Evolution18: Cybersecurity Investigations: From Hollywood to the White House to Your Company

Cybersecurity Investigations: From the White House to Your Company

Cybersecurity investigations, from Hollywood fiction to your company’s reality, were one of the key topics at Code42’s annual Evolution18 customer conference April 9 – 11 in San Francisco.

While the Hollywood version of cybersecurity investigations includes a geek sitting in a dark room in front of a computer screen having an “aha!” moment, real-life cybersecurity investigations are incredibly complex. Guest keynote speaker Theresa Payton should know. In addition to being a national data security expert and former White House CIO, Payton is a star of the CBS series “Hunted,” a reality TV show about cyber investigators who hunt down people living off the grid.

“If solving our cybersecurity and privacy issues were as simple as following security best practices, we would all be safe,” Payton said in her keynote presentation on April 11, striking a serious note between regaling the audience with stories from her time in the White House and her experience on reality television. “In spite of talented security teams and hours of security training, breaches still happen. That’s why I want you to consider a new path to security, that of ‘designing for the human.’ This is the path that recognizes that humans can and do make mistakes, and plan for a way to respond when that inevitably happens.”

To that end, Evolution18 also marked the release of Code42 Forensic File Search, our latest enterprise security product. Code42 Forensic File Search reduces the time it takes to investigate, respond to and recover from data security incidents. By collecting file metadata and events from employee endpoints and making them searchable via the cloud, Forensic File Search provides comprehensive answers to challenging data security questions. It tackles tough questions like:

  • Does known malware have, or has it ever had, a foothold in our environment?
  • Has a particular crypto-mining agent been installed on our employees’ computers? Who has it now?
  • What files did an employee download or delete in the months before resigning?

“Responding to cyberattacks takes too long, exposing organizations to greater risks and climbing costs,” said Joe Payne, president and chief executive officer of Code42. “By collecting, analyzing and indexing file events, Code42 Forensic File Search helps organizations shrink time-to-response windows. Our new product provides visibility to where data lives and moves across all endpoints in seconds.”

Other highlights of the conference included these sessions:

Whether through ignorance or malintent, employees are one of the top data security threats to any organization. Code42 Senior Director of Information Security Jadee Hanson provided a behind-the-scenes look at running an insider threat program to prevent employees from leaking, exposing and exfiltrating data. Hanson also moderated a “Futurist Discussion” panel with industry leaders to discuss what’s on the horizon for data security. Thanks to these panels, attendees learned what’s to come in the near future of cybersecurity, what will become the latest buzzwords in the field and much, much more.

Minimizing user downtime during a device migration is a critical part of any IT strategy. Best practices discussed during a packed-room panel session with Code42 customer MacDonald-Miller include self-service migration and data restoration as well as managing user expectations.

Data compliance for higher education can be complex, particularly considering that federal grant requirements now require data retention for seven years. In a game show format complete with swag prizes and packs of ramen noodles (Get it? Higher ed? Ramen?) customers learned how to tell if data is leaving the university and how to build Freedom of Information Act requests into their data management issues. Yum.

The reviews from attendees are already rolling in, and we’re blushing at the positive responses:

“Love hearing what other Code42 customers are doing!” – desktop support specialist, Entrust Datacard

“Thanks to everyone at Code42 for putting on such a terrific conference! I’ve already started reaching out to my peers–encouraging them to attend Evolution19.” – IT program manager, University of Colorado Skaggs School of Pharmacy and Pharmaceutical Sciences

“Already registered for Evolution19 and looking forward to Colorado. See you guys then!” –systems administrator, Utex Industries

“Thank you, Code42! It was a great Evolution.” – computer support analyst, Stanford University

Dozens of customers have already signed up for Evolution19. Interested in joining them? Registration for next year’s conference, April 30 – May 2 in Denver, is open now. We hope to see you there!

Forrester’s Mitigating Insider Threats: The Security Playbook

By submitting this form, you agree to Code42’s Privacy Policy.

