1

THE USUAL SUSPECTSSee them. Stop them. Be the hero.

3 WAYS TO PROTECT DATA FROM INSIDER THREATS.

INSIDER THREATS KEEP HAPPENING.

THE EMBARRASSMENT IS REAL.

Stopping accelerating insider threats is the biggest challenge facing security teams

today. But this isn’t news to you – because high-profile insider threat incidents are in

the news every week, causing embarrassing damage to some of the most respected

companies around the world.

Why can’t organizations stop them?

We all know about the insider threat program, so why are 90% of insider threats going

undetected – often for weeks or months? Because most organizations remain completely

unprepared to stop insiders from taking trade secrets and other valuable information.

Less than 20% of enterprise organizations have a defined insider threat program — and

most are counting on legacy DLP solutions that just aren’t up to the task.

You’re missing the usual suspects.

Sure, it could be anyone; it could be any time.

But the truth is that 80% of insider threat

incidents stem from three common scenarios:

departing employees, company re-orgs and

employees with access to your high-value files.

Security teams need to start by focusing on the

“usual suspects.”

You can’t stop what you can’t see.

Legacy DLP can tell you if some things happen,

but its limited visibility leaves security teams

flying blind. They can’t see all file activity, so

they can’t see creative policy workarounds.

They can’t see every file, so they can’t rapidly

investigate and respond. They can’t stop what

they can’t see.

2

3

IT’S TIME FOR A NEW APPROACH.

Security teams need to shift the paradigm on insider threat. Prevention will fail. Response

is what counts. By focusing in on the usual suspects – and enhancing your visibility

so you can see all files and file activity – your security team can reliably protect your

organization’s trade secrets and proprietary information — and save your business the

embarrassment and damage of letting this valuable information walk out the door.

Insiders account for

MORE THAN HALF

of all data loss incidents.

Insider threats

INCREASED 50% over the past four years.

4

IT’S ONLY GOING TO GET WORSE.

You’ve heard the scary statistics on insider threat. It’s a problem that’s not going

away – and is actually accelerating, thanks to three key factors:

Data is more valuable than ever.

Here’s a foundational stat of the so-called “knowledge economy”: Today, 80% of

the typical company’s value lies in its trade secrets and intellectual property (IP).

Trade secrets and IP aren’t just valuable to the business (and potentially valuable

to competitors); they’re tremendously valuable to your employees. Data is the

“product” most employees create and proof of the value they deliver. They feel a

sense of ownership, so it’s no surprise that they want to show it off (e.g., helping

them land a new job) and they want to take it with them (whether they’re leaving

voluntarily or not).

Data is more portable than ever.

Moving – and removing – data in an organization has never been easier.

Employees can store hundreds of gigabytes on their smartphones. They can

quickly take 1TB or more of data on a thumb drive. They can quickly transfer

dozens – or hundreds – of files to personal cloud storage services like Dropbox.

They can instantly share files through Slack, Microsoft Teams and other messenger

apps. Moreover, businesses recognize that their productivity, collaboration and

innovation depend on enabling employees to easily move files and data around

every day – so there’s tremendous incentive to continue expanding and enhancing

data portability.

4

5

Data is more valuable than ever.

Data is more portable than ever.

Organizations are in a constant state of change.

5

6

Organizations are in a constant state of change.

Perhaps the biggest change driving increasing insider threat is change itself: Several trends

in the workforce and across the global corporate landscape have come together to make

significant changes — and their associated risks are an ever-present reality for just about

any organization.

INCREASING TURNOVER: People are leaving jobs more frequently than

ever, which also means companies are hiring new

employees at a higher rate. Each situation presents

unique risks.

INCREASING M&A: M&A activity remains at high levels. Most M&A deals

are really IP/trade secret deals.

FREQUENT RE-ORGS: The buzzwords of constant innovation, business agility

and operational efficiency are driving more frequent

strategic redirections – from reductions in force

to shifting or rotating employees into new roles to

spur innovation.

The reality is that most organizations are dealing with multiple major changes at any given

time. In fact, this constant state of change is a core characteristic of the kind of ingenuity and

agility required to thrive as a business today.

