Insider Threat Begs the Question, “Where’d My File Go on the Web?”

You know the risks posed by Shadow IT and unsanctioned app use. It’s a blind spot we’ve all been fighting for years now. But a new challenge is emerging: what do you do when the app is sanctioned? For example, how do you stop employees from exfiltrating data via Google Drive — when your organization uses this app, legitimately, all day long? With cloud and web-based apps like Google Drive, Gmail, OneDrive and Slack increasingly blurring the lines between personal and professional use, how do you shine light into the alarming blind spot we’re calling “Mirror IT?”

An easy way to move and share files

Most of us have used email or cloud storage as a means to instantly and easily make files available from anywhere. In fact, our 2019 Code42 Data Exposure Report found that 43% of business decision-makers say they use their personal email to share files with peers, and 41% use Google Drive. Not surprisingly, this is also one of the most common (and fastest growing) methods of employee data theft a.k.a. insider threat. Look to the headlines and you’ll read about cases like the sales executive at U.S. solar company SunPower Corp who emailed himself highly confidential files — and used them in his next role at a SunPower competitor.

“ An experienced security team with a range of tools at their disposal should be able to use network-layer information to piece together a good idea of where that file went — but only if users are on the network…and it won’t be fast or fun. ”

You can see that, right?

It’s not that modern data security tools are totally blind to this kind of activity. Most have some level of visibility into the web and cloud apps that touch your files. But some of the most popular enterprise data security tools are still limited to telling you that Google Chrome or Firefox accessed a file — essentially telling you that your file went somewhere on the internet. An experienced security team with a range of tools at their disposal should be able to use network-layer information to piece together a good idea of where that file went — but only if users are on the network…and it won’t be fast or fun.  

Sanctioned apps make things blurry

The real challenge comes in “Mirror IT” situations where employees have both personal and professional accounts for apps like Gmail, Google Drive or Slack. In these scenarios, how can you see — and respond to — an employee removing a customer list or source code via the approved Google Drive app? Leading CASB solutions can block unapproved sites — but they won’t help you here. Even top-of-class data loss prevention tools can only get as far as telling you that Google Drive accessed the file. But you have no way to make the all-important distinction about whether that file was uploaded to their personal or professional Google Drive account. Once again, a veteran security analyst could likely get to the bottom of this question, given some time — but in the meantime, those valuable files remain exposed.

A simple, fast answer to the question, “Where’d my file go?”

Code42 shines powerful light into the black hole of web and cloud file activity in a number of ways. Now, we’re solving the challenge of “Mirror IT” by giving you a first-of-its-kind level of visibility: Code42 shows you the title of the tab and the specific tab URL that was active at the moment the file activity occurred. This means you can plainly discern personal versus professional accounts and instantly understand the potential risk to your data.

It’s all part of the simple, speedy solution we’ve created for homing in on the risky signal amid all the noise of your users’ normal, harmless activity. The Code42 dashboard lets you immediately see when files are read or uploaded by an internet browser — and gives you one-click visibility into the tab title and URL.

The end result: with just two clicks, you can definitively answer the question, “where’d my file go?” and immediately take action, if necessary. It’s just one more way Code42 provides much-needed visibility to give you high-fidelity alerts and actionable information to help you find and address the data risks in your organization.

Code42 Blog about macOS Catalina compatibility with legacy DLP

macOS Catalina Creates Kernel Crisis for Legacy DLP

Apple released the new macOS Catalina on October 7, setting IT and security teams abuzz about the logistics of upgrading their users, excitement about new features and concerns about the pains that always come with change. But security experts have revealed a troubling impact: macOS Catalina entirely disallows kernel extensions (kexts). This isn’t just another instance of “kernel panic” — this is a full-blown kernel crisis: Legacy DLP products will cease to work in the Mac environment going forward.

“ Legacy DLP products will cease to work in the Mac environment going forward. ”

Catalina goes read-only — disallows kexts

With the release of Catalina, Apple shifts the entire macOS to read-only, regardless of permissions. Kernel extensions are completely disabled. This change strengthens the overall security stance of the macOS. But it’s a major problem for legacy DLP products like Symantec and McAfee, which depend on kernel extensions for their core functionality.

Legacy DLP simply won’t work in Catalina

Disallowing kernel extensions disables the blocking functionality of legacy DLP products. The products will technically still “run” on Catalina (with the usual kernel panics and other pains), but they’ll no longer be able to work the way they have — no more blocking risky user actions. In effect, legacy DLP will cease to work altogether. At a time when insider threat continues to escalate, companies simply can’t afford to risk leaving their data exposed.

