The-Year-in-Review-at-Code42

2018: The Year in Review at Code42

The end of the year is always a great time for reflection. The last 12 months have been especially eventful for Code42. This year, the Code42 product grew and evolved in significant ways. We made product enhancements and introduced more tools to gather actionable intelligence about data risk. Most importantly, we added capabilities that paved the way for our biggest product yet: Code42 Next-Gen Data Loss Protection. We couldn’t have brought this exciting new solution to life without the foundational features unveiled throughout 2018. Here’s a look back at the highlights.

Code42 Forensic File Search

In April, we launched Code42 Forensic File Search, which now forms the core investigation capabilities of Code42 Next-Gen Data Loss Protection. By collecting file metadata and events from endpoints and making them searchable via the cloud, Code42 Forensic File Search enables security teams to get comprehensive answers to challenging security questions in seconds versus days or weeks.

Code42 Forensic File Search expands into cloud services

Our September release included several more enhancements, both big and small. We extended the capabilities of Code42 Forensic File Search so security teams can search for files by SHA256 hash and across cloud services, including Microsoft OneDrive and Google Drive. These capabilities truly unified and broadened the investigation capabilities of Code42 Next-Gen Data Loss Protection, providing full visibility to where corporate files live and move.

With the ability to search file activity in the cloud, IT and security teams are now able to more quickly see what files are shared and with whom; how and when files are added to cloud services; and what files a departing employee accessed, shared, downloaded or transferred before resigning. To further strengthen this capability in 2019, we’ll continue to expand across other cloud services.

With our November release, we added even more improvements to Code42’s investigation and monitoring capabilities. File Exfiltration Detection support was introduced for Mac devices, which now detects files being sent to Slack, FileZilla, FTP and cURL. To make it even easier to keep track of the most critical files, we also rolled out the ability to save search queries.

Code42 customers embraced cloud architectures

Meanwhile, customers told us their cloud strategies were changing. Companies who had originally chosen on-premises and hybrid deployment models were ready to fully embrace the benefits of cloud. We set out to deliver a secure and seamless way for our customers to move to cloud without needing to re-deploy or lose their historical data. This fall, we were proud to deliver a migration path that enables customers to deploy in the cloud in a couple of hours, without any user downtime or data loss. We’ve already had many customers upgrade to the cloud in order to eliminate on-premises hardware and take advantage of all the newest Code42 functionality. If you are a Code42 customer interested in moving to a cloud deployment, contact your CSM today to learn more.

“ Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. ”

Next-gen data loss protection

In October, we brought all of our core capabilities together into a single holistic solution and unveiled Code42 Next-Gen Data Loss Protection. We heard from our customers and the market that while traditional data loss prevention (DLP) solutions sound good in concept, they’re failing to live up to their potential in several key ways. Most companies are only using a fraction of the capabilities of their traditional DLP solutions. Security teams describe using traditional DLP as “painful.” Deployments of these tools can take months or years, because proper setup requires an extensive data classification process, and refining DLP policies to fit unique users is complex and iterative. To make the situation even more challenging, traditional DLP blocks employees from getting their work done with rigid data restrictions that interfere with productivity and collaboration.

Most importantly, traditional DLP solutions are narrowly focused on prevention — and business and security leaders now recognize that prevention alone does not work. Data loss will happen. Being able to protect a business from data loss and quickly recover from an incident is more important than the constant efforts needed to prevent an attack from happening — especially when, in the end, prevention fails.

Code42 Next-Gen Data Loss Protection takes a fundamentally different approach to protecting corporate data. Unlike traditional DLP, it does not require policies, which has multiple benefits. The solution deploys in days instead of months; it is not resource-intensive to manage; and it doesn’t burden administrators with false positives. Most importantly, it doesn’t drain user productivity with rigid restrictions on data use.

