Code42 + IBM Resilient

Integration Overview

Use automated response to protect data from loss, leak, misuse and theft

Threats to data from inside the organization happen accidentally when employees share the wrong file or fall prey to phishing attempts as well as maliciously when employees intentionally leak, sell or sabotage data. In order to minimize operational, financial and reputational harm to an organization, security teams need reliable methods to increase their visibility and improve their response times.

Code42 Next-Gen Data Loss Protection helps organizations detect data loss, leak, misuse and theft by continuously monitoring file activity across endpoints and cloud services as well as preserving current and historical endpoint files for rapid content retrieval and investigation. The IBM Resilient platform combines security infrastructure orchestration, workflow automation and incident management capabilities to integrate teams, processes and tools together. When utilized together, security professionals receive the robust file information needed to enforce automated responses to risk, inform security decisions and reduce response times.

USE CASE

Protect Files During Employee Departure

Many employees take company-owned files with them when they leave their jobs or destroy data they no longer deem relevant to their own interests. IBM Resilient and the Code42 for IBM Resilient app can be a core mechanism to automate standardized employee departure processes and protect the organization’s data. Code42 Next-Gen Data Loss Protection provides simple, fast detection & response to everyday data loss from insider threats by focusing on customer data on endpoints and the cloud to answer questions like:

  • Where is my data?
  • Where has my data been?
  • When did my data leave?
  • What data exactly left my organization?

Through the Code42 for IBM Resilient app, security analysts will have immediate overview of any suspicious file activity by a departing user in recent history. Once valuable files have been identified, the app can ensure that the files themselves become a core part of a tracked incident and are easily accessible to the security analyst, regardless of where the device may physically be located.

Although employee offboarding is a common time when data is put at greater risk, it is far from the only time an employee’s file activity may require increased scrutiny. These actions can be triggered by workflows at any time. Combining the capabilities of Code42 Next-Gen Data Loss Protection with the automation of IBM Resilient allows security teams to improve these processes.

USE CASE

Reduce Phishing Response Times

A phishing workflow built for IBM Resilient may involve investigation actions that can be applied to a suspicious email such as investigate and geolocate IP addresses, and conduct reputation searches for IPs and domains. The logical next step is to help a security professional determine if a harmful attachment has made its way into the organization. With actions from Code42 Next-Gen Data Loss Protection added to the workflow, security teams can search the entire environment by file hash for other copies of the file.

Finding multiple copies of a file can be quick evidence that there may be a widespread email campaign against users in the organization. On the other hand, the search may show that the file has a long history on a company’s endpoints. This history may suggest that the file exists as part of normal operating procedure and the security team is dealing with a false alarm. Either way, security gains additional file context so it can make smarter decisions about what to do next. Combining the speed of Code42 Next-Gen Data Loss Protection with the automation of IBM Resilient can cut remediation time significantly.

Of course, this type of action does not need to be limited to investigating suspected phishing emails. In fact, it could be applied to any security event that involves a file — such as an anti-virus alert, an EDR alert or even IDS/IPS alerts that trigger on file events.

Get Started Today

IBM X-Force Exchange is a threat intelligence sharing platform that you can use to research security threats, to aggregate intelligence, and to collaborate with peers.