You can’t afford not to upgrade

Most legacy DLP vendors are approaching the kernel crisis carefully. They’re reaching out to customers with one-to-one communications, trying to convince them not to upgrade to Catalina so they can retain the functionality of their DLP products (for example, reference the table on Symantec’s support page). But not upgrading is not viable in the long-term. You need to give your users access to the latest features of Catalina; moreover, your users will demand the upgrade. And your security team can’t afford the security risks of lagging behind.

Code42 Blog about macOS Catalina not working with legacy DLP
Current recommendation found on the Symantec support page. The latest Catalina release makes the security gap evident for legacy DLP customers.

There’s not a ton of time to waste, either. Apple will end updates, security patches and support of macOS Mojave in less than 24 months. That means most organizations need to begin planning their upgrades—including how they’ll fill the enormous security gap — now.

DLP for Macs has always been painful

Running legacy DLP on macOS has always been frustrating—a “square-peg-round-hole” problem that creates more work for security teams and increases the potential for dangerous gaps in visibility and protection. But the clear trend is that Apple is making it even harder for DLP to function in macOS — leading to more kernel panics, frustrations and potential security gaps. So the “kernel crisis” of the Catalina upgrade isn’t coming out of nowhere. The reality is that legacy DLP was not built with Macs in mind, and this disconnect is coming to an urgent head.

Code42 is next-gen data loss protection built for Macs

At Code42, we know the pains of legacy DLP for Macs firsthand — and built our Code42® Next-Gen Data Loss Protection solution to mesh seamlessly with macOS. We understand macOS better, so we approach things differently by:

  • Working at the file-system level to focus on what really matters — your file data         
  • Monitoring the applications that access, interact with and touch those files
  • Giving you deeper, broader visibility into all file activity — across your endpoints, in the cloud and in applications

We don’t have to muck around at the kernel level, playing the whack-a-mole game of activity-blocking. All of this means that the robust functionality of Code42 Next-Gen Data Loss Protection is completely unimpacted by the security improvements of the Catalina upgrade.

Providing the business-critical push to move to next-gen data loss protection

Most security pros already know the many pains of running legacy DLP products on Macs. So, the good news is that the Catalina kernel crisis will give many security teams the final push they need, providing a business-critical reason to move to a better data loss protection solution. In fact, several of the world’s leading tech companies anticipated the Catalina kernel crisis and have turned to Code42 Next-Gen Data Loss Protection: not just to fill the gap created by the Catalina upgrade — but to help them build a more forward-thinking, future-ready data loss protection strategy.

I’m Taking Data, and DLP Can’t Stop Me (Video)

Here’s my confession: I plan to take data with me whenever I leave my employment at Code42. I know exactly what data I will take and how I will take it. Am I concerned about getting caught? Not really. Most data loss prevention products won’t even see me doing it, let alone prevent me.

I’m not alone in my data scheming. Code42’s 2018 Data Exposure Report revealed that up to 72 percent of employees admit to taking data from their previous employer to their new one­—and that’s just those who will admit to the data theft. On top of that, 90 percent of companies feel vulnerable to insider threat.

Thankfully, in my case, all of the data on my list consist simply of pictures of me and my dog. But when I’m taking data with me upon my departure, shouldn’t the company security team be able to tell? Ideally, yes. The challenge is that humans are unpredictable, and prevention toolsets don’t take our chaotic nature into account.

“ At its core, data loss prevention (DLP) isn’t new. In fact, the desire to prevent data from disappearing is universal. Sadly, the failures to prevent data loss are as common as they are ancient—just ask the librarians at Alexandria how well their plans to prevent data loss worked. ”

While Code42 isn’t in the business of securing burning libraries, we do focus on data loss protection. Unfortunately, data loss prevention as a software category has experienced innumerable failures. Whether it’s trying to prevent the loss of source code, client lists, CAD drawings, or the latest episode of a certain winter-obsessed TV show: people put their date into places they shouldn’t—and they’re able to do this regardless of how good their data loss prevention tools and polices are, or how large a security team they have in place, or how many ports on their machines are disabled: data loss prevention is failing. If you have data loss prevention deployed, there’s a good chance it is failing you right now.

Scared yet? Concerned?