Code42 Next-Gen Data Loss Protection is cloud-native and preserves every version of every file on every endpoint, forever. It monitors file activity across all endpoints and an ever-expanding list of cloud services. As a result, it provides unified visibility to where files live and move as well as access to the contents of files involved in data security investigations. Code42 Next-Gen Data Loss Protection preserves current and historical endpoint files for rapid content retrieval and investigation, as well as to help meet regulatory requirements.

To achieve these benefits, Code42 Next-Gen DLP leverages five key capabilities:

  • Collection: Automatically collects and stores every version of every file across all endpoints, and indexes all file activity across endpoints and cloud. 
  • Monitoring: Helps identify file exfiltration, providing visibility into files being moved by users to external hard drives, or shared via cloud services, including Microsoft OneDrive and Google Drive.
  • Investigation: Helps quickly triage and prioritize data threats by searching file activity across all endpoints and cloud services in seconds, even when endpoints are offline; and rapidly retrieves actual files — one file, multiple files or all files on a device — to determine the sensitivity of data at risk.
  • Preservation: Allows configuration to retain files for any number of employees, for as long as the files are needed to satisfy data retention requirements related to compliance or litigation.
  • Recovery: Enables rapid retrieval of one file, multiple files or all files on a device even when the device is offline, or in the event files are deleted, corrupted or ransomed.

It’s been a big year for Code42, and with the launch of Code42 Next-Gen Data Loss Protection, next year will be even bigger. Thanks for taking this trip down memory lane with us and see you in 2019!

Code42-Tis-the-Season-the-Greedy-Go-Phishing

‘Tis the Season the Greedy Go Phishing

It’s the time of year where we (hopefully) spend a little more time away from work and more time with friends and family to relax and celebrate. It’s to be expected that many of us are a bit more relaxed during the holiday season. Perhaps off-guard. This is exactly where the bad guys want us. They’re counting on it. It’s why they are more active this time of year.

The holidays have always been a time for the greedy to strike. Years ago, their primary vectors of attack were telemarketing scams used to promote fake charities. Of course, criminals still do these types of scams, but they have also kept up with the technological trends of the times. Today you are just as likely — if not more — to be hit with a phishing email, instant message or scam on social media.

“ As staff use corporate devices for both work and shopping — and accessing data files as well as connecting to the network — there is an increased risk that clicking on the wrong file or link could expose your organization to malware, data theft, ransomware attacks and more. ”

But Rob, this is a corporate security blog — why are you writing about consumer security? Well, here’s the thing: the scam and phishing-related activity doesn’t just place consumers at risk. After all, your corporate employees are consumers — and think about how the separation between people as consumers and workers has been erased. The days of employees having personal devices and work devices are long gone. Many organizations are BYOD now, either by policy or the reality on the ground.

The reality is your employees are using work devices to click on emails, shop and research the holiday gifts they hope to share. As staff use these devices for both work and shopping — and accessing data files as well as connecting to the network — there is an increased risk that clicking on the wrong file or link could expose your organization to malware, data theft, ransomware attacks and more.

Here are just some of the techniques attackers use to trick employees:

  • Emails that look like they come from insiders of the organization or trusted partners
  • Bogus websites that promise deep discounts, but are really designed to siphon personal data and credit card numbers
  • Mass phishing scams that impersonate popular retail brands (that steal usernames and passwords that thieves will try to use elsewhere)
  • Spurious order or shipment update emails
  • Phony charities
  • Social media updates and tweets crafted to trick people to scam websites
  • Holiday ecards (isn’t anything sacred?)

The good news is because attackers are using the holidays as a moment of opportunity, you can do the same thing by taking constructive steps to build employee awareness about phishing and online scammers. To protect their safety and yours, now is a perfect time to help them to understand that they are being targeted during the holiday season.