7

INSIDERS ARE EMBARRASSING ORGANIZATIONS EVERY DAY.

Experts estimate that a startling 90% of insider threats go undetected – at least until a competitor beats you to market with suspiciously similar

product or steals some of your biggest clients. Scan the headlines any given week and you’ll find stories of insiders at some of the most respected

companies in the world walking out the door with trade secrets, IP and other incredibly valuable business files and data:

Even DLP “market leaders” are failing spectacularly

News recently broke that McAfee, the self-appointed “market leader” in traditional data loss prevention solutions, let several departing finance

and sales employees walk out the door with trade secrets (pricing info, marketing plans, customer lists and more) worth millions. This wasn’t a

sophisticated heist; the evil geniuses just put files on thumb drives or emailed them to personal accounts.

AMAZON

Discovered employees

were taking bribes to leak

confidential information

on how to game Amazon’s

review system.

GE

A top engineer

in GE’s Power &

Water division stole

trade secrets on its

turbine technologies.

MICRON

Ex-employees stole trade

secrets worth $400 million

from the semiconductor

manufacturer.

BASF

Employees were taking

payments in exchange

for stealing trade secrets

worth millions.

SUNPOWER

An executive emailed

himself trade secrets before

jumping to a competing solar

energy company.

DESJARDINS

One of the world’s largest

banks found that an

employee inappropriately

accessed nearly 3 million

customers’ private data.

THE STORY YOU’VE BEEN TOLD IS A LIE.

When even the “market leader” in data loss prevention solutions can’t stop insiders, you know

it’s time for an honest look at how we’re approaching the problem. The truth is that the scary

and daunting narrative around insider threat simply doesn’t line up with the truth about where

it’s coming from – and how to stop it. The story you’ve been told is a lie.

THE SCARY NARRATIVE:

INSIDER THREAT IS

LURKING EVERYWHERE

As Zero Trust moves from a buzzword to a

reality (or at least a goal), more and more

organizations are embracing a terrifying

narrative: The insider threat could be anyone.

It could happen at any time. It’s probably

happening right now. THE CALL IS COMING

FROM INSIDE THE HOUSE.

It’s a compelling narrative — and it’s pulling your

attention away from your biggest threats.

Security teams need to start by focusing on the

“usual suspects.”

THE DAUNTING DEMAND:

STOP EVERYTHING

Data loss prevention remains the accepted

paradigm in the security industry. It’s a tall

order: Looking at everyone – and trusting no

one. Recognizing every threat – and stopping

them before they even start.

8

9

BUT IT’S FAILING IN PRACTICE.

IN THEORY.

SOUNDS IDEAL

CHRIS

Chris works on a production team of a

top-rated TV show – and he’s getting paid

to leak the season finale.

10

ALEX

Alex just got a new job – and he’s

taking his customer lists with him.

MARIA

Maria just got laid off as part of an

M&A – and she’s taking the company’s

product roadmap with her.

MEET THE USUAL SUSPECTSIt could be anyone. It could be any time. But in fact, more than 80% of insider threat incidents stem from

three common scenarios:

QUITTERS M&A + RE-ORGS HIGH-VALUE DATA ACCESS

11

THE REALITY: PREVENTION WILL FAIL.

RESPONSE IS WHAT COUNTS.

Even if you’ve focused your security resources on the usual suspects, the truth is that you’ll

never fully put a stop to employees taking files and data. The most sophisticated policies still

can’t keep up with creative workarounds. And rigid rules will only stifle the ideas and innovation

that your insider threat program is ultimately trying to protect. Moreover, the actual damage to

your business doesn’t come from the act of data theft – but rather from the unmitigated sharing

of those trade secrets and IP.

“ Rather than going immediately to wholesale

monitoring, we believe that organizations

should take a more nuanced approach...The

key to this approach is microsegmentation,

which identifies particular groups of

employees that are capable of doing the

most damage, and then develops focused

interventions specific to those groups.”

– McKinsey & Company,

“Insider threat: The human element

of cyberrisk,” 2018

11

12

IF YOU CAN’T SEE, YOU CAN’T RESPOND.

Insider threats happen when you can’t answer these basic data security questions:

• WHAT DATA DO YOU HAVE?