Six Months a Guardian

Last week marked my six-month anniversary at Code42, and I couldn’t be prouder of our teams – what we’re focused on doing, our vision for where we’re going and what I know we’re going to do in the future. We are pouring blood, sweat and tears into creating a safer future for our customers’ ideas, a protected world for our users and a world of growth for those bold organizations that embrace innovation, forging a new future in their respective industries.

To our administrators: If you think about the change that we’ve endured in the past five years, it’s shocking. We’ve been asked to embrace mobility, cloud, virtualization, containerization, the server-less world, Infrastructure as a Service, Software as a Service, identity, federated authentication and compliance. It’s seemingly been an endless sea of changes, and the plight we’ve all faced is only compounded by the reality of data darkness we live in. However, Code42 is here to help.

To our users: Our teams here truly believe your ideas are beautiful and important. We wake up daily determined to figure out new ways to protect them. We recognize how every individual contributes to the greater growth of their organization. We’re here to keep your ideas safe, allowing you to contribute at your absolute best.

To the security teams that rely on Code42 to defend your organizations from the endless darkness of the cybersecurity world we live in: Realize that if there was a magic switch on the wall to dispel the data darkness, we’d flip it to let in the light. We know you and your users are under constant assault from individuals who seek to steal, ransom and destroy the ideas that will grow your organization. We’ve made countless changes to increase our defenses of your data and to stay one step ahead of those who seek to destroy or hold captive your value. We’re a partner in this journey.

– Rob

P.S. – Last, but not least, to my fellow guardians: Thank you for an amazing first six months. You have done incredible work and I’m so proud of the work we’re doing to make the world a safer place.

Webinar: How to Accelerate Incident Response

If you had to pick one word to describe the information security landscape today, what would it be? For me it would be “speed.”

Everything is moving faster – the frequency of data breaches, ransomware mutation rates and the GDPR-driven reporting time limit for data incidents. Prevention is largely a race to try to stay one step ahead of the next threat.

But what about recovery? Incident response times are lengthening. The longer detection and remediation take, the higher the cost to the business and the larger the risk of a cyberattack expanding across the organization.

Join us for our on-demand webinar on how to accelerate incident response times. We’ve got some fresh ideas and unconventional solutions that we hope will help you improve your investigation processes and think “out of the box.”

In this webinar, we will discuss how companies can significantly improve their detection and response times by adopting a product like Code42 Forensic File Search.

This informative webinar will specifically cover how to utilize Code42 Forensic File Search to:

  • Quickly enable the multiple steps, teams and processes involved in investigating and responding to cyber threats;
  • Effectively and efficiently recover from data loss incidents, reducing response times from days and weeks to mere seconds; and
  • Continuously and silently report on file events and metadata across all endpoints for near real-time detection of threats – even when the endpoints are offline.


Code42 security industry awards

Three Security Industry Award Wins, and Why It Matters

What a month it’s been for Code42!

Last week, we hosted Evolution18, our annual customer conference; we launched Code42 Forensic File Search, an innovative, game-changing product for the information security market; and in the past few days, we were honored with three security industry awards:

Each of these awards is a true honor. Together, they point to the innovation we are driving, and how that’s paying off for our customers. Here are three takeaways.

Innovation drives us

The three awards we won point to our commitment to innovation. It’s a priority for us. We drive innovation to help our customers succeed – safeguarding their ideas wherever they live or move, whether that be on endpoints or in the cloud.

The value of visibility

You can’t protect what you can’t see. Our focus on visibility – helping companies see where their data lives and moves – is striking a chord with our customers and the industry in general.

When our customers win, we do too

While receiving these industry awards is a great honor, what’s even more meaningful for us is being able to recognize our customers.  Just last week at Evolution, we honored a select group of customers with our Evolutionaries awards. These annual awards celebrate our customers for their extraordinary innovations in the development, deployment and adoption of applications in data recovery and visibility. We’ll profile these winners in another post; I think you’ll be impressed with what they have accomplished.

There’s an unmistakable link between the amazing results our Evolutionaries are delivering for their organizations, and our selection as winners of these industry awards. By helping them win their data security battles, their businesses win, and we do too.

Every Idea Matters: Secure Them with Code42

At the most basic level, every business sprang from an idea. Every advancement, every cure, every game changer–they all started as a concept in someone’s mind. No matter the industry, ideas are the fuel that helps every one of our customers grow.