Here are some things to remind employees to do to protect themselves and your organization:

  • Avoid public Wi-Fi and always be sure to connect to secure internet.
  • Always use best practices when it comes to password management.
  • Use unique passwords for each service and never reuse work passwords for home.
  • Use a separate email for online shopping.
  • Dedicate one credit card or prepaid card for online shopping, and don’t use debit cards (the rules for fraud protection are often different).
  • Be vigilant for phishing emails, social media posts and direct messages. Don’t ever click on unfamiliar links; when an offer seems too good to be true, it probably is.
  • Look closely at all email communications — watch for minor changes in email address name or domain, the validity of the domain the links refer to, typos in the text of the message and odd grammar.
  • Remind them to back up their devices and data; this is the best way to recover from such things as ransomware attacks.

Of course, much of the same advice holds all year around, but it’s worth being extra diligent this time of year. The less time spent cleaning up malware and recovering from attacks, the more time we all have to enjoy the season.

Code42 Learning for Life

At Code42, We Embrace Learning as Part of Life

As human beings, we are constantly learning. While we work, we’re constantly getting better at our job skills and becoming more knowledgeable in our field. But we also learn from our experiences at work — how we interact with one another and our environment. Learning on the job is inevitable. Employers that embrace that fact and support their employees’ learning journey can help them develop faster and with more confidence.

At Code42, learning is a core part of our culture. This fall, we embraced that by launching a two-month program called “Learning for Life.” Our mission was to highlight the programs, resources and brilliant minds at Code42 through internal education sessions, keynote speakers and opportunities to learn something new. We encouraged curiosity and expanded perspectives for the amazing lifelong learners we are fortunate to employ. We were quite happy to hear the reactions of those who participated in the program:

“ Our mission was to highlight the programs, resources and brilliant minds at Code42 through internal education sessions, keynote speakers and opportunities to learn something new. ”

“I enjoyed the variety of topics and that Code42 was intentionally planning content for this program,” said participant Eileen Potter. “This made me think about the ways I am continually learning. While I’ve always done that in my career, it’s really nice to have an employer actively supporting me with a learning culture.”

“I loved having the chance to hear from a variety of people throughout the company,” said attendee Beth Bornhoeft. “As someone who’s relatively new to the Code42, I felt like this was a chance to get a crash course in institutional knowledge. I found myself with a ton of takeaways that I can use in my job.”

As part of an incredibly dynamic tech industry, we at Code42 are committed to providing learning opportunities that are critical to our success and that of our employees. We know that, in order to remain competitive in the ever-changing market, we need to create an environment that is nimble, agile and flexible to keep pace. That means developing learning and training opportunities that support the personal and professional development of our people.

We believe that a learning mindset is a conscious choice on how to approach work and life. If we cultivate an environment that encourages trial and error as well as resilience and growth, we have a formula for success.

#BeCode42

Diversity is the Answer to the Cybersecurity Talent Shortage

Anyone in the cybersecurity profession understands that organizations are facing a severe shortage of skills in virtually every aspect of information security.

In October, (ISC)², an international nonprofit association of cybersecurity professionals, released its latest Cybersecurity Workforce Study, which found that the cybersecurity workforce gap has increased to more than 2.9 million globally. About two-thirds of those surveyed (63 percent) report that their organizations have a shortage of IT staff dedicated to cybersecurity, and 48 percent said their organizations plan to increase cybersecurity staffing over the next 12 months.

For anyone looking to fill open positions in security programs, those are discouraging numbers. And there are no clear signs that the situation will get better any time soon.

“ Those who embrace diversity now will have a distinct advantage over those who are slower to realize its benefits. ”

Greater diversity can help

The good news is there are things we can do to ease the talent shortage, including bringing more women into the cybersecurity field.

Perhaps one of the more positive findings in the (ISC)² report was that there is a younger workforce and greater representation of women in the study. Women now represent 24 percent of the cybersecurity workforce surveyed, compared with 11 percent from previous studies.

In the cybersecurity world today, we are facing some of the same threats that we faced a decade ago, albeit with new packaging. A variety of viewpoints informed by different backgrounds and experiences will allow the security industry to take new approaches to identify and solve today’s most challenging and persistent threats. These need to include not only more women, but also people of varying ethnicities, countries of origin, ages and other factors.

How to implement diversity

There are steps we can take to increase workforce diversity, and they start before an employee is even hired.

