As a semi-conductor design and manufacturer company, MACOM’s data includes proprietary designs and CAD drawings that are extremely valuable forms of IP. Making sure that data stays within the company and is protected from employee misuse is key to our success as a business. Part of our challenge in protecting our data is that we’re about 1,500 employees spread across roughly 50 sites globally. For such a large global organization, our security team runs lean. Jeff Litwinowich, director of IT and Security, and I are really the only two members of the team who are accountable for security at MACOM. To give us some extra horsepower, we need tools that provide visibility into what’s happening in regards to our data on both endpoints and in cloud applications.
Having had a positive experience as a Code42 customer at a previous organization, Jeff and I were eager to look at Code42 Next-Gen Data Loss Protection as we were evaluating products which could help lay the foundation of our data loss protection strategy. At the time, MACOM was in the midst of our digital transformation, with the intention to go from IT 1.0 to 3.0 within the year. We needed a product to ensure that our data is always protected, as we were rapidly adopting cloud solutions and going through organizational changes. We needed to accomplish this without placing an administrative burden on our lean IT or security teams, or requiring on-premises infrastructure to support.
Our initial POC validated that Code42 was easy to deploy and could detect data movement that previously would have gone unnoticed. The POC soon expanded to a company-wide deployment of Code42 Next-Gen Data Loss Protection. The global deployment went very smoothly. It was complete within about a month, which was a fast turnaround for us. Today, we have gone a step further, and integrated Code42 and Splunk. Together, these solutions not only help us monitor data activity, but also consolidate that information for a clear snapshot of what’s happening at an individual and organizational level. Having these tools provides efficiencies and enhanced security beyond what we had before.
Code42 and Splunk allow us to trust our employees, but verify. We’re a company of people and everyone needs to trust each other and work together. While I want to believe that no one is doing anything malicious, it’s my duty to verify, to ensure we’re all in the clear. Code42 is the validator.
Validation happens in a few ways. When a rule is broken, we need to understand why it was broken. Was there a legitimate business reason, and was that a good enough reason not to follow that rule? Should we make an exception to the rule?
Validation can also be thought of as our way of responding to data exfiltration incidents. In times when we detect data leaving the company, we are able to access the file in question and determine if it was inadvertent or malicious. For example, if a departing employee tells us they’re just taking personal pictures that were on their device, we can look back and validate if that is true. If we access the files and find that it was actually company property, the conversation changes.
In my role, I have a general idea of what data is important and what’s not, but I rely on the business to tell me what is truly critical. HR and legal are my primary stakeholders when it comes to protecting data from insider threats. Generally, they are looking at users who are involved in litigation or someone who’s leaving the company. They ask us to monitor the user’s activity and provide insight related to actions the user has taken in regards to their data in the past. By analyzing the Code42 data in the Splunk dashboard, I can easily go back and look at somebody’s activities after the fact to make sure we’re protecting what’s most critical to the business.
With Code42 and Splunk, I am also able to be proactive. By setting up alerts, I can look at specific users and get immediate notification if they’re engaging in suspicious behavior like moving something to an unsanctioned cloud application or a USB. The best thing about Code42 is we have all the data and it gives us an incredible amount of visibility that we’ve never had before.
Insider Threat Is Real