.
  • Recovery: Enables rapid retrieval of one file, multiple files or all files on a device even when the device is offline, or in the event files are deleted, corrupted or ransomed.

It’s been a big year for Code42, and with the launch of Code42 Next-Gen Data Loss Protection, next year will be even bigger. Thanks for taking this trip down memory lane with us and see you in 2019!

Code42 Blog

Product Spotlight: Saved Searches

A Simple Way to Streamline Investigations

While every organization wants to protect its data, some files are more critical than others. You need to know where these “crown jewels” exist in your organization, and you don’t want to reinvent the wheel every time you need to find them. Fortunately, Code42 Next-Gen Data Loss Protection (DLP) can help you quickly and accurately locate these files — and save your search criteria so you can easily find them again in the future.

Code42 Next-Gen DLP protects your intellectual property from loss, leak, misuse and theft by showing you where critical files live and move. With Code42 Next-Gen DLP, you can quickly search for data using file hash, date range, type, filepath and more — to get a complete inventory of where important files reside on your endpoints and cloud services.

For example, suppose your organization has “secret sauce recipes” that are vital to your company’s success. These critical files should only be accessible to select employees — but how can you verify that is indeed the case? You can use Code42 Next-Gen DLP to see if your company’s secret sauce recipes are saved anywhere they shouldn’t be. Simply use Code42’s investigation capabilities to search for the SHA256 hashes of your most critical files.

Once you’ve built a search to identify the location of those special files, you can save the search criteria so you can quickly re-run a search in the future. These saved searches can be named and edited as needed. Saved searches pre-populate queries so that routine searches can be run more frequently.

Keeping your crown jewels safe is at the heart of a good data loss protection strategy. And now, Code42 makes this even easier using saved searches.

Code42 Policy-Free DLP- It’s Time to Rethink Data Protection

It’s Time to Rethink DLP

As much as we may not like to talk about it, half of the major threats to the security of our corporate data come from the inside. That doesn’t mean that our employees are all malicious — insider threats can surface in many ways: user errors and accidents, lost or stolen devices, even hardware failures — and the list goes on. In fact, a report by International Data Group (IDC) showed that three of the top five most common high-value information incidents involve insiders.

Given this, it’s no surprise that for years, organizations have been using data loss prevention (DLP) solutions to try to prevent data loss incidents. The problem is that the prevention-first approach of legacy DLP solutions no longer meets the needs of today’s IP-rich, culturally progressive organizations, which thrive on mobility, collaboration and speed. The rigid “trust no one” policies of legacy DLP can block user productivity and are often riddled with exceptions and loopholes. For IT, legacy DLP solutions can be expensive to deploy and manage — and only protect selected subsets of files.

“ The prevention-first approach of legacy DLP solutions no longer meets the needs of today’s IP-rich, culturally progressive organizations, which thrive on mobility, collaboration and speed. ”

A fresh start

The prevention focus of traditional DLP forces a productivity trade-off that isn’t right for all companies — and isn’t successfully stopping data breaches. That’s why it’s time for organizations to rethink the very concept of DLP and shift their focus from prevention to protection. Next-generation data loss protection (next-gen DLP) enables security, IT and legal teams to more quickly and easily protect their organization’s data while fostering and maintaining the open and collaborative culture their employees need to get their work done.

Rather than enforcing strict prevention policies that block the day-to-day work of employees, next-gen DLP clears the way for innovation and collaboration by providing full visibility to where files live and move. This approach allows security and IT teams to monitor, detect and respond to suspicious file activity in near real-time.

Next-gen DLP benefits

This next-gen approach to data protection provides the following benefits:

Works without policies: Unlike legacy DLP solutions, next-gen DLP does not require policies — so there is no complex policy management. Because next-gen DLP automatically collects and stores every version of every file across all endpoints, there is no need to set policies around certain types of data. When data loss incidents strike, affected files are already collected, so security and IT teams can simply investigate, preserve and restore them with ease — whether the incident affected one file, multiple files or multiple devices.