One peer I recently spoke with shared that her organization reviews all job postings for gender-biased language. For example, security practitioners love to use the word “ninja,” as it speaks to precision and accuracy. However, it’s also a word that conjures up images of conflict and danger that may be less appealing to female candidates. Reviewing your job posting for language that may unconsciously favor one gender in the first step to attracting diverse candidates.

Another key is to create programs within your organization that promote diversity and inclusion. This isn’t a particularly progressive stance to take today — it’s simply table stakes. People in the workforce today want to be able to bring their authentic selves to their jobs. If job seekers and employees of all backgrounds believe they won’t be welcome in your organization, they’ll look for work elsewhere.

Mentorship programs within companies are also powerful tools. Through these programs, women working in security professions can provide guidance and encouragement to others in the company or those in the community showing an interest in cybersecurity.

Another initiative is to work with youth organizations to create more awareness about opportunities for women in technology fields in general and in cybersecurity specifically.

For example, Code42 has been partnering with the Girl Scouts for two years on events focused on fostering an interest in technology.

Last year, we hosted “Think Like a Programmer,” an event at which girls worked to earn badges related to Science, Technology, Engineering and Math (STEM). This year, they had an opportunity to work on a new Cybersecurity badge. The purpose of the program is to help girls understand not only the basics of programming, but also that there is a spot for them in cybersecurity.

Events such as these offer an opportunity for girls to meet, talk with and learn from women in the field of technology at Code42; create forums for dialogue about the advantages of STEM; encourage women to pursue careers in high technology by celebrating accomplished female leaders and role models; and bring more awareness to women in technology.

Organizations can also look to recruit diverse candidates who are working in completely different areas to join security teams, if they have skills that apply. For example, someone with a strong background in technology or analytics might have the ability to learn about large, complex systems, and could understand the logic behind how those systems work and their vulnerabilities.

Security executives such as CISOs need to work closely with human resources to recruit a broad array of talent that could make the security team stronger. It’s only a matter of time before this field will be truly diverse, but those who embrace diversity now will have a distinct advantage over those who are slower to realize its benefits.

Cybersecurity That Users Are Thankful For

When do you most value your applications or ability to access your data? That would be the very second after something goes awry and your access is lost. It’s true, and it’s like the cliché: you don’t know what you have until its gone.

In this way, computing is a lot like a utility service: we just expect to flip a switch and have the lights go on. We plan to dial a number and have the phone system work. Moreover, we don’t tend to think about how much we appreciate these technologies until the moment they don’t work as we expect. If you don’t believe me, talk to people diligently working on your IT support team right now. Ask them how often they get calls when everything is working right from staff, thanking them for ensuring access to their business-technology systems has remained available and smooth. 

Then ask them how often the phone rings when something goes down.

Exactly.

Cybersecurity is very similar. No one thinks about the technologies protecting them until they fail, and there’s a breach or systems become inaccessible. How security professionals help others manage risk can also create challenges.

“ While some rules are necessary, security technology that is focused on prevention only can position security teams as blockers and deniers. ”

What I mean by this is that often, when staff hears from their security teams, it’s because something went wrong. The user did something wrong, or the security team is going to inform staff that they can’t continue doing things a certain way: Don’t access public Wi-Fi without a VPN. Stop using this password. Hurry up and patch and reboot all of these systems. No, you can’t use that cloud service; you have to use this cloud service instead.

While some rules are necessary, security technology that is focused on prevention only can position security teams as blockers and deniers. There are, however, other ways security teams can serve as business partners and architect solutions that not only secure data but also make it easier for users to get their work done. At Code42, we are always looking for ways to provide added value directly to the user.

Here’s an example. As part of the Code42 Next-Gen Data Loss Protection solution, we also provide users the ability to back up and secure their data. Data loss protection with that extra level of recoverability gives the user additional peace of mind. They know that if their notebook dies, or someone clicks on a malicious link, that they don’t have to panic. There’d be no reason to. They’ll see something went wrong, but they’ll know their data is backed up and safe and can be recovered.

