Better EDR and Threat Intel with Code42

The bright lights of Las Vegas are still flashing in my eyes after Black Hat 2018, and I observed a distinct trend: Data security technology vendors increasingly align themselves in one of two categories: threat intelligence or endpoint detection and response (EDR). The most common question I got at Black Hat 2018 was, “How does Code42 fit?” My answer is, quite simply, “Extremely well.”

Threat intelligence and EDR — where Code42 fits

It was easy to tell if you were at a threat intel or EDR vendor booth at Black Hat 2018:

  • The threat intelligence vendors wanted to talk to you about their orchestration framework, how many data feeds they pull in and their glitzy dashboards.
  • The EDR vendors showed you how easy it is to install their endpoint agent — and told you how they’ll alert your security team every time a hoodie-clad hacker in a basement runs exploits on your endpoints.

Code42 provides separate, complementary value to both threat intelligence and EDR solutions by applying a unique, historical file content and context perspective — as opposed to an action- or event-oriented perspective. Here’s why the combination of Code42 and threat intelligence and/or EDR is so powerful:

“ Code42 provides separate, complementary value to both threat intelligence and EDR solutions by applying a unique, historical file content and context perspective. ”

Code42 + threat intelligence

Let’s say your journey starts with a threat intelligence solution. You get an alert that a DNS request was initiated from a transient address in your Wi-Fi network to a newly registered domain or domain associated with known malware. How can you act on this alert?

Well, the threat intel report describes the domain in question as associated with a fake ad-blocker Chrome extension. That report also gives you the file name of the Chrome extension. You can then leverage Code42 Forensic File Search to search for that filename. In less than a second, you can build a unique list of all endpoints in your environment that have this undesirable Chrome extension. You can even sort these results and quickly find the first users to “fall” for the malware trick and give them additional training to help avoid this type of fire drill in the future.

Code42 + EDR

Imagine that an EDR solution sends an alert triggered by a maliciously crafted PDF document found on an endpoint. This suspicious file ran some arbitrary and potentially unknown code at an elevated privilege level. How would your organization react?

First, you may want to see who else has this same document. Using Code42 Forensic File Search, you could look for the checksum or filename of that questionable PDF. In less than a second, you have a complete list of your affected devices and users — whether they are online or not and without impact to the user’s machine or the network.

Now let’s say you want to examine the suspicious file — but the malicious payload deleted the PDF after execution. With Code42’s Backup + Restore  product, you could pull an archived copy and hand it to forensic investigators.

Providing deeper visibility and context

Threat intel and EDR solutions focus on identifying malicious activity or abnormal application behaviors on an endpoint. They’re really good at detecting things like a process attempting a privilege escalation or scanning memory to pilfer credentials. Alerts to these activities are valuable, but they give only one dimension of insight into a complex problem. Code42 is focused on a much bigger picture — providing comprehensive visibility into every action, movement and revision of every file — while simultaneously securing and preserving valuable digital assets. And our powerful search capability cuts through the noise to give you exactly the information you need without overwhelming you with data.

Our unique approach to providing visibility and ensuring availability means Code42 doesn’t fit neatly into a category created by industry analysts. But that doesn’t diminish its value. Rather, it affirms that the value of Code42 cuts across the entire data security stack, regardless of what you do, or what tools or vendors you may already be working with. In fact, Code42 Forensic File Search, coupled with Code42 Backup + Restore, provide a comprehensive, contextually rich and easily searchable service. Combined, they complement not only threat intel and EDR, but almost any other data security solution, providing clear, direct and authoritative results.

Cure for the Windows 10 Migration Migraine

Keep precious data safe during an enterprise-wide OS upgrade

One-to-one device migrations, when an IT worker spends hours migrating a device to the Windows 10 platform, aren’t fun for anyone. They drain IT’s time and money and render workers idle as they wait for their devices. More importantly, they put the company at risk for data loss.

Gartner estimates that enterprises using one-to-one migration processes for Windows 10 upgrades could spend up to $445 per device. For a large organization with 2,500 employees, that can add up to more than $1.1 million. And that’s not even counting the loss of productivity as workers wait to get their devices back from IT. Some remote employees may even need to ship their device back to headquarters for the migration, adding additional time and cost.