Every idea matters. It’s a simple concept, but one that guides us at Code42 as we secure our customers’ data–their ideas–wherever they live or move.

Case in point: This week we announced the Code42 Forensic File Search product, which helps security, IT and compliance teams dramatically reduce the time it takes to investigate, respond to and recover from data security incidents that threaten their valuable IP. Because it collects file metadata and events across all endpoints in an organization and makes them searchable via the cloud, you can cut incident response investigations from weeks and months to mere seconds.

Expanding security capabilities

While this new product is exciting in itself, it also marks an important expansion of our security capabilities for global enterprises. With Code42 Backup + Restore, you have access to complete file contents on any endpoint. Code42’s File Exfiltration Detection gives you visibility into departing employees moving files to external drives or cloud services. Code42 Forensic File Search provides you metadata from file activity. Together, these features offer you the greatest visibility yet into what’s happening to the valuable ideas on your organization’s endpoints.

Later this year, we’ll extend the same visibility to the data that lives on corporate cloud applications, including Microsoft OneDrive, Google Drive, Box and Slack. While the endpoint will continue to be relevant, and a key source of data exfiltration and infiltration, we know that in the next five years that much of the data on endpoints will move to the cloud. We intend to be at the forefront of this transition.

Every feature of the Code42 platform was designed with the same end goal in mind: to protect the valuable ideas fueling our customers’ growth. Our customers are changing the world with their ideas. It’s our job to keep those ideas safe. Because every idea matters.

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

The other day, while watching a show about modern warfare on The History Channel, I was struck by how technical advancements in modern warfare mirror the innovative leaps we have made in the battle of cybersecurity. In particular, the invention of night-vision goggles brought continuous visibility to the battlefield, changing warfare in two key ways:

  • It illuminated the dark corners: suddenly silent still actors would be seen as if they were fully illuminated; and
  • It enhanced the temporal dimension: what was traditionally a daytime activity became an around-the-clock battle.

Today, with the announcement of Code42 Forensic File Search, we’re happy to say that Code42 brings night vision to data security. We are enabling a new dimension of visibility—illuminating dark corners and creating a fully visible arena that you can examine, mine and use to take action in defense of your data.

We illuminate the dark corners

Imagine that you could search and investigate file activity across every endpoint on your network. You could instantly query your data to find where files are located. In the event of a malicious file finding its way onto your network, within seconds you could know where that file had landed and who was impacted by it—regardless of where the file resided on that machine. Suddenly the ransomware files that hide silently in users’ Recycle Bins and Downloads directories are visible. The least managed–but most exposed–entry points for malware and ransomware are suddenly visible to you.

We change the temporal dimension

Being able to see into the dark corners of the “battlefield” is only the first step. Imagine being able to take immediate action against those endpoints regardless of whether they are on your network, or even powered off in someone’s home. This is the power of Code42 Forensic File Search. We’re constantly logging changes happening on your endpoints and sending them to our cloud where you can interactively query them to find files regardless of the state of the endpoint. Our optics give you the enhanced vision to illuminate file activity on your endpoints, in near real-time, without waiting for users to connect or manually going out and searching the endpoints that were unavailable to you.

Our element of surprise

For years, as security experts we’ve been forced to fight a blind battle—one where the night sky is devoid of stars; one where our enemies could exploit any weakness in our data visibility. Tomorrow’s data security battle is defined by night vision, enabling you to know where your data lives and moves across all endpoints – at a moment’s notice. It’s defined by the ability to get real-time results from dynamic queries. These new capabilities enable the level of digital trust that you need to drive your organization’s digital transformation journey.

Code42 “night vision” is just one of the transformative changes we’re bringing to the battlefield for data visibility and security. What’s next? Well, those in attendance at our Evolution18 customer conference have seen a few glimpses today. We’ll share more here soon.

Evolution18 Begins Today

We’re thrilled to say that Evolution18, our annual customer conference, kicks off today! We are looking forward to welcoming customers and partners from around the globe to San Francisco. During the next three days, attendees will hear the latest on all the most important topics in data security, connect with industry experts, learn from the pros in our 30+ breakout sessions, get certified on Code42 administration – and, we think, have some fun in the process!