Removes productivity blocks: Next-gen DLP enables employees to work without hindering productivity and collaboration. Workers are not slowed down by “prevention-first” policies that inevitably misdiagnose events and interfere with their ability to access and use data to do their work.

Lives in the cloud: As a cloud-native solution, next-gen DLP solutions are free from expensive and challenging hardware management, as well as the complex and costly modular architectures that are common with legacy DLP.

Deploys in days: Next-gen DLP solutions can be rapidly implemented, since the extensive time and effort required to create and refine legacy DLP policies is not needed. Since it works without policy requirements, next-gen DLP is also much easier to manage once deployed than legacy DLP. This is especially important for smaller organizations that can’t wait months or even years for a solution to be fully implemented.

Provides access to every file: While next-gen DLP doesn’t require blanket policies, security teams can still use it to observe and verify employee data use. For example, next-gen DLP can alert administrators when an unusually large number of files are transferred to removable media or cloud services. If the files have left the organization, next-gen DLP can see exactly what was taken and restore those files for rapid investigation and response.

By focusing on all files in an organization, next-gen DLP offers many additional benefits:

  • Visibility into file activity across endpoints and cloud services to speed security investigations. This differs from legacy DLP, which only provides a view of defined subset of data.
  • Fast retrieval of file contents and historical file versions to perform detailed analysis or recovery from data incidents. Legacy DLP solutions don’t collect the contents of files and thus can’t make them available for analysis or recovery.
  • Long-term file retention to help satisfy legal and compliance requirements as well as provide a complete data history for as long a time period as an organization requires. Again, legacy solutions don’t retain file contents and so aren’t able to provide this history.

A new paradigm for DLP

Next-gen DLP is a huge departure from legacy DLP solutions, but it’s a logical and necessary evolution of the category given the changing needs and work preferences of today’s IP-rich and culturally progressive organizations — small, mid-size and large.

Armed with a more discerning tool, organizations no longer have to lock down or block data access with restrictive policies. With full visibility into where every file lives and moves, security teams can collect, monitor, investigate, preserve and recover valuable company data in the event of a data loss incident.

Companies today are looking for better ways to protect their high-value data — while freeing knowledge workers to create the ideas that drive the business. By choosing to implement next-gen DLP, organizations will be able to keep their vital data protected without hindering productivity and innovation.

Code42 Next-Gen Data Loss Protection: What DLP Was Meant to Be

Malware and other external cyber threats get most of the headlines today. It’s not surprising, given the damage done to companies, industries and even countries by outside-in attacks on data. Despite that, insider threats — the risks of data being lost or stolen due to actions inside the company — are just as big a threat.

According to the 2018 Insider Threat Report by Cybersecurity Insiders, 90 percent of cybersecurity professionals feel vulnerable to insider threat. McKinsey’s Insider threat: The human element of cyberrisk reports that 50 percent of breaches involved insiders between 2012-2017.

“ By rethinking traditional DLP, you can know exactly where all your data is, how it is moving throughout your organization and when and how it leaves your organization — without complex policy management, lengthy deployments or blocks to your users’ productivity. ”

“The rise of insider threats is a significant threat to every business and one that is often overlooked,” said Jadee Hanson, Code42’s CISO. “While we all would like to think that employees’ intentions are good, we prepare for malicious actions taken by those from within our organizations. As external protection increases, we all should be concerned as to the influence external actors may have on those working for us and with us every day.”

Insider threats are a big deal, and traditional data loss prevention (DLP) solutions were developed to protect companies and their data from these internal events.

DLP hasn’t delivered

While traditional DLP solutions sound good in concept, most companies are only using a fraction of their capabilities. Security teams describe using these solutions as “painful.” Legacy DLP deployments take months or years, because proper setup requires an extensive data classification process, and refining DLP policies to fit unique users is complex and iterative. And after all that time, traditional DLP still blocks employees from getting their work done with rigid data restrictions that interfere with user productivity and collaboration. They also require on-site servers — counter to the growing business priority of moving solutions to the cloud.

