Quickly investigate data exposure and exfiltration events
Code42 Investigation Features
Code42 is a SaaS insider risk detection and response solution that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Code42 offers intuitive investigation workflows and detailed evidence so you can quickly assess and respond to risk.
- View any employee's computer and cloud activity within the context of their last 90-days of behavior.
- Review user context such as the employee's name, title, department and manager.
- See risk indicators -- such as off-hour file events -- to prioritize activity for investigation.
- Query an index of every file event that's happened in your organization over the past 90 days -- in seconds. Devices do not need to be online.
- Search parameters are automatically populated based on the activity detected via alerts, dashboards and user profiles.
- Use Forensic Search to perform exploratory investigation into insider risk, such as searching by file hash to determine who else has access to a file or how an employee obtained a file in the first place.
Capabilities to quickly perform insider threat investigations
Historical activity trends
Investigate events in context using 90 days of historical user activity. This allows you to identify trends and abnormalities as well as see the chain of events leading up to a risky action.
Access file metadata such as file name, owner, size, path, category (based on analysis of file contents and extension), created and modified dates and the MD5 and SHA 256 hashes.
File content access
Authorized security users can download the exact files involved in exposure events. This allows them to determine content confidentiality.
Review identifying device metadata including the hostname, FQDN, the OS username for the person logged in to the device, and private and public IP addresses.
See the event date and time, the event type, where the file event took place (computer, cloud, email), if risk indicators such as file mismatches or off hours activity were detected, and whether the activity involved trusted or untrusted domains.
Vector and exposure metadata
Review information on the type of exposure including domain names, active tab title and URL information for files uploaded via web browsers, removable media make, model, volume name, partition ID and serial number, and sync destinations.
Comprehensive event logs
Code42 monitors all file exposure activity regardless of what is considered acceptable or unacceptable by security policy. This ensures events are not missed and there are no gaps in context during insider threat investigations.
Search by criterion such as filename or hash to find all users who have access to specific files. You can also search to view all instances of a given activity, such as resume uploads through web browsers.
Let's Talk Tech
Learn how Code42 evaluates and surfaces data risk using dashboards, lenses and alerts.
Review Code42 response options including SOAR playbooks, SIEM integrations, legal hold and deleted file recovery.