Of course, we understand that not everyone can join us in California. That’s why we plan to post some of the biggest news from the event right here. This includes an exciting announcement about Code42’s newest product, which will take our data security capabilities to a new level, as well as the winners of our annual Evolutionaries Awards. We love to share success stories when we hear them. The awards honor Code42 customers that have demonstrated dedication to delivering the best possible data security and recovery solutions.

We’re also looking forward to sharing event highlights like the keynote speech from Theresa Payton, one of the nation’s leading experts in cybersecurity and IT strategy. Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff. Theresa has already shared some great thoughts on the state of cybersecurity with us, and we can’t wait to hear more.

Stay tuned to the blog all week for more on Evolution18.

Is GDPR-Regulated Data Hiding in Pockets of Your Organization?

Data breaches that compromise critical customer information are the worry that keeps IT people up at night. Unfortunately, what’s considered critical customer information and what you must do to safeguard it has changed dramatically, thanks to GDPR. IT stakeholders at American companies who’ve assumed GDPR does not apply to them may want to take a closer look at what the implications are for U.S.-based companies. GDPR-regulated data can be found in places you might not expect, and the tools you’ve been using to keep track of that data may not provide the visibility you need in case of a breach.

Where does GDPR apply?

First off, don’t think because you’re an American company only doing business in the U.S. that you’re exempt. If you capture any data about an E.U. citizen, like one who stumbles across your website and sends a question through a contact form, you’re on the hook for GDPR.

So where does the data regulated by GDPR live in your organization? The short answer: everywhere your customer data lives and travels within your organization. That doesn’t just mean your CRM system. Employees routinely download and use personal customer information on their endpoint devices, even when company regulations forbid it. You may or may not be surprised to learn that the C-suite is the worst offender at this.

The scope of what is considered “personal information” under GDPR is much broader than you might expect. While most companies already take steps to protect sensitive information like credit card information or social security numbers, GDPR takes it much further and could signal a sea change in data collection. Specifically, any information that can be used to identify a person, like IP addresses and names, is covered under the regulation; however, GDPR is expanding the definition of sensitive data to include any data that could potentially identify a person. So, if you’re capturing it, it’s worth protecting.

What does data encryption protect against?

Many IT directors hit the pillow every night with the misguided confidence that their data encryption will prevent any GDPR-related problems. Unfortunately, that’s not always the case.

Data encryption is a useful tool if your data compromise doesn’t include credentials that unlock the encryption. But if your data is compromised because of stolen credentials, then encryption doesn’t matter. This can happen with stolen laptops, a common occurrence with company-issued employee laptops. It can also happen with malicious employee activity – if employees with valid credentials decide to exfiltrate data, encryption won’t do a thing to stop them.

What happens after a data breach?

Talk about sleepless nights for an IT director. For companies that experience a data breach, the hours and days after discovery are usually a mad scramble to assess what’s been compromised and by whom. The time and money spent to unravel the tangles of compromised data in an organization can add up fast. And GDPR doesn’t give you much time. You have 72 hours after discovery of a breach to notify GDPR authorities if personal information has been affected.

The problem for most companies is that they don’t really know where all their customer data is stored. A lot of it can end up on employee laptops and mobile devices. To truly protect their data assets, companies must have a firm understanding of where all their data travels and lives.

Data visibility

Being able to immediately and clearly locate customer data is critical to surviving a breach of GDPR-regulated data. A strong endpoint visibility tool can provide a quick understanding of all the data that has traversed through an environment—and importantly for GDPR, whether that data contains personal information.

An endpoint visibility tool can also tell you with confidence if compromised data does not include personal information that would fall under GDPR. That would prevent you from unnecessarily alerting the authorities.

Unfortunately, data breaches continue to happen, and there’s no sign of that abating any time soon. When the collection of consumer data is necessary, companies should consider it sensitive and use endpoint visibility tools to protect it.

Meet Evolution Guest Keynote Theresa Payton (part 2)

We are excited to welcome Theresa Payton, one of the nation’s leading experts in cybersecurity and first female White House CIO, as our guest keynote at Evolution18. Don’t miss the chance to meet her in person at our annual conference, April 9-11, in San Francisco. It’s not too late to register and attend!