Most importantly, legacy DLP solutions are focused on prevention. Business and security leaders now recognize that prevention alone is no longer enough. Mistakes happen, and data threats sometimes succeed. Being able to recover quickly from data loss incidents is just as important as trying to prevent them.

Rethink DLP

At Code42, we protect over 50,000 companies from internal threats to their data. This focus on protection has enabled us to see things differently, and develop an alternative to data loss prevention: data loss protection. We are excited to announce the new Code42 Next-Gen Data Loss Protection (Code42 Next-Gen DLP) solution that rethinks legacy DLP and protects data from loss without slowing down the business.

Code42 Next-Gen DLP is cloud-native and protects your cloud data as well as all of your endpoint data. It deploys in days instead of months, and provides a single, centralized view with five key capabilities:

  • Collection: Automatically collects and stores every version of every file across all endpoints, and indexes all file activity across endpoints and cloud. 
  • Monitoring: Helps identify file exfiltration, providing visibility into files being moved by users to external hard drives, or shared via cloud services, including Microsoft OneDrive and Google Drive.
  • Investigation: Helps quickly triage and prioritize data threats by searching file activity across all endpoints and cloud services in seconds, even when endpoints are offline; and rapidly retrieves actual files — one file, multiple files or all files on a device — to determine the sensitivity of data at risk.
  • Preservation: Allows configuration to retain files for any number of employees, for as long as the files are needed to satisfy data retention requirements related to compliance or litigation.
  • Recovery: Enables rapid retrieval of one file, multiple files or all files on a device even when the device is offline, or in the event files are deleted, corrupted or ransomed.

By rethinking traditional DLP, you can know exactly where all your data is, how it is moving throughout your organization and when and how it leaves your organization — without complex policy management, lengthy deployments or blocks to your users’ productivity. DLP can finally deliver on what it was originally created to do.

Code42 Forensic File Search: from Endpoints to the Cloud

Code42 Forensic File Search: from Endpoints to the Cloud

Think of your favorite bank heist movie. Ocean’s Eleven, The Italian Job, Die Hard — they all revolve around elaborate schemes to evade and overcome security: guards, metal detectors, badge and lock systems, and the imposing physical safe itself. It happens in real life, too. Thousands of bank robberies are reported to the FBI every year.

Now imagine you’re a bank manager and someone breaks into your safe. What’s one of the first things you’ll do? Look at your security camera footage. These recordings are the fastest and most reliable way to see what happened, who did it and what they took — so you don’t waste another precious minute while the thieves are making their getaway.

“ Now, we’re expanding the powerful investigation capabilities of Code42 Forensic File Search to follow your files into the cloud — starting with Microsoft OneDrive and Google Drive. ”

Code42 Forensic File Search: your cyber security camera

Today, organizations have a wide array of sophisticated cyber security tools designed to prevent and mitigate data loss. But any security pro who is being honest knows it’s a question of when a data breach will happen, not if. When a data loss event occurs, Code42 Forensic File Search is like a security camera for your entire digital environment. With Code42 Forensic File Search, you can “go to the tapes” to see exactly what happened, who was involved, what was taken and where it went. Code42 Forensic File Search is simply the quickest, most effective way to jumpstart your investigation efforts — so you can get your valuable assets back sooner.

Code42 Forensic File Search expands from endpoints to the cloud

We’re constantly looking for new ways to give businesses and security teams greater visibility to their data. We’ve pioneered capabilities that have brought unprecedented visibility to users’ endpoint devices. Now, we’re expanding the powerful investigation capabilities of Code42 Forensic File Search to follow your files into the cloud — starting with Microsoft OneDrive and Google Drive, and adding other leading cloud services platforms, like Box and Slack, in the near future.

