Solution Brief: Code42 + IBM Resilient

Code42 + IBM Resilient

Fast detection, investigation and response to insider threat

Overview:

Threats to data from inside the organization happen accidentally when employees share the wrong file or fall prey to phishing attempts as well as maliciously when employees intentionally leak, sell or sabotage data. In order to minimize operational, financial and reputational harm to an organization, security teams need reliable methods to increase their visibility and improve their response times.

Code42 helps organizations detect data loss, leak, misuse and theft by continuously monitoring file activity across endpoints and cloud services as well as preserving current and historical endpoint files for rapid content retrieval and investigation. The IBM Resilient platform combines security infrastructure orchestration, workflow automation and incident management capabilities to integrate teams, processes and tools together. When utilized together, security professionals receive the robust file information needed to enforce automated responses to risk, inform security decisions and reduce response times.

Benefits:

Many employees take company-owned files with them when they leave their jobs or destroy data they no longer deem relevant to their own interests. IBM Resilient and the Code42 for Resilient app can be a core mechanism to automate standardized employee departure processes and protect the organization’s data. Code42 provides fast detection, investigation and response to everyday data loss from insider threats by focusing on customer data on endpoints and the cloud to answer questions like:

  • Where is my data?
  • Where has my data been?
  • When did my data leave?
  • What data exactly left my organization?

Key Capabilities:

Respond: Through the Code42 for IBM Resilient app, security analysts will have immediate overview of any suspicious file activity by a departing user in recent history.

  • Files and file exfiltration activity
  • Files are easily accessible to the security analyst, regardless of where the device may physically be located.
  • Trigger workflows that scrutinize historical file activity
  • Combining the capabilities of Code42 with the automation of IBM Resilient allows security teams to improve these processes

 

 

Respond to Threats Faster: Turn days to minutes

A phishing workflow built for IBM Resilient may involve investigation actions that can be applied to a suspicious email such as investigate and geolocate IP addresses, and conduct reputation searches for IPs and domains. The logical next step is to help a security professional determine if a harmful attachment has made its way into the organization. With actions from Code42 added to the workflow, security teams can search the entire environment by file hash for other copies of the file.

Seeing the history of copies of this file in the organization can quickly be used to determine if the security analyst is faced with a false positive on standard operating procedure or a broad attack on the organization. Either way, security gains additional file context so it can make smarter decisions about what to do next. Combining the speed of Code42 with the automation of IBM Resilient can cut remediation time significantly.

Why Code42 and IBM Resilient?

Combining Code42 capabilities with IBM Resilient enables customers to use their existing automated incident response workflows, and accelerate time to discovery and remediation when insider threats, like employee departures, occur.

This powerful combination accelerates incident response by combining IBM Resilient's market leading automation and incident handling with the context Code42 provides into file activity vastly accelerating the time to discovery and remediation of data loss incidents.

Next Steps?

Code42 and IBM Resilient allows security teams to detect and respond to data loss threats in a simpler and faster manner. Learn more about the complete Code42 solution or request a live demo of this in action.

The Code42 for Resilient app is available to the security community through the IBM Security App Exchange. The exchange provides a platform where developers across the industry can share applications based on IBM Security technologies.