Before she takes center stage, we asked Theresa to share her thoughts on the state of the security space and how it has evolved since her time as White House CIO. In part two of our interview, Theresa talks about the investigation process, the risks of the move to the cloud and securing the digital transformation.

Code42: Why do cybersecurity investigations take so long? What steps can security teams take today to shorten them?

Theresa Payton: In Hollywood movies, a geek sits at a computer in the dark, and starts typing away at a keyboard. The geek looks at lists of files and computer code and then, “aha,” finds the evidence that’s needed. If only it worked that way. There are no magic programs that allow investigators to do their work. It’s a literal “whodunit” when there is an incident. Cybersecurity investigations are complex. Often you do not have a witness to talk to that saw the cybercriminal deposit the malware or break into the company.  Cybercriminals may delete their tracks, making it hard to pinpoint what they actually stole and how.

One of the best things you can do is to have a plan in advance. Practice digital disasters and practice doing forensics. Set ground rules. Identify the tools you need to purchase and the training your team will need. Interview vendors and choose a vendor that you can work with if the forensics is too overwhelming to handle in house or if you want a second opinion.

C42: What are the risks facing companies as they embrace the move to the cloud?

TP: Think about the data that you and your customers are going to generate. Using cloud platforms can sometimes be a better option than managing your own servers.

You do need someone on your team worrying about the security configurations of your cloud instance. The cloud service providers do not do this for you. There remains no set-it-and-forget-it option when it comes to security.

C42: IT teams are tasked with moving the business forward by helping employees be more effective and embracing the mobile workforce. What advice do you have for security leaders embracing this digital transformation?

TP: No company is perfect. It’s not a technology issue. It’s a creativity issue and an issue of business risks. We have to really try to understand what risks we are willing to take, and which ones are non-negotiable business risks.

What you see in safer companies are the executives taking this very seriously. You often see a governance board, which could be different executives from around the company—so you may see C-suite members from marketing, customer service, legal, finance and risk.

Often, finance is assuming the role of getting that group together because finance is also thinking about the business strategy, business enablement and reducing business risk. Spending that time to talk upfront at the executive level about security as it relates to the organization’s most critical assets is vital to making sure that the issue actually permeates through the rest of the company.

A key item to remember about security is that in spite of following regulatory compliance checklists and compliance frameworks, bad things still happen. Following checklists didn’t stop WannaCry or Petya from spreading, HBO from getting hacked, or help Twitter, Netflix and Amazon during the scary hours of Friday, October 21, 2016, when we realized the Internet was slowing down and, in many cases, not available at all.

What was the cause of the slowdown of the Internet last year? Weaponized baby cams and other Internet of Things devices. It was on that fateful day that the Marai Botnet attack hit Dyn. Dyn, a cloud-based Internet performance management company was the target of a disruptive Distributed Denial of Service (DDoS) attack. The attack directed networked devices to route traffic at the Dyn’s Domain Name Servers (DNS). As a result, Dyn could not respond to the flood of DNS requests and consumers could not reach web sites. It was the biggest, baddest DDoS attack ever… at least until the next time.

C42: Has Hollywood and the media done a good job of portraying cybersecurity and the threats we face? Any examples that have proven to be accurate/predictive?

TP: Our reality TV show, Hunted, did a good job portraying the challenges investigators face when chasing fugitives and the challenges the public faces based on how they live their digital lives. I believe Endemol Shine and CBS did a good job portraying how your digital tracks can betray you. The one thing you did not see were the hours and hours of our team digging and coming up with nothing. You just see the exciting parts. If you have not watched it, my mom says it’s her favorite show and you should trust my mom.

More about Theresa: A pioneering technology leader
Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy. She is currently CEO of Fortalice Solutions, an industry-leading security consulting company; and co-founder of Dark Cubed, a cybersecurity product company.

Theresa began her career in financial services, and after executive roles at Bank of America and Wachovia, she served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.