• WHERE DOES THAT DATA LIVE?

• WHO HAS ACCESS TO THAT DATA?

• HAS DATA LEFT?

• WHAT DATA LEFT?

If your security team lacks the visibility to answer all of those questions, then you can’t

accurately identify and rapidly respond to insider threats – no matter how narrowly you

target your insider threat program.

Legacy DLP is Letting You Down

Traditional data loss prevention products were

built to protect structured, regulated data

like account numbers and patient records –

they were never meant to deal with insider

theft of trade secrets, IP and other dynamic,

unstructured data.

Overburdened by policy management: 76%

of organizations say their security teams are

struggling to adapt DLP policies to account for

dynamic business and user needs.1

Stifled by rigid rules: Three-quarters of

organizations agree that legacy DLP is

hindering productivity and collaboration.2

Numbed by alert fatigue: With the endless

stream of alerts – and false positives – 2 in

3 organizations say their DLP solution isn’t

adequately prioritizing or triaging threats.3

1 Forrester TLP2 Forrester TLP3 Forrester TLP

13

LEGACY DLP LEAVES YOU FLYING BLIND.

Four out of five organizations are leaning on legacy DLP solutions to enable their Zero

Trust environments. But legacy DLP really only answers one of those questions — some

of the time: has data left? Because you don’t know who has (or has access to) what data,

your DLP rules fail to catch all the creative ways that quitters take data. And when you do

catch it, you can’t always tell exactly what’s happened, what’s been taken, and what you

should do about it.

The truth is that legacy DLP leaves you flying blind: unable to fully identify the weird

data events that signal insider threat, and unable to effectively investigate those files to

determine what’s been taken – and what you should do next. It’s just one of the reasons

that 81% of organizations agree that they need a better option than legacy DLP.

13

14

YOU NEED SIMPLER

DETECTION.

YOU NEED FASTER

RESPONSE.

YOU NEED NEXT-GEN

DATA LOSS PROTECTION.

15

THE NEXT-GENERATION APPROACH:

CODE42 DATA LOSS PROTECTION

It’s time to change the paradigm on insider threat. Instead of targeting everyone and

stopping hardly anyone, it’s time to start focusing on the right people: the usual suspects

that account for 80% of insider threats. And instead of tools that take an all-or-nothing

approach to prevention, it’s time to start focusing on tools that enable rapid, effective

response when an incident does happen.

Focus on your biggest risks.

SEE THE USUAL SUSPECTS

By homing in on the specific user groups and

common scenarios that present the biggest

insider threat risk to your organization, you

can more effectively allocate your security

resources – tools and staff – to monitoring,

identifying and responding to threats as

they emerge.

Eliminate blind spots and

respond faster.

STOP THE DAMAGE

Gain comprehensive visibility into all files

and all file activity, giving your security team

the ability to quickly spot weird data events

– and to dive into the files themselves to

understand the actual risk and determine the

appropriate response.

1616

MEET ALEX.

Alex is a mid-level sales rep at Globex Corporation. He’s 32, one kid, one dog, loves

kayaking, came from one of your biggest competitors and has quickly earned respect

around the office. Alex is about to join the more than 40 million people that quit their jobs

in the last year.4 He’s has landed a new sales gig at a competing company — lured by a

promotion and a nice raise.

Alex gets added to the Quitter alert profile.

Because you know that 2 in 3 departing employees admit to taking data when they leave – and

that quitters account for around half of insider threat incidents – you’re utilizing the pre-built

departing employee alert profile and workflow. As soon as Alex gives his notice, your security team

adds him to the departing employee alert profile.

4 Forrester TLP

Time frame of events

Within 15 minutes

alex@company.com

And

File count greater than:

Total size greater than:

File size & count

File exfiltrated by:

Specific user(s)

Departing Employee (Voluntary)

Alright – I've added a security alert.

17

You take a closer look at Alex.

Adding Alex to the departing employee profile also triggers an automatic

90-day historical review – because you know that the vast majority of

data theft happens before quitters give their notice. Your security team

looks back at the last 90 days of Alex’s file activity. Fortunately, the review

shows nothing unusual happened.

