After working on security teams at large retail organizations, I’m now in the unique, and fortunate, position to be the director of security at Code42, an organization that makes one of the products that my team uses daily. This gives us direct access to Code42’s latest product features, beta testing, and the opportunity to network with organizations like CrowdStrike both as peers and as customers of each other’s products.
The Code42 Next-Gen Data Loss Protection solution is an incredibly helpful tool to have in the toolkit. I’m proud of how my company is innovating to help fill a critical need in data security, particularly around protecting data from insider threats. But as any savvy security professional knows, there’s no one silver bullet to address all of an organization’s data security needs. For this, I rely on different products to protect Code42’s data from an ever-present array of threats.
One of the key solutions we use at Code42 is CrowdStrike, the fastest-growing endpoint detection and response solution on the market. Some of the things I love about CrowdStrike are its high-fidelity rate and its low rate of false positives; how it has a lot of searchable, granular event data; and its Falcon OverWatch service, which provides a “second set of eyes” to alert us to unusual activity in our environment.
CrowdStrike and Code42 work shoulder-to-shoulder to protect our data. CrowdStrike protects our organizations from external threats such as malware, while Code42 accelerates our detection of and response to insider threats, like departing employees.
As you can tell, I’m a huge advocate for CrowdStrike, which made it particularly cool to meet with Tim Briggs, CrowdStrike’s incident response analyst, at our Evolution19 conference in Denver earlier this year. I learned a lot from Tim, and even got a few tips from the trenches about how he uses Code42 and CrowdStrike in their environment. For example, Tim shared a story about a recent incident, when their security team received an alert from the CrowdStrike platform that was related to torrent activity in their system. Torrent activity could be extremely malicious, in that an employee may be exfiltrating valuable IP, or it could simply mean an employee was misusing company assets.
With the alert in hand, the CrowdStrike security team was able to use Code42 to look at the files and download history of the employee in question. They quickly figured out that the employee was downloading movies onto their device. With that context, the CrowdStrike team was able to ascertain that, while the employee was misusing company assets, he wasn’t behaving maliciously or exfiltrating data. The security team was then able to report that to their executive team.
While the threat landscape is in a constant state of flux, two things will never change. Breaches will happen, and employees will take data when they leave. It is that simple. Together, CrowdStrike and Code42 are dedicated to making it faster and easier for our respective customers to detect and respond to insider and external threats.
Insider Threat Is Real