With 2018 shaping up to be a peak year for Windows 10 migration, how can companies avoid the cost and disruption of a large-scale institutional operating system upgrade? And how can they protect valuable company IP while doing it?

“ By using Code42’s migration solution, companies can save time and money while allowing users to control their experience. ”

Faster, easier, safer

Luckily, savvy companies are turning to user-driven migration for Windows 10. By using tools such as Code42, these organizations are making migrations more scalable and repeatable, cutting costs while keeping their data safe. Using Code42’s migration solution speeds the Windows 10 migration from three hours to 30 minutes on average.

Code42 recommends two different Windows 10 migration processes for companies, based on their needs:

  • Classroom-style migration. For organizations not ready to give up full control to users, this one-to-many process can provide a good interim step on the journey to automation. As its name suggests, in this process, IT hosts events during which multiple users bring their devices and perform the migration themselves, with IT walking them through the process. As in any classroom, if a single user has a specific issue come up during the session, the IT “teacher” can provide some one-to-one guidance while the other users are self-migrating.
  • User-driven migration. Organizations can largely eliminate IT involvement in the Windows 10 migration—the dream of many IT teams—by implementing a fully user-driven process. Using Code42’s migration solution, users simply follow instructions and get in touch with IT only when a specific issue comes up. This approach can speed migrations by 75 percent and leave IT more time to focus on critical issues. Users also benefit by remaining in control of their data and making the migration when it’s convenient for their schedules.

A migration tool that works

To make either of these options work requires the right tool: a simple, intuitive, user-friendly system. Code42 provides this through:

  • Automatic, continuous endpoint backup. Any backup solution that requires manual user activity is doomed to fail because not all users will follow the protocol. Implementing Code42 lays the foundation for a successful migration to Windows 10 because we back up every version of every file, every 15 minutes. No matter how reliable—or not—users are, their endpoint data will be safe.
  • Clear, simple instructions for users. Organizations typically have users who run the gamut of comfort with technology. Code42’s system is powerful enough to facilitate a complex migration like one from Windows 7 to Windows 10, but easy enough for even the least technically savvy employee to walk themselves through the process.
  • Access to data during migration. For certain high-profile users, not being able to access their data for even an hour during migration is unacceptable. Code42 makes it easy for users to access their most recently used files while the other files are migrating.
  • Migration of profiles and device settings. After the Windows 10 migration, users will be up and running more quickly if their device looks, feels and performs as it did before the migration. Code42 migrates device settings so users don’t have to spend precious time doing it themselves.

From dreaded to done

IT teams and users often dread the process and aftermath of an operating system upgrade. By using Code42’s migration solution, companies can save time and money while allowing users to control their experience. More critically, Code42 ensures the security of valuable endpoint data during the Windows 10 migration. IT can focus on more mission-critical tasks and users can continue doing their jobs.

Code42 Restores Files, Moods and Attitudes

Here’s a story you’ll probably recognize: Because there’s no sense reinventing the wheel, you use an existing file—for instance, an Excel file or PowerPoint presentation—as the starting point for a new project. As you transform that old file into something brilliant and new, you instinctively hit CTRL+S (because you don’t want to lose that work!)—and unintentionally overwrite the original file, destroying your previous (yet still valuable) work.

You may have also lived this story: You’re working diligently when an email or a webpage opens a pop-up. Thanks to clever trickery, the “OK” and “Cancel” buttons are renamed or the question is misleading, and you’re duped into the wrong click. Suddenly, you feel the heat from your computer as ransomware begins encrypting all your files.

Another painfully familiar tale: Your computer dies or is lost. A day later, your trusty IT team hands you a beautiful new one. This new computer is clean, pristine, fast and slick—but has none of your information on it.

The stages of data loss grief

I’ll bet everyone has experienced at least one of these disasters, so you also know the feelings of disbelief, rage, guilt and sadness that go with them. It’s a big deal! Your ideas are lost. Your data is gone. Your future productivity is marginalized as you scrounge around to find bits and pieces of your files and work.

