Skip to content

Palo Alto Networks + Code42: Speeding Incident Response to Insider Threats During a Time of Workforce Change

If history has taught us anything, it’s that change is always constant. We are in the midst of some massive shifts in work culture — putting remote work and collaborative technologies to the test and at a scale we have never seen before. Needless to say, as organizations continue to adopt cloud and SaaS applications in the workplace, their understanding of security and risk, particularly as it relates to insider threat, continues to evolve, too.  

The truth is most existing security stacks were built to address external threats and regulatory compliance. Enter a fully remote workforce, and now it’s more difficult than ever to detect when proprietary data is put at risk from the inside. 

Code42’s integration with Palo Alto Networks Cortex XSOAR (previously Demisto) helps security teams accelerate incident response and automate the remediation of insider threats. So, when an employee puts in their notice or when an organization is going through workforce changes, security teams can quickly identify potential file exfiltration across endpoints, email, cloud and SaaS applications. Then when risky file activity occurs — like an upload to a personal Dropbox or a transfer to a USB —  the Code42 exfiltration playbook is triggered from within Cortex XSOAR, creating an incident. The end result for security teams is complete incident context about exfiltrated files, including user, file and exposure type, and data source.

Code42 exfiltration playbook in Cortex XSOAR

This new integration helps security teams:

  • Streamline alerts by ingesting Code42 data into Cortex XSOAR for complete incident context about exfiltrated files, such as user, file and exposure type, and data source.
  • Gain additional insights about users on- and off-network by adding users to Code42 via Cortex XSOAR.
  • Search and investigate risky file movements across endpoints, email, cloud and SaaS apps – without leaving Cortex XSOAR.
  • Close incident tickets faster by automating response and remediation.

Code42 together with Cortex XSOAR enables security teams to scale, standardize and accelerate their overall response to insider threats.

Learn more:

Download the app here.

Visit the Code42 + Palo Alto Networks solution page here.

Learn more about the Code42 Insider Threat Ecosystem

You might also like: