Code42 security industry awards

Three Security Industry Award Wins, and Why It Matters

What a month it’s been for Code42!

Last week, we hosted Evolution18, our annual customer conference; we launched Code42 Forensic File Search, an innovative, game-changing product for the information security market; and in the past few days, we were honored with three security industry awards:

Each of these awards is a true honor. Together, they point to the innovation we are driving, and how that’s paying off for our customers. Here are three takeaways.

Innovation drives us

The three awards we won point to our commitment to innovation. It’s a priority for us. We drive innovation to help our customers succeed – safeguarding their ideas wherever they live or move, whether that be on endpoints or in the cloud.

The value of visibility

You can’t protect what you can’t see. Our focus on visibility – helping companies see where their data lives and moves – is striking a chord with our customers and the industry in general.

When our customers win, we do too

While receiving these industry awards is a great honor, what’s even more meaningful for us is being able to recognize our customers.  Just last week at Evolution, we honored a select group of customers with our Evolutionaries awards. These annual awards celebrate our customers for their extraordinary innovations in the development, deployment and adoption of applications in data recovery and visibility. We’ll profile these winners in another post; I think you’ll be impressed with what they have accomplished.

There’s an unmistakable link between the amazing results our Evolutionaries are delivering for their organizations, and our selection as winners of these industry awards. By helping them win their data security battles, their businesses win, and we do too.

Digital Transformation Requires a New Kind of Castle

Digital Transformation Requires a New Kind of Castle

Why don’t we build castles anymore? The answer, of course, is that we do—they just look a lot different. In fact, thinking about how and why castles have evolved can tell us a lot about how we can improve our approach to securing the enterprise “kingdom.”

The first medieval castles were a lot like first-generation enterprise networks: giant walls surrounding centralized assets. Nearly all the value of the kingdom could be held within the walls (data, productivity, etc.). A single drawbridge (the firewall) was connected to the outside world. Turrets gave better visibility to threats coming from the outside. It was a simpler time: With most value contained within the walls and little need to connect outside, it was much easier to build up a hardy perimeter. But these castles were also big targets, with a huge attack surface and lot of value to be taken. Moreover, there was little in the way of internal security. If attackers breached the perimeter, they had their run of the kingdom.

Gunpowder changed everything

Then someone came along and invented gunpowder. Firepower is a lot like malware, ransomware and social engineering tactics. Suddenly you can shoot over castle walls or even through walls. The response in medieval times was to build more walls—to create castles within castles. We did the same in the digital enterprise world, adding VLANs, secondary firewalls, app-specific encryption and other “walls” around specific internal assets.

That’s where most organizations are today – still structured around the idea of the secure perimeter. We secure the thing that holds the value—the network, the server, the app, the endpoint device—but not the value itself (the data). We hone our sights on external threats, missing the threats that are already inside the castle walls.

The digital castles of tomorrow

It’s increasingly clear that a perimeter-based approach doesn’t suit the modern kingdom. You’re never going to completely stop all breaches, and tougher walls will end up locking your own people out and stifling value creation. So, what does a forward-thinking data security strategy look like? Here are four key features we’ll see in the digital enterprise “castles” of tomorrow:

  • There will be perimeter—but it will be porous. There will always be boundaries, but we’ll only rely on the perimeter to stop the most obvious and basic attacks—and we’ll ensure it doesn’t thwart our users’ productivity.
  • Smaller targets—less attack surface. Data security strategies will start at the most granular level which is at the user’s endpoint device. By making the targets small and many, it makes it more expensive (and less fruitful) to attack them.
  • Turrets that look inward. As threats increasingly come from within, we’ll turn our lookout towers around. We’ll use data visibility tools to see where our data lives and when it moves, and get better at recognizing when something doesn’t look right.
  • Securing the value itself. Instead of securing the thing that holds the value, we’ll secure the value (the data) itself. That means finding ways to ensure that attackers can’t actually remove data, and/or that the enterprise never truly loses that data (and all its value).

To close out our medieval castle analogy, the next-generation digital “kingdom” won’t have giant walls to protect our gold. We’ll use data visibility tools to know the second a gold coin moves somewhere it shouldn’t, and we’ll use data recovery tools to ensure we can always yank that gold coin back, no matter where someone tries to take it.

Forrester’s Mitigating Insider Threats: The Security Playbook

By submitting this form, you agree to Code42’s Privacy Policy.