You should be. People, even when set loose in a perfectly architected, immaculately maintained environment, will still wreak havoc intentionally or accidentally. If you build a wall, someone will build a taller ladder. If you block USB access, someone will use any number of other options to obtain that access. For everything else, there’s Florida Man. The TL;DR version: No plan survives first contact with the enemy.

What does all of this mean for data loss prevention tools? It means policies don’t stop people from taking data. One can’t out-engineer the malicious intent of a determined human. This is why Code42 moves beyond prevention to data loss protection; in other words, prevention on its own simply doesn’t work—and it doesn’t work for all of the reasons I just cited. At Code42, we focus on protecting from data loss. That’s because it’s possible and it’s critical to be able to rapidly detect, investigate and respond to a potential data loss incident.

To these ends, there are three additions we’ve made to our product that will help you to better protect your organization from data loss. Here they are:

Data Exposure Dashboards

Our data exposure dashboards enable you to quickly visualize exfiltration events across removable media as well as personal and corporate cloud accounts. They provide a 1-, 7-, 30-, or 90-day view of events across your organization in order to quickly investigate anomalous findings. Additionally, these dashboards reveal which files have been shared externally in your corporate Google Drive, OneDrive, and Box environments over the same period of time.

Data Exfiltration Alerts

The new data exfiltration alerts enable the creation of alert profiles for some, or all, of the users in your organization based upon how much data are being moved to removable media and cloud services. These alerts show exactly what data were moved, down to the specific file content. This makes it easy to assess whether the exfiltration poses a data loss risk to your organization.

SOAR BABY SOAR

Alerts are great, but they don’t work in a vacuum. Alerts need context. Previously, we’ve written about our integration with Splunk Phantom, and now we’re happy to announce support for IBM’s Resilient Security Orchestration and Automation (SOAR) platform. With this new integration, it’s now possible to include Code42’s data exfiltration and forensic metadata in your existing incident response automations. You can learn more and download the Code42 Resilient app by visiting IBM Security App Exchange.

And with that, I’m afraid this post has come to an end.

But not before I take a moment to brag. Code42 keeps racking up hardware in the form of industry awards. Most recently, we were honored with the Black Unicorn award from CyberDefense. If you want to see how awesome we are, head over to our honors page.

Stay safe out there.

Leave the World a Better, and More Accessible, Place - Code42

Leave the World a Better, and More Accessible, Place

It doesn’t take long after a new employee joins Code42 for them to realize that we are a company that knows having values isn’t meaningful unless you truly LIVE the values. From the way we greet employees when they walk through the door, to the way we show them around the office, our cultural values are front and center. We assume positive intent. We get it done and do it right. We are not afraid. We believe that corporations should have more than solely an investor responsibility; they also should have a civic responsibility to “leave the world a better place.” For many of us at Code42, leaving the world a better place gives us a great purpose through work, one that encourages us to give back.

At Code42, we’re always striving to create a more diverse workplace. That diversity takes many forms, including but not exclusive to race, ethnicity, age, gender, sexual orientation, spiritual belief, socioeconomic status, ability and disability. We try to encourage engaging in each dimension across our business.  

Throughout 2018, we made strong strides to address diversity head-on. Going into 2019, we knew we wanted to accelerate our efforts on web accessibility within our product. There were two main events that precipitated that goal. First, a colleague gave a lightning talk about how accessibility improves the experience for all users, not just those with different accessibility needs. That talk really resonated across our team. Perhaps one of the most poignant examples of that talk was the “curb cut effect,” as highlighted in an episode of the 99% Invisible podcast. In the 1970’s, after cities began implementing curb cuts, they found that the impact of those accessibility improvements was wider-reaching than they anticipated. It turns out that everyone benefited by having access over the curb, whether they were in wheelchairs, on bikes, pushing a stroller, or towing a cart behind them.

The second event happened this year during the Superbowl. An ad caught my eye. Microsoft aired a commercial that debuted their Accessibility Controller, which allows anyone, regardless of their needs, to be able to use the controller effectively. They took a bold stance in the market with the phrase, “When we all play, we all win,” which struck right at the heart of the issue. Nobody should feel as though they cannot use or engage with a product. Put more succinctly, when technology empowers each of us, it empowers all of us.