Recently, I had the opportunity to watch this play out with a customer. They wanted to make a security purchase, but they were low on budget at the time. They thought they had to postpone their purchase. However, when the IT team found out that they would get data leak protection and the ability to consolidate their endpoint backup solution, they decided to move forward.

They ended up going forward with the investment because they realized that this was a win for the IT team, the security team and the end user.

My takeaway from this experience is also a good lesson for security professionals: don’t over-focus on prevention technology that is narrowly focused on denying and blocking. Look for solutions that enable end users and IT to be not only more secure but also more collaborative and productive. And that’s something everyone would be thankful for.

Product Spotlight: Saved Searches

A Simple Way to Streamline Investigations

While every organization wants to protect its data, some files are more critical than others. You need to know where these “crown jewels” exist in your organization, and you don’t want to reinvent the wheel every time you need to find them. Fortunately, Code42 Next-Gen Data Loss Protection (DLP) can help you quickly and accurately locate these files — and save your search criteria so you can easily find them again in the future.

Code42 Next-Gen DLP protects your intellectual property from loss, leak, misuse and theft by showing you where critical files live and move. With Code42 Next-Gen DLP, you can quickly search for data using file hash, date range, type, filepath and more — to get a complete inventory of where important files reside on your endpoints and cloud services.

For example, suppose your organization has “secret sauce recipes” that are vital to your company’s success. These critical files should only be accessible to select employees — but how can you verify that is indeed the case? You can use Code42 Next-Gen DLP to see if your company’s secret sauce recipes are saved anywhere they shouldn’t be. Simply use Code42’s investigation capabilities to search for the SHA256 hashes of your most critical files.

Once you’ve built a search to identify the location of those special files, you can save the search criteria so you can quickly re-run a search in the future. These saved searches can be named and edited as needed. Saved searches pre-populate queries so that routine searches can be run more frequently.

Keeping your crown jewels safe is at the heart of a good data loss protection strategy. And now, Code42 makes this even easier using saved searches.

At Nasdaq with Pledge 1%

A few years ago, Code42 President and CEO Joe Payne laid out his vision for how Code42 could leave a greater, deeper mark in our communities. In fact, one of our corporate values is to leave the world a better place.

Part of this commitment included joining Pledge 1%, a non-profit organization that started a global movement to encourage companies to integrate giving back into the core of their business. To help celebrate Pledge 1%’s four-year anniversary, we recently joined them in New York along with other member companies to ring the bell at the Nasdaq. It was quite a thrill to be there among a group of some the world’s most innovative companies and talk about social responsibility and how we can do more to give back.

Pledge 1%’s representative said, “We’re ringing the bell to honor all of our Pledge 1% member companies who have gone public already, as well as our Pledge 1% members who will undoubtedly ring the bell in the future.”

Code42 at Nasdaq with Pledge 1%

More information on Code42’s corporate philanthropy program can be found here.

Code42 Policy-Free DLP- It’s Time to Rethink Data Protection

It’s Time to Rethink DLP

As much as we may not like to talk about it, half of the major threats to the security of our corporate data come from the inside. That doesn’t mean that our employees are all malicious — insider threats can surface in many ways: user errors and accidents, lost or stolen devices, even hardware failures — and the list goes on. In fact, a report by International Data Group (IDC) showed that three of the top five most common high-value information incidents involve insiders.

Given this, it’s no surprise that for years, organizations have been using data loss prevention (DLP) solutions to try to prevent data loss incidents. The problem is that the prevention-first approach of legacy DLP solutions no longer meets the needs of today’s IP-rich, culturally progressive organizations, which thrive on mobility, collaboration and speed. The rigid “trust no one” policies of legacy DLP can block user productivity and are often riddled with exceptions and loopholes. For IT, legacy DLP solutions can be expensive to deploy and manage — and only protect selected subsets of files.