The Forrester Playbook for Insider Threat

Insider threat definitely isn’t slowing down in 2018—because it’s a human problem, and most companies aren’t getting rid of humans anytime soon. Forrester just released a playbook that gives data security leaders a starting point for improving their insider threat programs in 2018. The report lays out a clear path for moving toward smart, context-aware risk detection—without slowing users down.

Most insider threat strategies are still flawed

According to the Cybersecurity Insiders 2018 Insider Threat Report, most organizations surveyed (73 percent) say they have controls in place to detect and respond to insider threats. Unfortunately, traditional DLP is the tool most commonly used. As we’ve explained before, this is a faulty approach, as data loss prevention (DLP) software forces “all or nothing” policies and can leave valuable IP unprotected. Moreover, while 90 percent say monitoring and profiling data activity and data access is important, most companies only monitor some of the data, some of the time. And while analytics and AI are transforming other parts of digital business, only one in three companies are using analytics to monitor user data activity and movement.

Three questions every data security leader should ask

As you read the report, think about your organization’s own insider threat program and ask yourself the following questions:

  • Can you protect all your data—structured and unstructured, on servers, in the cloud and on user endpoints?
  • Can you see when and where that data moves, so you can pinpoint risky activity early?
  • Does your insider threat detection solution give you smart alerts you can trust and use (i.e., not overwhelming you with false positives)?

If you can’t confidently answer “YES” to all three of these questions, then you absolutely need to read the new Forrester report.

42 Seconds with a Code42 Customer: Utex Industries

Code42 provides your business with a variety of data security benefits, including increased productivity, risk mitigation, streamlined user workflows, and more – all in a single product that’s been proven to ultimately save you money. While Code42 has a few primary use cases – backup and recovery, device migration, etc. – we’ve learned that our different customers use Code42 in different ways. To explore how customers use our product, we recently partnered with the talented team at creative agency Crash+Sues to create a series of animated videos featuring the voices and likenesses of actual Code42 users.

In our latest video, Jeff Hiner, systems administrator at Utex Industries, explains that the company suffered an insider breach when a company chemist decided to steal company files. While Utex was already a Code42 customer and had already purchased a license for Security Center, they hadn’t yet set it up. As a result, the had to conduct an investigation that was both expensive and time-consuming. Jeff tells the story in just 42 seconds. Watch it below.

Responding to Insider Threats with Okta and Code42

He knows your company’s most important technology choices. He knows how you are solving the market problems of tomorrow. You call him one of your key employees. We call him Sean. Your company needs him to succeed because he is one of your top performers and helps drive your technology. Sean can be a huge asset to your company–or one of your greatest threats.

All companies have a Sean. Your company has a Sean. What if Sean decides to take and share business-critical proprietary data? If Sean becomes an insider threat, are you prepared to respond?

Even with all the best prevention systems enabled, the reality is that it is difficult to stop insider threats like Sean completely.  In fact, 89 percent of enterprise data loss involves insider actions. And because up to 80 percent of a company’s value lies in its intellectual property, insiders are in the position to do serious harm to your business.

So how do you react when Sean goes rogue? How can you minimize the impact of his actions?

Watch our on-demand webinar to review the realities of insider threats. Along with our partner Okta, we talk about how organizations can identify and respond to these threats using tools that many companies already have in place – endpoint data protection and centralized authentication.

Join us for our on-demand webinar, Responding to Insider Threats with Authentication and Endpoint Data, and learn how companies are responding to insider threats and minimizing the impact to their organizations.

On demand webinar upgrading with Code42

Fighting the Insider Threat: It’s All About Spotting Risk Sooner

As Backup Awareness Month rolls into its second week, we’re pushing beyond backup to show you how endpoint data collection and protection is the core of a comprehensive enterprise data security strategy.

First, the bad news

We’ve been harping on insider threat for years now. Most IT and InfoSecurity professionals know that insiders are often the biggest threat to their organization’s data security. The problem is that things aren’t getting any better. Insider threat is a growing risk in the enterprise world. Seven in 10 businesses have had a significant incidence of malicious data theft in the last 12 months, according to Accenture. Verizon’s 2017 Data Breach Investigations Report found that insiders were responsible for 1 in 4 data breaches in 2016—no improvement on the previous year. Quasi-insider attacks are also accelerating: Phishing and sophisticated social engineering attacks increasingly find clever ways to compromise users’ legitimate credentials—and then move silently through an organization’s digital infrastructure.

