Mitigate insider risk using file, vector and user signal

Code42 Detection Features

Code42 is a SaaS insider risk detection and response solution that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration.

Detected Activities
  • Sync activity to cloud applications like Dropbox and iCloud
  • Uploads to personal email and other sites through web browsers
  • Files accessed by web apps like Slack and FTP
  • Sharing from corporate cloud services like GoogleDrive, OneDrive and Box
  • Email attachments from corporate Office 365 or Gmail
  • File deletions from user computers
Risk Exposure Dashboard
  • A company-wide view of suspicious file movement, sharing and exfiltration activities by vector and file type.
  • Reveals the top employees whose file activity needs investigation as well as concerning remote employee activity.
  • Quickly investigate insider threats as well as identify security awareness gaps, Shadow IT and policy violations.
Risk Detection Lenses
  • A view of activity for a subset of users who are at a higher likelihood of putting data at risk.
  • Examples include users experiencing an employment milestone, such as departure, or who have risk factors that require closer monitoring, such as contractors.
  • Adding users to a lens kicks off system alerts and user management workflows so you can programmatically protect data when it is most vulnerable.
High-Fidelity Alerts
  • Provide comprehensive event, file, vector and user information to quickly assess priority.
  • Can be emailed or sent to your system of record and are triggered based on a number of file and event criteria.
  • Alerts rules determine when you are notified by Code42 and not what activity is monitored. This ensures there are no gaps in context during insider threat investigations.

Code42 risk prioritization & signal capabilities

Off hours
Code42 identifies when an employee is typically active on their computer and uses this behavioral pattern to determine when a given user's endpoint file activity takes place at unusual times.

Untrusted domains
Code42 surfaces when files are emailed or uploaded to domains and URLs that are not considered trusted. Security users establish the trusted domains for their company.

Suspicious file mismatch
Code42 identifies when the MIME/Media type of a high-value file, such as a spreadsheet, is disguised with the extension of a low-value file type, such as a JPEG. This is indicative of attempts to conceal exfiltration.

Remote activity
Code42 uses IP addresses to determine which activity is taking place off-network and may indicate increased risk. Security users establish their in-network IP addresses.

User attributes
Code42 ingests user attributes like name, title, department, manager, and employment type (full-time, part-time, contractor) from a company's identity management system.

File categories
Code42 analyzes file contents and extensions to determine a file's category (e.g. source code, document or spreadsheet). Categories help to determine a file's sensitivity and value.

Lifecycle milestones
Code42 uses employment milestones, like employee departure, to identify when employees are at a higher likelihood of putting data at risk.

Activity thresholds
Security users can set thresholds for acceptable activity based on file count or size. These can be customized for a given user or vector.

Risk factors
Employees can be labeled with risk factors including contract employee, high impact employee, flight risk, performance concerns and elevated access privileges.

File archive (ZIP) detection
Code42 highlights exposure events involving .zip files since they may indicate an employee is attempting to take many files or hide files using encrypted zip folders.

Application monitoring
By default, Code42 monitors web applications such as web browsers, Slack, FileZilla, FTP, and cURL. Organizations can easily add monitoring for additional applications such as WeChat, WhatsApp, Zoom and Amazon Chime.


Code42 integrates with top technologies to help correlate data risks, deliver actionable insights and improve the efficiency and effectiveness of customer workflows.

Learn more right arrow icon