Find any file, no matter where it lives — in seconds

As more and more enterprise workflows touch the cloud, there is a growing technology disconnect for security teams. There are tools that give them visibility to data that lives on-premises and on endpoint devices; and there are separate CASB tools that provide visibility to data that lives in cloud accounts. Code42 has bridged that gap by extending Code42 Forensic File Search to cover cloud services. That means you’ll now be able to use the product to easily and instantly search across your entire environment: your users’ endpoint devices and enterprise cloud accounts — whether users are online or offline.

You no longer need to spend weeks sifting through piles of data from multiple tools. Now you have a simple search bar that allows you to “go to the tapes” to find any file, no matter where it lives and moves — in seconds.

Better EDR and Threat Intel with Code42

The bright lights of Las Vegas are still flashing in my eyes after Black Hat 2018, and I observed a distinct trend: Data security technology vendors increasingly align themselves in one of two categories: threat intelligence or endpoint detection and response (EDR). The most common question I got at Black Hat 2018 was, “How does Code42 fit?” My answer is, quite simply, “Extremely well.”

Threat intelligence and EDR — where Code42 fits

It was easy to tell if you were at a threat intel or EDR vendor booth at Black Hat 2018:

  • The threat intelligence vendors wanted to talk to you about their orchestration framework, how many data feeds they pull in and their glitzy dashboards.
  • The EDR vendors showed you how easy it is to install their endpoint agent — and told you how they’ll alert your security team every time a hoodie-clad hacker in a basement runs exploits on your endpoints.

Code42 provides separate, complementary value to both threat intelligence and EDR solutions by applying a unique, historical file content and context perspective — as opposed to an action- or event-oriented perspective. Here’s why the combination of Code42 and threat intelligence and/or EDR is so powerful:

“ Code42 provides separate, complementary value to both threat intelligence and EDR solutions by applying a unique, historical file content and context perspective. ”

Code42 + threat intelligence

Let’s say your journey starts with a threat intelligence solution. You get an alert that a DNS request was initiated from a transient address in your Wi-Fi network to a newly registered domain or domain associated with known malware. How can you act on this alert?

Well, the threat intel report describes the domain in question as associated with a fake ad-blocker Chrome extension. That report also gives you the file name of the Chrome extension. You can then leverage Code42 Forensic File Search to search for that filename. In less than a second, you can build a unique list of all endpoints in your environment that have this undesirable Chrome extension. You can even sort these results and quickly find the first users to “fall” for the malware trick and give them additional training to help avoid this type of fire drill in the future.

Code42 + EDR

Imagine that an EDR solution sends an alert triggered by a maliciously crafted PDF document found on an endpoint. This suspicious file ran some arbitrary and potentially unknown code at an elevated privilege level. How would your organization react?

First, you may want to see who else has this same document. Using Code42 Forensic File Search, you could look for the checksum or filename of that questionable PDF. In less than a second, you have a complete list of your affected devices and users — whether they are online or not and without impact to the user’s machine or the network.

Now let’s say you want to examine the suspicious file — but the malicious payload deleted the PDF after execution. With Code42’s Backup + Restore  product, you could pull an archived copy and hand it to forensic investigators.

Providing deeper visibility and context

Threat intel and EDR solutions focus on identifying malicious activity or abnormal application behaviors on an endpoint. They’re really good at detecting things like a process attempting a privilege escalation or scanning memory to pilfer credentials. Alerts to these activities are valuable, but they give only one dimension of insight into a complex problem. Code42 is focused on a much bigger picture — providing comprehensive visibility into every action, movement and revision of every file — while simultaneously securing and preserving valuable digital assets. And our powerful search capability cuts through the noise to give you exactly the information you need without overwhelming you with data.

Our unique approach to providing visibility and ensuring availability means Code42 doesn’t fit neatly into a category created by industry analysts. But that doesn’t diminish its value. Rather, it affirms that the value of Code42 cuts across the entire data security stack, regardless of what you do, or what tools or vendors you may already be working with. In fact, Code42 Forensic File Search, coupled with Code42 Backup + Restore, provide a comprehensive, contextually rich and easily searchable service. Combined, they complement not only threat intel and EDR, but almost any other data security solution, providing clear, direct and authoritative results.