Most businesses still can’t spot insider threats—not in time, anyway

Despite knowing that insider threat is a huge problem, nearly a third of all businesses still don’t have a dedicated strategy or tools to mitigate the risk. Those that do have a program aren’t in much better shape. Only nine percent say their insider threat prevention strategy is “very effective.” Lacking good tools—or any tools—it’s no wonder that 43 percent of businesses need a month or more to even realize they’ve had an insider threat incident. The more time between the incident and detection, the greater the damage—more data leaked, less visibility of how far the breach goes and a much lower chance of reclaiming or restoring the lost information.

Now, for some good news

The obvious challenge with insider threat is separating the everyday, legitimate activities of authorized users from negligent, malicious or otherwise high-risk activities. But here’s the thing about people: they’re predictable. That means insider threats are predictable. Most insider threats follow basic archetypes, and even the outliers tend to follow patterns. For example, Deloitte found that almost all insider threat cases (97 percent) involve an employee who exhibited some form of suspect or high-risk past behavior; 92 percent were preceded by a negative work event like a reprimand, demotion or termination; and 90 percent of users responsible for data loss incidents have a history of violating IT policy.

Do you have the tools to fight insider threat?

The basic idea of insider threat prevention is pretty simple: See the patterns. Spot the risk. But the tricky part is gaining the visibility into your users’ endpoint activities. With the right tools in place, you can monitor endpoint activity, establish a baseline for what “normal” looks like and take a truly proactive and predictive approach to spotting risk and taking action quickly and definitively.

Download the Insider Threat Toolkit to learn how to spot risk sooner. Then check out the on-demand webinar, Building a Blueprint for an Insider Threat Program, to hear firsthand insights from InfoSecurity leaders.


Top Takeaways from the 2017 DBIR

Why do we get so excited about the release of the 2017 Verizon Data Breach Investigations Report (DBIR)? Because, as Verizon says so well, “It is not all bad news for the good guys.” There’s a lot to learn—and a lot to gain—from the 2017 DBIR’s analysis of over 40,000 incidents and almost 2,000 confirmed data breaches. After all, if we don’t learn from our mistakes, we’re doomed to repeat them.

Our Top Takeaways from the 2017 DBIR

  • Insider threat remains a huge problem. Internal actors were responsible for 1 in 4 data breaches in 2016. That’s about the same as the previous year. But it’s still an unsettling fact.
  • Cybercrime keeps getting more organized and sophisticated. More than half of all attacks (51%) in 2016 involved organized criminal groups. We’ve talked a lot about the innovative black market for cybercrime. As the bad guys increasingly band together and pool knowledge and resources, the attacks grow more targeted, more sophisticated and more effective. The massive WannaCry ransomware attack may not have been particularly effective, but it’s hard to argue that it wasn’t organized.
  • State-sponsored hacking and espionage are growing fast. Considering the tumultuous geopolitical events of the last year, it’s probably not surprising to hear that governments are increasingly using hacking as a powerful tool for intelligence—and actually engaging in “cyber warfare.” Almost 1 in 5 attacks (18%) involved state-affiliated actors and 21 percent related to espionage. Just like organized cybercrime, state-sponsored hacking promises to bring big money and resources that will drive innovation in new hacking tools and tactics. Enterprises can easily end up as collateral damage in state-sponsored cyberattacks.
  • Users are as gullible as ever. Why hack in when you can trick users into giving you the keys? Forty-three percent of attacks involved social engineering, and 90 percent of those were phishing schemes. And that’s not all: Simple user error (i.e., sending sensitive data to the wrong recipient) accounted for 14 percent of data breaches.
  • Ransomware continues to dominate headlines. Verizon marveled at ransomware’s meteoric rise from the 22nd-most-common type of malware in 2014 to the number five spot in 2017. More alarming, the 2017 DBIR saw ransomware “swing away from infecting individual consumer systems toward targeting vulnerable organizations.” With massive coordinated ransomware attacks like WannaCry making headlines, we expect ransomware won’t be falling out of the news cycle anytime soon.
  • Breaches follow patterns. Patterns are predictable. Nearly all of the breaches identified in the 2017 DBIR (88%) fall into one of the nine basic patterns Verizon first identified back in 2014. On the one hand, that means businesses are still vulnerable to the same tactics, three years later. But here’s the bright side: If breaches follow patterns, they can be predicted. Given the right visibility and analytics tools, businesses can spot the telltale signs of an attack early—and mitigate the damage.
  • Verizon left out the most obvious solution.In the section dedicated to ransomware, Verizon highlights several ways the security industry is fighting back against ransomware: better security software, sharing threat intelligence with law enforcement and across the enterprise world, and the initiative. But they mystifyingly leave out the simplest, most obvious solution to the ransomware epidemic: endpoint backup. If every device and every file is automatically and continuously backed up, the ransomware attack has no teeth. You never lose your data, bounce back to business as usual and never have to pay the ransom. Come on, Verizon—it’s not that complicated!

There’s plenty more to learn from the 2017 DBIR, including attack patterns and trends for your specific industry. It’s also quite a fun read, with an approachable tone and a healthy dash of irreverent humor. We highly encourage you to read through it yourself with an eye toward understanding the threats you face, so you can be better prepared for whatever the next year brings.

Highlights from Day One of Evolution17

Day One of Evolution17 featured a rousing opening keynote, 16 different breakout sessions, and countless questions, conversations and connections. If you didn’t come away with at least one valuable new piece of endpoint backup knowledge, it’s pretty safe to say you were probably too busy playing in the conference mobile app instead. Here were some highlights:

Vijay Ramanathan gives a crash course on Version 6.0

With several customers up and running on Version 6.0, VP of Product Management Vijay Ramanathan took us through a few of the exciting new features coming soon to your backup world. He took a deep dive into Security Center, explaining how the new security tools will equip businesses with the ability to intelligently monitor employees, automatically detect anomalies, insider threats and data theft, and take action faster. Security Center allows you to assign users to activity profiles with preset rules focused on data exfiltration via removable media and cloud storage. You can configure thresholds for automated email alerts that notify you when users break from normal patterns or exhibit high-risk behaviors. The new Access Lock feature also gives you the ability to lock down data on a device in question. With this smart monitoring and alerting, you can vastly accelerate your incident response.

Version 6.0 also includes greatly expanded legal hold capabilities—one of the fastest growing use cases we’re seeing among Code42 customers. The new release includes preservation policy templates that allow IT to retain control of complex preservation policy rules, while giving legal teams a simple, intuitive tool for adding and managing holds.

A day in the life of a file

In one of the more detailed sessions of the day, Riley Bruce, lead systems trainer at Code42, took us on an adventurous look at exactly how a file is backed up, stored, and then restored by Code42. Riley went deep into all the meticulous details that you’ve always wondered about—or, perhaps, never even considered. Things like how Code42 prioritizes backups, focusing on new files first—because the file you’re working on right this second is generally more important than the file you haven’t touched in weeks or months. And how our advanced deduplication at the source isn’t designed just to minimize storage; it’s built to store data in smarter ways to make restores faster. As in, up to nine times faster than other deduplication methods.

Why is all of this detail so important? Because, as Riley said so well, “Backup isn’t always the ‘what,’ but it’s always the ‘how.’” Our purpose-built backup process is the foundation for the wide range of uses cases of our endpoint backup solution, from backup and restore, to data migration, to legal hold and more. It always starts with backup.

Hard lessons of building an insider threat program

Code42 Director of Security Jadee Hanson has a unique perspective on creating an insider threat program. Her past includes leading the ground-up development of Target’s insider threat program, which just happened to coincide with Target closing its entire Canadian operations, laying off more than 4,000 employees. “People did crazy things,” Jadee said. Her fledgling insider threat program struggled to keep track of this huge number of high-risk departing employees, see which ones were exfiltrating data, and attempt to stop them before it hurt Target.

The audience was fascinated by her anecdotes and lessons from this trial-by-fire experience. Never be surprised by how willingly and openly departing employees will take files and data. Make sure you’re prepared to handle the uncomfortable role of policing your colleagues—and work to find a balance between security and trust, lest your insider threat program sink employee productivity and morale at the same time.

Jadee finished with four keys to building an insider threat program:

  • Plan before you start putting technology in place. Make sure you have your risks, goals and processes identified before anything else.
  • Partnerships are critical. Insider threat programs aren’t 100 percent IT or InfoSecurity. You need buy-in from human resources, employee relations and legal teams to effectively act on your insider threat alerts.
  • Start SMALL with monitoring. To avoid alert fatigue, start by focusing on a few high-risk user profiles: employees on performance plans, employees that have submitted their notice, and employees moving data to cloud storage.
  • Consistently follow incident response protocol. Once you’ve culled your alerts to a manageable start, make sure you’re diligent about following up on every alert. Don’t let data slip through the cracks here and there; any incident could end up having dramatic impact.