“ We understand the value of your data; we understand the risk it constantly faces; and we understand the raw emotion of losing (and recovering) that value. ”

I know these feelings all too well. In fact, just last month, I ended up wiping out a presentation two days before I was due to take the stage as a keynote speaker. But it took me less than a minute to recover the file, because, not surprisingly, we here at Code42 have our agent deployed on every endpoint. This was just the latest, deeply personal reminder of why we do the work we do at Code42—why we work so tirelessly to protect your (and my) data. We understand the value of your data; we understand the risk it constantly faces; and we understand the raw emotion of losing (and recovering) that value.

Four big improvements make Code42 restores better than ever

In the last year, we’ve been focusing on updating our technologies to make your restore process even better. Here are four ways we’re taking data restores to a whole new level:

  • Speed: We know that the speed of a restore is at the heart of our solution. When you lose a file, every minute counts. In the last year, we’ve invested time in optimizing our technologies for the new file sizes we expect in 2018. For some of our customers, this has resulted in a 10x improvement in performance.
  • Push Restores: We’ve made a lot of changes to our technology and message queueing to make the push restores work much better. Ironically, modern computing sometimes works against us; computers have gotten so good at understanding their workload that they optimize for the operations they perform the most frequently. Statistically, the Code42 infrastructure does a lot more backups than restores—but those restores (your restores) need to be as fast as possible. We’ve re-trained our servers and message queuing to make sure that your restores are always our top priority.
  • Security: When you store as much data as we do at Code42, making sure it’s safe is absolutely critical. I was thinking about this recently during an internal security exercise. All customer data protected with Code42 is protected with the strongest possible data encryption both in transit and at rest. We continue to find ways to make your precious files even more secure.
  • Bulk Restores: Finally, we’ve done a lot to make sure that even if you are doing massive restores, they are still fast and easy. Whether it’s users recovering an entire machine in minutes, or organizations doing widespread device-to-device migrations (in case of an OS Migration or hardware refresh), we’ve minimized the time and the pain.

No matter how you use Code42, we take pride in taking those “much ado” moments and turning them into “nothing.” We love hearing that “Oh my gosh, thank you so much,” that comes from customers when they recover all of their lost files, and we’re proud to provide the technology that lets you do this for your users.

At Code42, we restore files, moods and attitudes.

Preserve IT and User Productivity with DIY Windows 10 Migrations

Device migrations have always been an unpleasant fact of life for enterprise IT and are only becoming more frequent. With new devices, new operating systems, OS updates and more coming out multiple times a year, businesses are constantly moving users to the latest tech to keep them at the leading edge of productivity and security.

As of March 2018, Windows 10 was only being used by 39 percent of all Windows users. With Windows 7 reaching the end of extended support in 2020, the pressure to move users to Windows 10 will increase over the next two years. That means there are many, many device migration projects on the horizon for enterprise IT teams.

In order to maintain the highest possible amount of IT and end user productivity, organizations should consider shifting to a “DIY,” or employee-led, migration model.

One-to-one migrations don’t fit the digital enterprise

Whether you call them one-to-one migrations, IT-heavy migrations or white-glove treatment, the traditional approach to device migration can’t keep up with the increasing frequency of tech refresh projects in the typical enterprise.

  • Users lose hours–or days–of productivity: Most one-to-one migrations take several hours, if not days. That means users often lose an entire day of productivity. That’s annoying for the individual user, and the collective impact is immense in large-scale, enterprise-wide tech refresh projects.
  • IT is overwhelmed: For businesses in every industry, IT is shifting from acting as a necessary cost center to delivering a wide range of differentiating value. But when they’re forced to spend the bulk of their time on low-level tasks like one-to-one migrations, IT teams have less time for high-value projects.
  • Projects run on forever: A survey of Code42 customers found that the biggest challenge for migration projects delivered via traditional approaches was scheduling time with users. Flexible work schedules, increasing mobility and a growing remote workforce make scheduling one-to-one-migrations a nightmare. This is part of the reason that data migrations have an average time overrun of 41 percent.
  • They’re incredibly expensive: Businesses tend to think the cost of the technology itself is the big budget item in tech refresh. But IT costs are what lead 80 percent of data migrations to run over budget.
  • Valuable data falls through the cracks: Traditional device migration workflows lean heavily on manual user actions for data backup and restore. The result: One in three enterprise data migration projects experience significant data loss.