So, what does that mean for Code42? We’re making a commitment to ensure our product is more accessible. While we can’t magically change where we are today, we can change where we go in the future. We’re happy to announce that we’ve launched an initiative called, “Acutely Aware for Accessibility.” The goal of this initiative is to ensure we test to WCAG 2.1 standards and begin to ensure the new capabilities we create use technology choices that empower everyone. No longer will it be acceptable to simply mark defects against the function of the product for mouse users who don’t employ assistive technology. Instead, we will now expect our employees and customers to log defects against our product when we fail to live up to the accessibility standards that we’ve set. In the coming months and years, we’ll be excited to announce more on this initiative and share our progress. For the time being, we want to emphasize our commitment to inclusion with our products here at Code42.

At Code42, our values define how we work, play and engage with each other, not just in the four walls of our workplace, but also in our community. Each day we are committed to leaving the world a better place. And each day when we arise, we know that while we’ll never reach the finish line of this journey, we know that we can contribute more back to the society that raised the caring, creative and innovative employees that we have here. 

Code42 Blog

Improved Risk Management Through Better Data Insights

Let’s face it: security professionals are overrun with data. Their logs are brimming with it. Their security tools are continually alerting them to potential anomalies, attacks, new vulnerabilities, changes in system configurations and all of the other things that could put enterprise data at risk. It’s safe to say that when it comes to data, security analysts and administrators are beyond overwhelmed. However, when it comes to business executives, the opposite is true: they often aren’t getting the information they need to assess what type of risk their organization’s data is under. 

The problem is, without the right data — data specific to their roles in the organization — neither security analysts nor business leaders can make effective risk management decisions regarding their corporate data. With version 7 of our Code42®Next-Gen Data Loss Protection solution, we’re tackling that challenge head-on. The goal is to get the right type of information, in the right amounts, at just the right time to those who need it so they can make the best decisions they can relevant to their job. 

“ The problem is, without the right data — data specific to their roles in the organization — neither security analysts nor business leaders can make effective risk management decisions regarding their corporate data. ”

What do I mean, exactly, when I say security professionals get too much data and business executives not enough? I’m talking about a signal to noise ratio: security pros typically get flooded with so much data that they have a challenging time finding the risks they need to focus on, yet business executives get so little relevant security information that they can’t make effective data-driven decisions. 

This can, of course, have profound deleterious effects on security. Bad decision making driven by poor access to the right information will negatively impact regulatory compliance; the protection of intellectual property, business plans and confidential customer data. When it comes to security analysts, if they can’t see the data they need to take immediate steps to mitigate danger, then breaches will go unnoticed until it’s too late. It’s one of the reasons enterprise data breaches, more often than not, go undetected for months. To be specific, the latest research tells us it takes an average of 49.6 days to detect a breach, which is up year-over-year. 

Code42 is taking steps to eliminate these barriers to effective security. At Evolution19, we are announcing a series of enhancements when it comes to our alerts, reports and dashboards within our Next-Gen DLP solution. 

“ At Evolution19, we are announcing a series of enhancements when it comes to our alerts, reports and dashboards within our Next-Gen DLP solution. ”

These improvements will help business leaders get the precise information they need about data risks lurking within their organization. Of course, we will also be providing numerous enhancements needed by front-line analysts to do their jobs more effectively. 

These efforts tightly align with Code42’s belief that security’s ability to be successful is directly tied to their ability to quickly detect and respond to data threats. As such, our goal is to demonstrate that security products can be both powerful and easy to use. That’s why we designed our Next-Gen Data Loss Protection solution with ease-of-use in mind. Customers don’t have to spend their time writing complex DLP rules and policies to reduce data risk like they do with traditional DLP — and now we are making it easy to get actionable information whether one is a security analyst or business leader.

What do I mean when talking about security analytics for business leaders? I’m talking about providing them with the insights they need to understand where the data-related risks hide within their organization. This includes attributes such as where their data resides, where it may be inadvertently exposed and show them how and where users are moving that data around the organization. We also will provide other high-level views about their data so they can make better decisions about managing their data, determining their risk level and even investing in security defenses more effectively.   

“ I’m talking about providing business leaders with the insights they need to understand where the data-related risks hide within their organization. ”

I’ll give you some examples. With these enhancements, business leaders will be able to see not only how many files are shared outside of the organization, but also the kinds of data being shared outside the organization. It will reveal how many file exfiltration events are occurring within your environment and show trends and patterns in data movements that business leaders should know.