“ The prevention-first approach of legacy DLP solutions no longer meets the needs of today’s IP-rich, culturally progressive organizations, which thrive on mobility, collaboration and speed. ”

A fresh start

The prevention focus of traditional DLP forces a productivity trade-off that isn’t right for all companies — and isn’t successfully stopping data breaches. That’s why it’s time for organizations to rethink the very concept of DLP and shift their focus from prevention to protection. Next-generation data loss protection (next-gen DLP) enables security, IT and legal teams to more quickly and easily protect their organization’s data while fostering and maintaining the open and collaborative culture their employees need to get their work done.

Rather than enforcing strict prevention policies that block the day-to-day work of employees, next-gen DLP clears the way for innovation and collaboration by providing full visibility to where files live and move. This approach allows security and IT teams to monitor, detect and respond to suspicious file activity in near real-time.

Next-gen DLP benefits

This next-gen approach to data protection provides the following benefits:

Works without policies: Unlike legacy DLP solutions, next-gen DLP does not require policies — so there is no complex policy management. Because next-gen DLP automatically collects and stores every version of every file across all endpoints, there is no need to set policies around certain types of data. When data loss incidents strike, affected files are already collected, so security and IT teams can simply investigate, preserve and restore them with ease — whether the incident affected one file, multiple files or multiple devices.

Removes productivity blocks: Next-gen DLP enables employees to work without hindering productivity and collaboration. Workers are not slowed down by “prevention-first” policies that inevitably misdiagnose events and interfere with their ability to access and use data to do their work.

Lives in the cloud: As a cloud-native solution, next-gen DLP solutions are free from expensive and challenging hardware management, as well as the complex and costly modular architectures that are common with legacy DLP.

Deploys in days: Next-gen DLP solutions can be rapidly implemented, since the extensive time and effort required to create and refine legacy DLP policies is not needed. Since it works without policy requirements, next-gen DLP is also much easier to manage once deployed than legacy DLP. This is especially important for smaller organizations that can’t wait months or even years for a solution to be fully implemented.

Provides access to every file: While next-gen DLP doesn’t require blanket policies, security teams can still use it to observe and verify employee data use. For example, next-gen DLP can alert administrators when an unusually large number of files are transferred to removable media or cloud services. If the files have left the organization, next-gen DLP can see exactly what was taken and restore those files for rapid investigation and response.

By focusing on all files in an organization, next-gen DLP offers many additional benefits:

  • Visibility into file activity across endpoints and cloud services to speed security investigations. This differs from legacy DLP, which only provides a view of defined subset of data.
  • Fast retrieval of file contents and historical file versions to perform detailed analysis or recovery from data incidents. Legacy DLP solutions don’t collect the contents of files and thus can’t make them available for analysis or recovery.
  • Long-term file retention to help satisfy legal and compliance requirements as well as provide a complete data history for as long a time period as an organization requires. Again, legacy solutions don’t retain file contents and so aren’t able to provide this history.

A new paradigm for DLP

Next-gen DLP is a huge departure from legacy DLP solutions, but it’s a logical and necessary evolution of the category given the changing needs and work preferences of today’s IP-rich and culturally progressive organizations — small, mid-size and large.

Armed with a more discerning tool, organizations no longer have to lock down or block data access with restrictive policies. With full visibility into where every file lives and moves, security teams can collect, monitor, investigate, preserve and recover valuable company data in the event of a data loss incident.

Companies today are looking for better ways to protect their high-value data — while freeing knowledge workers to create the ideas that drive the business. By choosing to implement next-gen DLP, organizations will be able to keep their vital data protected without hindering productivity and innovation.

Code42 Tips From the Trenches- Threat-Hunting Weapons

Tips From the Trenches: Threat-Hunting Weapons

When it comes to cybersecurity, too many enterprises remain on a reactive footing. This ends up being a drag on their efforts because, rather than getting ahead of the threats that target their systems, they spend too much of their time reacting to security alerts and incidents within their environments.

While being able to react to attacks quickly is important for any security team, it’s also important to get out in front of potential risks to identify threats lurking within your systems before they become active.