Moving to a DIY migration model

As device migrations come more frequently, the pain of the “old way” is becoming evident to IT and business leaders. Moreover, innovative businesses and industry analysts are demonstrating and quantifying the promise of a more scalable approach to device migration.

Imagine end users performing their own migrations in as little as 30 minutes, with no lost data. Consider the massive productivity savings for both users and IT when extended across an enterprise. The savings add up quickly, and both IT and end users are happier.

Webinar: How to Accelerate Incident Response

If you had to pick one word to describe the information security landscape today, what would it be? For me it would be “speed.”

Everything is moving faster – the frequency of data breaches, ransomware mutation rates and the GDPR-driven reporting time limit for data incidents. Prevention is largely a race to try to stay one step ahead of the next threat.

But what about recovery? Incident response times are lengthening. The longer detection and remediation take, the higher the cost to the business and the larger the risk of a cyberattack expanding across the organization.

Join us for our on-demand webinar on how to accelerate incident response times. We’ve got some fresh ideas and unconventional solutions that we hope will help you improve your investigation processes and think “out of the box.”

In this webinar, we will discuss how companies can significantly improve their detection and response times by adopting a product like Code42 Forensic File Search.

This informative webinar will specifically cover how to utilize Code42 Forensic File Search to:

  • Quickly enable the multiple steps, teams and processes involved in investigating and responding to cyber threats;
  • Effectively and efficiently recover from data loss incidents, reducing response times from days and weeks to mere seconds; and
  • Continuously and silently report on file events and metadata across all endpoints for near real-time detection of threats – even when the endpoints are offline.

 

Every Idea Matters: Secure Them with Code42

At the most basic level, every business sprang from an idea. Every advancement, every cure, every game changer–they all started as a concept in someone’s mind. No matter the industry, ideas are the fuel that helps every one of our customers grow.

Every idea matters. It’s a simple concept, but one that guides us at Code42 as we secure our customers’ data–their ideas–wherever they live or move.

Case in point: This week we announced the Code42 Forensic File Search product, which helps security, IT and compliance teams dramatically reduce the time it takes to investigate, respond to and recover from data security incidents that threaten their valuable IP. Because it collects file metadata and events across all endpoints in an organization and makes them searchable via the cloud, you can cut incident response investigations from weeks and months to mere seconds.

Expanding security capabilities

While this new product is exciting in itself, it also marks an important expansion of our security capabilities for global enterprises. With Code42 Backup + Restore, you have access to complete file contents on any endpoint. Code42’s File Exfiltration Detection gives you visibility into departing employees moving files to external drives or cloud services. Code42 Forensic File Search provides you metadata from file activity. Together, these features offer you the greatest visibility yet into what’s happening to the valuable ideas on your organization’s endpoints.

Later this year, we’ll extend the same visibility to the data that lives on corporate cloud applications, including Microsoft OneDrive, Google Drive, Box and Slack. While the endpoint will continue to be relevant, and a key source of data exfiltration and infiltration, we know that in the next five years that much of the data on endpoints will move to the cloud. We intend to be at the forefront of this transition.

Every feature of the Code42 platform was designed with the same end goal in mind: to protect the valuable ideas fueling our customers’ growth. Our customers are changing the world with their ideas. It’s our job to keep those ideas safe. Because every idea matters.

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

The other day, while watching a show about modern warfare on The History Channel, I was struck by how technical advancements in modern warfare mirror the innovative leaps we have made in the battle of cybersecurity. In particular, the invention of night-vision goggles brought continuous visibility to the battlefield, changing warfare in two key ways:

  • It illuminated the dark corners: suddenly silent still actors would be seen as if they were fully illuminated; and
  • It enhanced the temporal dimension: what was traditionally a daytime activity became an around-the-clock battle.

Today, with the announcement of Code42 Forensic File Search, we’re happy to say that Code42 brings night vision to data security. We are enabling a new dimension of visibility—illuminating dark corners and creating a fully visible arena that you can examine, mine and use to take action in defense of your data.

We illuminate the dark corners

Imagine that you could search and investigate file activity across every endpoint on your network. You could instantly query your data to find where files are located. In the event of a malicious file finding its way onto your network, within seconds you could know where that file had landed and who was impacted by it—regardless of where the file resided on that machine. Suddenly the ransomware files that hide silently in users’ Recycle Bins and Downloads directories are visible. The least managed–but most exposed–entry points for malware and ransomware are suddenly visible to you.

