Insider Threat Protection for the new way we work

Quickly detect, investigate and respond to data risk on and off the network

Graphic showing a laptop with Mac and Windows icons on the screen surrounded by Chrome, Slack, Box, DropBox, Google Drive and other cloud sync applications.

Collect and Monitor
Automatically monitor all files across computers and cloud.

Graphic of laptop showing an alert message indicating unusual file movement.

Detect and Investigate
Easily detect unusual use of USB, web browsers and cloud services.

Graphic with magnifying glass, document, legal scales and download icon representing the investigation into data movement and the potential for legal action.

Assess and Respond
Quickly investigate and respond to real risk.

How Code42 works

Graphic image of binoculars inside a circle of icons for Box, Slack, Drop Box, Google Drive, USB and a laptop.
Continuously monitor file activity to detect risk
  • Track creation, modification and movement of files on Windows, Mac and Linux computers
  • Collect file content and associated metadata to speed insider threat investigations
  • Monitor data movement within corporate cloud environments such as OneDrive, Google Drive and Box
Graphic of a laptop monitoring data movement to USB, web applications and the cloud.
Easily identify suspicious behavior
  • Detect when users move files to removable media, web browsers/applications and cloud sync folders
  • Identify files that are shared externally via corporate OneDrive, Google Drive and Box accounts
  • Define alert criteria based on user, data exfiltration vector and file count or size
Graphical depiction showing the contents of a suspicious file during an insider threat investigation.
Quickly investigate insider threats
  • Access comprehensive file details including file hash, owner, path, size, and category alongside device information such as hostname and IP address
  • All file activity is automatically indexed and made searchable to reduce the time it takes to detect and respond to insider threats
  • Security teams can review event activity in seconds -- even when user devices are offline
Graphical depiction of recovering lost, stolen or deleted files.
Access and recover files in seconds
  • Quickly access file contents to determine their sensitivity and value
  • Restore files that have been deleted
  • Recover files from lost and stolen devices

What makes Code42 different

Nearly 90 percent of insider threats go undetected for months. By the time organizations find that data was exfiltrated, the damage is done. The status quo for most organizations is to try to prevent insiders from taking data in the first place.

Relying on prevention itself cannot work. There are simply too many vectors to cover which is why organizations are being blindsided.

A faster, simpler, more comprehensive path to data loss detection and response is the answer. Code42 offers complete data visibility with the historical breadth, forensic depth and file access security teams are missing.

Historical breadth
  • Monitor every time files are moved to removable media devices, web browsers/applications and cloud accounts, without the need for policies
  • Maintain 90 days of historical user activity to identify abnormalities and replay events during investigations
  • Preserve copies of files for as long as needed to support your organization's legal hold and eDiscovery process
Forensic Depth
  • Review detailed information on files, devices, cloud destinations and exposure events. Find as much or as little information as you need to do the job--from file owner to thumb drive serial number.
  • Identify trends and anomalies in data movement using dashboards for common data exfiltration vectors.
  • Monitor and detect by type of activity (removable media, web browsers/apps, cloud sync applications or file sharing) as well as by file size and count.
File Access
  • View file contents to determine their sensitivity and value
  • Restore files that have been deleted by employees
  • Recover files from lost and stolen devices

Using Code42 to protect data from insider threat

Odds are you're experiencing an insider threat right now. Here are three of the most common times when employee's put data at risk:


Code42 integrates with top technologies to help correlate data risks, deliver actionable insights and improve the efficiency and effectiveness of customer workflows. Learn more

Frequently Asked Questions

What types of removable media devices do you monitor?

Devices, such as flash drives, hard drives and cards, that connect via USB, eSata, Thunderbolt and SD Card ports. Code42 collects the vendor, name and serial number of all devices used.

What web browsers and applications do you monitor?

Internet Explorer, Chrome, Firefox, Safari, Edge, Chromium and Opera, as well as processes and applications such as FileZilla, Winscp, Slack, SFTP, FTP, cURL and SCP.

What cloud applications do you monitor?

Installed cloud sync applications for Dropbox, iCloud, Google Drive, Google Backup and Sync, OneDrive and Box. API integrations with corporate cloud services support monitoring of activity in Microsoft OneDrive, Google Drive and Box.

Does Code42 use an endpoint agent?

Yes, Code42 uses a non-disruptive agent installed on Windows, Mac and Linux devices to monitor file activity as well as collect files and file metadata. Maximum CPU allowances can be set for when users are present and away from their devices. The agent can be hidden from users.

How do you identify when important files are put at risk?

Customizable alerts can be set for near real-time notification of risky activity. Code42 also assigns categories to files in order to help you identify your most important data at a glance. Monitored categories include archive, audio, document, executable, image, PDF, presentation, script, source code, spreadsheet, video and virtual disk image. When you're alerted of risk, you can quickly access the file(s) in question to make an informed decision about whether that file needs to remain private. Finally, most organizations further narrow their focus by prioritizing alerting during times where data is put at the most risk, such as during employee departure and M&A.

What deployment models do you support?

Code42 is delivered in a cloud model. On-premises deployments are available but features and functionality will vary from what is offered in a cloud deployment. Learn more about our deployment options and data security.

Where are your data centers located?

Code42 offers a variety of data center destinations to support the requirements of global businesses. Data center locations include the U.S., Amsterdam, Dublin, Singapore and Sydney.

How do I deploy the Code42 agent to user computers?

The Code42 agent can be deployed directly through the administration console, or through your company's mass deployment software such as Windows System Center Configuration Manager (SCCM) and Jamf Pro.

Do you offer implementation services?

Yes, Code42 has a knowledgeable professional services team that helps you get up and running quickly. They will configure Code42 according to best practices and partner with you to integrate the product into your systems and processes.

How long do deployments typically take?

Most customers are able to start using the product within 2 weeks. From there, they continue to work with our deployment team to implement full product capabilities and best practices over the course of 1-2 months.

How do I get a quote?

You can request a quote and a member of our sales team will reach out to you within one business day.

Can I purchase through my preferred partner?

Code42 is proud to work with many industry-leading resellers. Code42 Elite Partners include: CDW, DG Technologies, PCM, SHI, Softchoice and Optiv.

What's the expected ROI?

Based on Code42 customer interviews and subsequent financial analysis, Forrester Consulting estimates that a 2,000 employee company would experience a 230 percent return on investment (ROI) over three years. Read the April 2019 commissioned Total Economic Impact™ study conducted by Forrester Consulting on behalf of Code42 to get the full details.

Where are your offices located?

Code42 has corporate offices located in the U.S. and England. Our support teams are located in the U.S. and England.

Join more than 50,000 organizations using Code42

Get faster detection and response to data loss caused by insider threats.