Exposure type includes

Public on the web

Activity on removable media

Public via direct link Re

1-100 of 133 Results

Date Observed Event Type Filename File Path

Username is

alex@company.com

Observed on or before

Last 90 days

2019-02-22 15:39:30 (UTC) New file family-trip.jpg C:/Users/Alex/OneDrive

2019-02-22 15:39:30 (UTC) New file esdstub.dll C:/Users/Alex/OneDrive

2019-02-27 21:25:33 (UTC) New file desktop.ini C:/Users/Alex/OneDrive

2019-03-07 18:55:41 (UTC) Modified desktop.ini C:/Users/Alex/OneDrive

2019-02-22 15:39:30 (UTC) No longer observed photos.pdf E:/

2019-02-22 15:39:30 (UTC) No longer observed cosquery.dll E:/

Nope! Everything looks good so far.

Activityy on removable media

Thanks! See any high-risk activity?

Alex moves files to Dropbox — and you see it.

Three days after giving his notice, your security team receives an alert

that Alex added several files to a Dropbox account minutes ago.

Code42 Alert: HighCode42

Exposure type

Time range of events

Endpoint File ExposureLarge amount of file exposure events

I may have found something.

18

YOU SEE EXACTLY WHAT ALEX MOVED.Looking at the list of files Alex moved to Dropbox, most look harmless – a W-9 form, his resume, a

few photos — but the file named EastCoast_Contacts.xlsx sounds like it could be a customer list.

1-6 of 6 Results

Date Observed (UTC) Event Type Filename File Category

2019-02-22 15:39:30 (UTC) Modified SalesProposalTemplate.pptx Presentation

2019-02-22 15:39:45 (UTC) Modified EastCoast_Customers.xlsx Spreadsheet

2019-02-22 15:40:02 (UTC) Modified 2019_AlexResume.docx Document

2019-02-22 15:40:30 (UTC) Modified Family-Vacation.jpg Image

2019-02-22 15:40:45 (UTC) Modified Alex Johnson W-9.xlsx Spreadsheet

2019-02-22 15:41:15 (UTC) Modified Project Summary.docx Document

Yup – there’s a file that looks like a risk.

18

1919

YOU OPEN THAT FILE.There’s no guesswork about whether the file in question is sensitive or valuable.

You simply open the file and immediately see that, yes, it’s a list of all of Alex’s

customer contacts on the east coast.

Reception Hub

Cloud Coder

NestEasy

Ivy Ladder

Nuvallo

Catherine Pierce

Joel Fox

Patrick Poole

Annie Ross

Beulah Reeves

c.pierce@receptionhub.com +1 (212) 555-9450

joel.fox@cloudcoder.com

patrick.poole@nesteasy.com

annie.ross@ivyladder.com

beulah.reeves@nuvallo.com

+1 (803) 555-1219

+1 (215) 555-3415

+1 (212) 555-8589

+1 (401) 555-9813

Company Name

EastCoast_Customers.xslx

Client Name Email Address Phone Number

Restored the file. It’s definitely proprietary and needs to be removed.

20

YOU MAKE ALEX PERMANENTLY DELETE

THE FILE FROM DROPBOX.

You call Alex’s manager with a clear and confident response plan. Alex’s manager

tells Alex that we know exactly what he’s taken — and his manager watches as Alex

permanently deletes the file from his Dropbox account.

YOU STOPPED ALEX. YOU’RE THE HERO.

You get to tell your C-suite that you hunted down Alex. That you beat him at his own

game and stopped him from poaching customers.

EastCoast_Customers.xslx

Permanently Delete

Watched him delete the file, so we’re all set.

2121

MEET MARIA.

Maria is a marketing coordinator at Acme Corporation, which is in the process of

merging with Stark Industries. She’s been a steady performer, but she’s ultimately less

experienced than most of the Stark marketing team. Maria’s getting laid off – with a nice

severance package to cushion the blow.

Maria gets added to the M&A alert profile.

HR and security work together on employee offboarding, so HR has already provided security with

the names of all employees that will be let go as result of the merger. Security adds Maria to the

pre-built M&A alert profile and monitoring workflow.