Let’s consider insider risks. Often when we think of insider risks, the first thing that comes to mind is the nefarious insider. The insider stealing data to sell to competitors, or to take intellectual property to their next job. Employees acting maliciously isn’t the only cause for concern, though. Sometimes employees simply are careless, or make unintentional or uneducated mistakes. They may not follow the rules around data protection because they’re not convenient, or they may not even be aware of what the rules are.  In all cases, it’s crucial that the organization is aware of trends in data usage and movement so that corrective and mitigative actions can be taken. 

Of course, we are prioritizing enhancements that also will help security admins get a better signal when it comes to data visibility. This includes improved alerting so that security analysts and managers will be sure to see the security-related situations they need to investigate. While we have always provided security managers information about where all of their data resides within their environment, where their files are located, and how that data travels, in the future we will provide them with alerts that will bring potentially risky situations to their immediate attention. Situations like:

  • When a file has a shared link that allows public access to an internal file.
  • When a file is shared publicly and indexed on the internet.
  • When a user copies files to removable media.
  • When a user syncs a file to a cloud service.
  • When user browsers or applications read a file from a device.

That’s a lot of powerful information and will help organizations go a long way in reducing their data security risks.

This is an exciting time for us at Code42; we continue to evolve our Next-Gen Data Loss Protection solution. It’s so rewarding to see all of our efforts come to fruition and I can’t wait to see how our customers put these new capabilities to use.

Finally, a DLP for Macs

Finally, a DLP for Macs

It’s time to face the facts, Macs are everywhere in the enterprise. In fact, a 2018 survey from Jamf pointed to the fact that more than half of enterprise organizations (52%) offer their employees a choice in their device of preference. Not entirely surprising, 72% of employees choose Mac. The Apple wave within business environments has begun and only promises to grow over time.

“ Legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. ”

The problem is that legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. As a result, legacy DLPs often approach Macs as an afterthought rather than a core strategy. Customer opinions of their DLP for Macs continue to be unfavorable. In fact, last year at Jamf’s JNUC event in Minneapolis, Mac users quickly revealed their sheer frustration with DLP and how it wasn’t built for Macs. Code42 customers currently using legacy DLP vendors vented about their Mac DLP experience saying, “It just sucks!”

Naturally, we asked why.

  1. No Support – Mac updates can be fast and furious. Unfortunately, DLP has traditionally struggled to keep up with those updates. The result? Errors, Kernel panics and increased risk for data loss.
  2. No OS Consistency – We often forget that today’s businesses often use both Mac and Windows. DLP has traditionally maintained a very Windows-centric approach that has made the Mac experience secondary and inconsistent with Windows. Having two sets of users with varying levels of data risk is never good.
  3. It’s Slow – The number one issue often stems from performance-sucking agents that bring the productivity of Mac users to a screeching halt.
  4. Kernel Panics – This is worth reiterating. Macs are sensitive to anything that poses a threat, so whenever perceived unsanctioned DLP software threatens Mac, it means reboots and an increased risk of downtime.
  5. It’s Complicated – Traditional DLP still relies on legacy hardware and manual updates, which is time consuming and expensive.

Recently, Code42 unveiled its Next-Gen Data Loss Protection Solution at the RSA Conference 2019. One of the reasons our 50,000+ customers love us is precisely because of the superior Mac experience we deliver. Our next-gen DLP solution was built with the Mac user in mind. Learn more about our trusted and proven take on DLP for Mac.

Code42 Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

When it comes to data loss protection, there are fundamental security questions that every organization needs to answer. These include, “Who has access to what files?” and “When and how are those files leaving my organization?”

Code42 Next-Gen Data Loss Protection helps you get answers to these questions in seconds by monitoring and investigating file activity across endpoints and cloud services. And now, Code42 has expanded its investigation capabilities to provide greater visibility into removable media, personal cloud and web browser usage by allowing security analysts to search file activity such as:

  • Files synced to personal cloud services. Code42 monitors files that exist in a folder used for syncing with cloud services, including iCloud, Box, Dropbox, Google Drive and Microsoft OneDrive.
  • Use of removable media. Code42 monitors file activity on external devices, such as an external drive or memory card.
  • Files read by browsers and apps. Code42 monitors files opened in an app that is commonly used for uploading files, such as a web browser, Slack, FTP client or curl.