Code42 transforming data migrations

Another rapidly growing use case for Code42 endpoint backup: managing and streamlining the constant pain of device migration. Fahad Ansari, principal architect at Code42, set the stage with some frustrating statistics on the high costs most organizations are constantly paying for cumbersome, high-touch device migration processes. After a quick overview of how Code42 can enable a completely new way of handling migrations—giving users their devices back in minutes, allowing user-driven migrations and greatly increasing data security and privacy—Fahad handed the mic to Ben Molesworth and Michael Pham from Qualcomm to talk about a real-world example of this transformative migration process.

Ben and Michael are part of the team that oversees device refresh for Qualcomm’s 14,000+ devices. With their old, IT-heavy process, users were stuck without their deices for the entire six- to eight-hour migration. Now, leveraging Code42 to streamline the process, migrations average just one hour. Both data and user settings are automatically transferred. Remote employees execute self-migrations on their own schedules. “We think it’s realistic to say we give our employees at least three hours back,” said Michael, “They feel empowered; they can do it all themselves.” At the same time, IT is free of scheduling nightmares and tedious migration workflows, so they can focus on high-level initiatives and more complex issues.

The two also shared some of the challenges they faces as they completely transformed how device migrations happen in an immense enterprise environment: the roadblocks, difficulties gaining buy-in from key stakeholders, hiccups along the way and how they’re still refining the new process. The dramatic increase in end-user satisfaction—and the hours of time they’ve regained—makes it clear that all the work was worth it.

Day two doesn’t slow down

Day Two of Evolution17 has plenty in store. Check back for a recap of our keynotes from Jad Abumrad of Radiolab and Brian Krebs, one of the most recognizable names in information security.

Code42 Tackles the “People” Problem with Security Center

The people in your organization are a problem. Sounds controversial, doesn’t it? Any time you mention the word “problem” preceded or followed by “people,” you’re asking for backlash of some kind. Yet in today’s modern enterprise, the “people” problem presents more challenges than you’d think. Also known as insider threat, this issue currently costs the average company $4.3 million a year. Unfortunately, this is a growing trend that promises to only get worse.

After all, people with credentials who work within your walls tend to have a good understanding of what data is available, what it’s worth and how it’s protected. This makes it difficult for enterprises to defend against a variety of scenarios, such as a terminated employee transporting valuable data out the door or disgruntled employees looking to turn a profit—or just inflict damage—by sending data to competitors.

Not surprisingly, many of Code42’s customers told us statements such as:

  • “I don’t know which departing employee might be taking sensitive data.”
  • “I don’t know which critical employees might be leaking sensitive data.”
  • “I can’t track how data moves through my organization.”

Enter Security Center, a powerful web app announced today at our Evolution17 customer conference. Security Center provides enterprises with proactive alerts to detect and mitigate insider threat incidents. Leveraging Code42’s multiple-purpose single agent, this app tracks user behavioral patterns based on profile settings, letting you track when data movements exceed established thresholds. Specifically, this allows you to focus on data exfiltration to removable media and cloud storage folders. With Security Center, IT is immediately notified when user behaviors that may include suspicious file transfers occur so follow up action can be taken. And with the included Access Lock feature, IT admins can go a step further and lock a user out of a device if there is a perceived threat. By locking down a device rather than remotely wiping it, users’ access to their files can be immediately restored if the activity that caused the alert turns out to be legitimate.

Security Center is the start to a very important Code42 journey. It signals the beginning of tackling the very important “people” problem that continues to plague today’s mobile driven enterprise. Over time, significant investments into file forensics and user behavior analytics (UBA) leveraging machine learning will allow customers to access even more advanced information about who ever had access to confidential data, and to further predict who is most likely to exfiltrate and leak data. The future is truly exciting!

Insider Threat: The True Cost

Hollywood likes to portray corporate espionage as a thrilling game of cat-and-mouse, in which outsiders sneak into a business and narrowly avoid detection before they escape with a flash drive loaded with valuable stolen information. But in the real world, the facts are less exciting and more disappointing. For reasons both accidental and deliberate, corporate data loss almost always comes from within–89 percent of enterprise data loss is the result of the actions of an insider. And because up to 80 percent of a company’s value lies in its Intellectual Property (IP), insiders are the ones with the potential to cost your company the most.

The infographic below details the average costs of an insider threat incident in the U.S. in 2016. As you can see, the expense goes far beyond the value of the hijacked data.

The True Cost of Insider Threat Infographic

Of course, there are ways to prevent successful insider threat actions and their associated costs. To learn more, be sure to check out the white paper “Fighting Insider Threat with Endpoint Visibility.”

Facebook Twitter Google LinkedIn YouTube