In this post, we’ll explain how threat hunting within one’s environment can help to break that reactive cycle and improve the effectiveness of any security program.

“ You don’t need a large security organization or any special security tools to start to proactively threat hunt; any security team can start threat hunting, and often using the tools they already have. ”

Threat hunting defined

Before going forward, let’s first take a step back and define what we mean by threat hunting. Essentially, threat hunting is the proactive search for evidence of undetected malicious activity or compromise. These threats can include anything from remote-access tools beaconing to an attacker’s command and control server to malicious actions of an employee or other trusted insider.

Threat hunting is essential for effective security for many reasons. First, defensive security technologies such as intrusion detection/prevention systems and anti-malware software will never successfully identify and block all malware or attacks. Some things are just going to get through. Second, by finding malware and threats that made it past your defenses, you’ll be able to more effectively secure your systems and make your environment much harder for attackers to exploit. Finally, getting adept at finding threats in your environment will improve your organization’s overall ability to respond to threats and, as a result, over time dramatically improve your security posture.

Your arsenal

Because threat hunting entails looking for things that have yet to trigger alerts — if they ever would trigger alerts, to begin with — it is important to look deeper for evidence of compromise. Fortunately, you don’t need a large security organization or any special security tools to start to proactively threat hunt; any security team can start threat hunting, and often using the tools they already have.

For instance, many of the data sources used in threat hunting will be found in firewall, proxy and endpoint logs. While these sources of data probably aren’t alerting on anything malicious, they still hold a considerable amount of security data that can point to potential indicators that an environment has been breached under their radar.

Other readily available tools are helpful for threat analysis, such as Bro (https://www.bro.org/), RITA (https://github.com/activecm/rita), or OSQuery (https://osquery.io/). These tools will help provide additional visibility into network and endpoint data that could provide insights into potential compromise. With these tools, teams can monitor internal network activity, such as virus outbreaks and lateral movements of data. Monitoring East-West network traffic in addition to what is moving through the firewall provides critical insights to the overall health of your network.

The investigation capabilities of Code42 Next-Gen Data Loss Protection (DLP) can be extremely helpful for threat hunting, for determining how widespread a file is distributed in the environment, and to give information about file lifecycle, all of which provide context around whether a file is business-related or suspicious. For example, with Code42 Next-Gen DLP, you can search by MD5 hash or SHA-256 to find all instances of a sensitive file in your organization, or determine if known malware has been detected in your organization.

New tools and new ways of thinking may seem overwhelming at first. However, threat hunting doesn’t have to be all-consuming. You can start with committing a modest amount of time to the hunt, and incrementally build your threat hunting capability over weeks and months to find malicious files and unusual activity. Also, as a direct benefit to your security program you will be able to eliminate noise in your environment, better tune your security tools, find areas of vulnerability and harden those areas, and enhance your security posture at your own pace.

Now, get hunting.

Best of the Code42 Blog November 2018

The Best of the Blog: November 2018

Catch up on the best stories from the Code42 blog that you might have missed in November. Here’s a roundup of highlights:

How Next-Gen DLP is Helping Code42 Customers Today: Learn how IP-driven, employee-focused companies are using the capabilities of Code42 Next-Gen DLP to protect their organizations from data loss, leak, misuse and theft.

Tips From the Trenches: Enhancing Phishing Response Investigations: The only thing better than having the best security tools is when they work together. Learn how combining Code42’s investigation features with a SOAR tool leads to streamlined phishing response investigations.

Security Must Enable People, Not Restrain Them: Instead of deploying processes that are overly restrictive for end users, learn how security teams can become enabling forces in their organizations — while still protecting critical data.

Gene Kim on DevOps, Part 3: DevSecOps and Why it’s More Important Than Ever (Video): DevOps has been a revolution in software development, and Gene Kim has been one of its most influential backers. In the third part of our video series, hear Gene Kim discuss what the development model means for security. Miss the first two videos? Catch them at the end of this post.