Advanced Exfiltration Detection can be applied to proactively monitor risky user activity — such as the use of USBs across an organization — as well as to eliminate blind spots during security investigations. For example, imagine you’ve just learned that a confidential roadmap presentation was accidentally sent to the wrong email distribution list. Sure, it can later be deleted from the email server. But did anyone download it? Has anyone shared it? By using Code42 to perform a quick search of the file name, you can answer those questions in seconds. You’ll not only see which users have downloaded the attachment, but also that one has since saved the file to a personal Dropbox account. With this information in hand, you can quickly take action against this risky data exposure.

See Advanced Exfiltration Detection in action.


Using-Delayed-Client-Updates-to-Test-the-Code42-App

Product Spotlight: Using Delayed Client Updates to Test the Code42 App

One of the benefits of selecting a Code42 cloud deployment is that that you don’t need to manage software upgrades. Code42 manages all infrastructure, and the Code42 app installed on endpoints is automatically updated when new versions are released. This process ensures your organization always has the latest security updates and newest functionality.

However, some customers have told us their change management process requires them to test new versions of the Code42 app with internal groups prior to distributing to the entire organization. Today we’re excited to announce new functionality that allows you to do just that.

With the new delayed client updates functionality, Code42 cloud deployment customers have up to thirty days to test new versions of the Code42 app before all endpoints are updated. In most cases, you will be notified one week prior to the release date so that you can prepare for the start of the testing period.

How to use delayed client updates

First, you must opt into this functionality by setting a global delay for all Code42 app updates. This delay can be set for up to thirty days. The selected global delay becomes the date on which all endpoints will receive a new version of the Code42 app after its release. Customers who do not set a global delay will continue to receive new versions of the Code42 app automatically on release date.

Once you’ve selected your global delay, you can specify organizations as “exceptions” to the delay date. These will become your test organizations. For example, if you’ve set your global delay to the thirty day maximum, you can arrange for the IT organization to receive the update on the general availability date, and for the marketing organization to receive the new app ten days after the release. This allows for sequenced testing with multiple test groups. If needed, you can also deploy to individual devices for targeted testing.

Once you’ve completed any desired testing, all Code42 apps will update automatically according to your global delay setting.

We hope this process allows you to follow your established change management process while still benefiting from the automatic updates that come with a cloud deployment. Happy testing!




The-Year-in-Review-at-Code42

2018: The Year in Review at Code42

The end of the year is always a great time for reflection. The last 12 months have been especially eventful for Code42. This year, the Code42 product grew and evolved in significant ways. We made product enhancements and introduced more tools to gather actionable intelligence about data risk. Most importantly, we added capabilities that paved the way for our biggest product yet: Code42 Next-Gen Data Loss Protection. We couldn’t have brought this exciting new solution to life without the foundational features unveiled throughout 2018. Here’s a look back at the highlights.

Code42 Forensic File Search

In April, we launched Code42 Forensic File Search, which now forms the core investigation capabilities of Code42 Next-Gen Data Loss Protection. By collecting file metadata and events from endpoints and making them searchable via the cloud, Code42 Forensic File Search enables security teams to get comprehensive answers to challenging security questions in seconds versus days or weeks.

Code42 Forensic File Search expands into cloud services

Our September release included several more enhancements, both big and small. We extended the capabilities of Code42 Forensic File Search so security teams can search for files by SHA256 hash and across cloud services, including Microsoft OneDrive and Google Drive. These capabilities truly unified and broadened the investigation capabilities of Code42 Next-Gen Data Loss Protection, providing full visibility to where corporate files live and move.

With the ability to search file activity in the cloud, IT and security teams are now able to more quickly see what files are shared and with whom; how and when files are added to cloud services; and what files a departing employee accessed, shared, downloaded or transferred before resigning. To further strengthen this capability in 2019, we’ll continue to expand across other cloud services.

With our November release, we added even more improvements to Code42’s investigation and monitoring capabilities. File Exfiltration Detection support was introduced for Mac devices, which now detects files being sent to Slack, FileZilla, FTP and cURL. To make it even easier to keep track of the most critical files, we also rolled out the ability to save search queries.

Code42 customers embraced cloud architectures

Meanwhile, customers told us their cloud strategies were changing. Companies who had originally chosen on-premises and hybrid deployment models were ready to fully embrace the benefits of cloud. We set out to deliver a secure and seamless way for our customers to move to cloud without needing to re-deploy or lose their historical data. This fall, we were proud to deliver a migration path that enables customers to deploy in the cloud in a couple of hours, without any user downtime or data loss. We’ve already had many customers upgrade to the cloud in order to eliminate on-premises hardware and take advantage of all the newest Code42 functionality. If you are a Code42 customer interested in moving to a cloud deployment, contact your CSM today to learn more.

“ Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. ”

Next-gen data loss protection

In October, we brought all of our core capabilities together into a single holistic solution and unveiled Code42 Next-Gen Data Loss Protection. We heard from our customers and the market that while traditional data loss prevention (DLP) solutions sound good in concept, they’re failing to live up to their potential in several key ways. Most companies are only using a fraction of the capabilities of their traditional DLP solutions. Security teams describe using traditional DLP as “painful.” Deployments of these tools can take months or years, because proper setup requires an extensive data classification process, and refining DLP policies to fit unique users is complex and iterative. To make the situation even more challenging, traditional DLP blocks employees from getting their work done with rigid data restrictions that interfere with productivity and collaboration.

Most importantly, traditional DLP solutions are narrowly focused on prevention — and business and security leaders now recognize that prevention alone does not work. Data loss will happen. Being able to protect a business from data loss and quickly recover from an incident is more important than the constant efforts needed to prevent an attack from happening — especially when, in the end, prevention fails.

Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. Unlike traditional DLP, it does not require policies, which has multiple benefits. The solution deploys in days instead of months; it is not resource-intensive to manage; and it doesn’t burden administrators with false positives. Most importantly, it doesn’t drain user productivity with rigid restrictions on data use.

Code42 Next-Gen Data Loss Protection is cloud-native and preserves every version of every file on every endpoint, forever. It monitors file activity across all endpoints and an ever-expanding list of cloud services. As a result, it provides unified visibility to where files live and move as well as access to the contents of files involved in data security investigations. Code42 Next-Gen Data Loss Protection preserves current and historical endpoint files for rapid content retrieval and investigation, as well as to help meet regulatory requirements.

To achieve these benefits, Code42 Next-Gen DLP leverages five key capabilities:

  • Collection: Automatically collects and stores every version of every file across all endpoints, and indexes all file activity across endpoints and cloud. 
  • Monitoring: Helps identify file exfiltration, providing visibility into files being moved by users to external hard drives, or shared via cloud services, including Microsoft OneDrive and Google Drive.
  • Investigation: Helps quickly triage and prioritize data threats by searching file activity across all endpoints and cloud services in seconds, even when endpoints are offline; and rapidly retrieves actual files — one file, multiple files or all files on a device — to determine the sensitivity of data at risk.
  • Preservation: Allows configuration to retain files for any number of employees, for as long as the files are needed to satisfy data retention requirements related to compliance or litigation.
  • Recovery: Enables rapid retrieval of one file, multiple files or all files on a device even when the device is offline, or in the event files are deleted, corrupted or ransomed.

It’s been a big year for Code42, and with the launch of Code42 Next-Gen Data Loss Protection, next year will be even bigger. Thanks for taking this trip down memory lane with us and see you in 2019!

Code42 Blog

Product Spotlight: Saved Searches

A Simple Way to Streamline Investigations

While every organization wants to protect its data, some files are more critical than others. You need to know where these “crown jewels” exist in your organization, and you don’t want to reinvent the wheel every time you need to find them. Fortunately, Code42 Next-Gen Data Loss Protection (DLP) can help you quickly and accurately locate these files — and save your search criteria so you can easily find them again in the future.

Code42 Next-Gen DLP protects your intellectual property from loss, leak, misuse and theft by showing you where critical files live and move. With Code42 Next-Gen DLP, you can quickly search for data using file hash, date range, type, filepath and more — to get a complete inventory of where important files reside on your endpoints and cloud services.

For example, suppose your organization has “secret sauce recipes” that are vital to your company’s success. These critical files should only be accessible to select employees — but how can you verify that is indeed the case? You can use Code42 Next-Gen DLP to see if your company’s secret sauce recipes are saved anywhere they shouldn’t be. Simply use Code42’s investigation capabilities to search for the SHA256 hashes of your most critical files.

Once you’ve built a search to identify the location of those special files, you can save the search criteria so you can quickly re-run a search in the future. These saved searches can be named and edited as needed. Saved searches pre-populate queries so that routine searches can be run more frequently.

Keeping your crown jewels safe is at the heart of a good data loss protection strategy. And now, Code42 makes this even easier using saved searches.