We change the temporal dimension

Being able to see into the dark corners of the “battlefield” is only the first step. Imagine being able to take immediate action against those endpoints regardless of whether they are on your network, or even powered off in someone’s home. This is the power of Code42 Forensic File Search. We’re constantly logging changes happening on your endpoints and sending them to our cloud where you can interactively query them to find files regardless of the state of the endpoint. Our optics give you the enhanced vision to illuminate file activity on your endpoints, in near real-time, without waiting for users to connect or manually going out and searching the endpoints that were unavailable to you.

Our element of surprise

For years, as security experts we’ve been forced to fight a blind battle—one where the night sky is devoid of stars; one where our enemies could exploit any weakness in our data visibility. Tomorrow’s data security battle is defined by night vision, enabling you to know where your data lives and moves across all endpoints – at a moment’s notice. It’s defined by the ability to get real-time results from dynamic queries. These new capabilities enable the level of digital trust that you need to drive your organization’s digital transformation journey.

Code42 “night vision” is just one of the transformative changes we’re bringing to the battlefield for data visibility and security. What’s next? Well, those in attendance at our Evolution18 customer conference have seen a few glimpses today. We’ll share more here soon.

Simplify Legal Hold and eDiscovery with Code42

Today, many organizations face overwhelming costs and burdens associated with responding to eDiscovery and legal hold demands. This is no surprise, given the incredible growth in corporate data – market research firm IDC predicts that the amount of data created and copied every year will reach 180 zettabytes in 2025. For reference, that looks like this: 180,000,000,000,000,000,000,000.

With so much data, it can be difficult to identify, preserve and collect all the data required for eDiscovery. At the same time, it’s never been more critical to be able to accurately collect data for legal matters. Since 2005, sanctions for spoliation of evidence have increased almost 300 percent. In 2015, the sanctions in one landmark case totaled nearly $1 million for repeated negligence in the eDiscovery process. In other words, outdated legal hold processes could wind up costing your company serious money.

Fortunately, Code42 has the legal hold capabilities that both the IT and Legal teams need. With Code42 already preserving all data on employee endpoints, litigation support personnel rapidly select custodians, apply policies and preserve data in place, with:

  • No IT time
  • No IT travel costs
  • No third-party file collection costs
  • No need to physically confiscate employee computers
  • Reduced litigation and eDiscovery costs

To learn more about how Code42’s Legal Hold and eDiscovery features empower legal teams with powerful tools and minimal IT involvement, watch our latest feature trailer below.

Simplified Device Migration with Code42

Code42’s endpoint data security solution provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows and more – all in a single product that’s been proven to ultimately save you money. One way Code42 helps you cut costs is with our device migration feature – moving employees to upgraded devices has never been faster or easier.

With Code42, employee data is automatically backed up every 15 minutes by default. When it’s time to move an employee to a new computer, their data can be transferred to a new machine seamlessly – even before the employee has turned in the old machine. With Code42, gone are the days when device migration projects meant hours of lost productivity (and, in turn, lost revenue). According to Code42 customer Schneider Electric Sweden, Code42 cuts their tech refresh process from 24 hours down to three or four, saving roughly 7,000 hours in employee downtime per year. Think about how much money 7,000 wasted hours would cost your organization.

To learn more about how device migration with Code42 saves time and money, watch our latest feature video below.

Protect your business from ransomware

Protect Your Business from Ransomware with Code42

Code42’s endpoint data security solution provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows, and more–all in a single product that’s been proven to ultimately save you money. With ransomware making huge headlines in 2017, one of the Code42 features that enterprises are most interested in is ransomware recovery.

Since Code42 backs up your data every 15 minutes by default, you can roll back to a point in time and access files you were working on before the ransomware attack–without ever paying the ransom. Ransomware recovery is one of the major ways a true endpoint backup solution beats file sync and share products for data backup. Sync and share products can’t restore to a particular point in time, but they can actually spread ransomware through an organization.

To learn more about how Code42 beats sync and share products for ransomware recovery, watch our latest feature video below.