Up Close with Theresa Payton: Former White House CIO and Guest Keynote at Evolution (Part 1)

Meet Evolution Guest Keynote Theresa Payton (part 1)

We are excited to welcome Theresa Payton, one of the nation’s leading experts in cybersecurity and first female White House CIO, as our guest keynote at Evolution18. Don’t miss the chance to meet her in person at our annual conference, April 9-11, in San Francisco. It’s not too late to register and attend!

Before she takes center stage, we asked Theresa to share her thoughts on the state of the security space and how it has evolved since her time as White House CIO. In Part One of our interview, she talks about the evolution of security threats, social media data privacy and enterprise cybersecurity blind spots.

Code42: How have security threats evolved since your time in the White House? Are there any new threats that you didn’t anticipate?

Theresa Payton: Many of the challenges companies face today are similar to the security challenges at the White House. The pivotal moment for me that shifted how I design a security strategy started at the Executive Office of the President, in the White House. The security at the White House could not be just about boxes, servers, oppressive end-user policies and blinking lights in the Security Operations Center. Security at the White House came down to the people who served at 1600 Pennsylvania Avenue, across America and abroad. We knew we had to address the hearts and minds of the staff if we wanted to protect their privacy and security. After all, if solving cybersecurity and privacy issues was as simple as following security best practices, we would all be safe. It’s not that simple.

The cybercrime threats to organizations change every day and move all over the globe. The biggest change is the larger hit to an operation’s systems, especially in the cases where the victim has been hit by ransomware. That’s why companies need to make strategic investments to protect themselves.

The attacks that make the news typically have complex motivations that are both economic and political; but the vast majority of attacks, many unreported, are simply about the money.

As far as any threats that I didn’t anticipate, not so far; but I can say that regarding my predictions, I wish I were wrong.

C42: Based on your time in the government, do you see a law like GDPR ever being passed in the U.S.?

TP: It is possible we will see Congress one day pass a consumer bill of rights for the Internet, digital safety and privacy; but I think we are several years away from that.

Privacy laws, the court systems and law enforcement’s ability to source cases are lagging with the digital age. Technology, specifically drones, have been a great tool for law enforcement in spotting potential victims and helping rescue those who need help in dangerous conditions. But with the popularity of domestic drones, we now have flying spies in our neighborhoods. This is a discussion that as a society we need to have. It’s common knowledge that it’s not polite to peep through people’s windows—it’s illegal.

But do we have any laws protecting us from social media companies collecting and selling our data, credit bureaus from aggregating our spending habits and selling our information, and our neighbors’ surveillance cameras or overhead drones from gathering our data? We don’t—at least not yet.

C42: What are enterprises missing when they think about data security?

TP: It’s very challenging for companies to get their arms around their data architecture. When companies have highly regulated data elements such as HIPAA, PII, PCI-DSS and others, we also see “data haves” and “data have nots” as far as security in those companies. I would ask your business team and your data architects a few questions to see what might be missing from your data security plan.

The first one is to ask, “Have we actually had a company discussion on what our top two or three most critical assets are? And do we agree?” I think a very simple way to do that is you get in a staff meeting. Tell everybody no peeking. Pass out index cards and have everybody write down their list. Ask a facilitator to help you force rank each list until all agree on a company list.

The next question you should ask is, “What is our worst digital-disaster nightmare?” Name it and define it. Practice (dealing with) that nightmare. Learn what capabilities you have and don’t have. Discover where you need new partners to assist you. And then figure out what you can’t mitigate on your own through partners, through process, through technology—that’s what you want to go get cyber liability insurance to cover.

The other thing that I think companies overlook is that you can increase your security and reliability and also your resiliency if you pick the right cloud-services provider. If you are holding on to some legacy mail platforms and things like that, it may be time to reintroduce making a strategic decision around the cloud. That could save you money and it could, if you pick the right provider, create a whole new set of security protections and protocols you don’t have in-house.

More about Theresa: A pioneering technology leader

Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy. She is currently CEO of Fortalice Solutions, an industry-leading security consulting company; and co-founder of Dark Cubed, a cybersecurity product company.

Theresa began her career in financial services, and after executive roles at Bank of America and Wachovia, she served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.

Facebook Twitter Google YouTube