22

You put a legal hold on Maria’s files.

Before Maria is notified that she will be let go, security proactively adds

her to a legal hold to preserve her files in case of litigation. You’ve

automatically collected and stored all of Maria’s files in the cloud,

preventing tampering and deletion, and enabling easy access when and if

eDiscovery is needed.

Time frame of events

Within 15 minutes

And

File count greater than:

Total size greater than:

File size & count

File exfiltrated by:

Specific user(s)

Alright – I've added a security alert.

Acme Co. Acquisition Separations

Maria emails files to herself – and you see it.

Shortly after Maria meets with her manager and learns she’s being let

go, security receives an alert that Maria has logged into her personal

Gmail account and sent herself five files.

Name

Maria Garrison

Devices Organization

I’ve also added all their names to the legal hold.

2323

3 IN 4

M&A deals are delayed or

destroyed by data loss

DATA LEAKSare a big reason that 80%

of M&As fail to achieve

expected value

24

YOU SEE EXACTLY WHAT MARIA SENT.You look through the five files Maria emailed to herself: campaign results from a few of Maria’s

most successful projects, marketing personas she helped develop, and a few files labeled

“Project Tiger.”

24

Code42 Alert: HighCode42

Exposure type

Time range of events

Number of files

Acme Co. Acquisition HoldLarge amount of file exposure events

Got an alert… Looks like Maria sent 5 files to her personal email.

25

YOU OPEN THOSE FILES.You don’t need to contact Maria’s manager to ask about Project Tiger. You simply open

the file named “ProjectTiger_LaunchStrategy.docx” and see that it contains confidential

information on the development roadmap of your flagship product.

1-6 of 6 Results

Date Observed (UTC) Event Type Filename File Category

2019-02-22 15:39:30 (UTC) Modified 2019CampaignResults.xlsx Spreadsheet

2019-02-22 15:39:50 (UTC) Modified ProjectTiger_LaunchStrategy.docx Document

2019-02-22 15:40:30 (UTC) Modified MarketingPersonas.docx Document

2019-02-22 15:42:30 (UTC) Modified SalesProposalTemplate.pptx Presentation

2019-02-22 15:42:59 (UTC) Modified Darrell Garrison W-9.xlsx Spreadsheet

2019-02-22 15:44:59 (UTC) Modified Project Summary.docx Document

Looked into it and found a number of files that look suspicious.

25

26

Project Summary

Key Stakeholders

ProjectTiger_LaunchStrategy.docx

Restored the files. They’re definitely proprietary and need to be deleted.

MARIA MUST DELETE THE EMAIL.

You have the full information you need to take immediate action: HR has

a meeting with Maria to let her know that they can see she’s taken the

product roadmap files. HR watches Maria delete the email containing the

file attachments – and confirms that the files were not copied or synced to

another location.

YOU STOPPED MARIA. YOU PROTECTED

THE M&A DEAL. YOU’RE THE HERO.

You get to tell your C-suite that you stopped Maria from delaying, damaging or even

destroying the merger with Stark Industries. You preserved your trade secrets – and

protected the full value of your company.

2727

MEET CHRIS.

Chris works at 123 Networks, where he’s on the production team of the network’s

highest-rated TV series. The hugely popular show is wrapping up production on the

highly anticipated season finale. The network has been burned by leaks before, so it

knows it can’t afford to let the highly anticipated final episode leak before the air date.

Chris gets added to the high-value access alert profile.

The production team works together on each episode, sending and sharing files between each

other as they collaborate. Since each member has full access privileges to the high-value video

files, security adds Chris and his fellow team members to the pre-built high-value access alert

profile and monitoring workflow.

Time frame of events

Within 15 minutes

And

File count greater than:

Total size greater than:

File size & count

File exfiltrated by:

Specific user(s)

Alright – I've added a security alert.

Production Team Activity Monitoring

28

CHRIS MOVES A LARGE FILE TO AN

EXTERNAL DRIVE – AND YOU SEE IT.

Just 10 days before the episode air date, security receives an alert that Chris just moved a large

file to an external hard drive. You can see the vendor name and serial number of the device, as

well as the file name: S6_E23_0024f.mp4.

Code42 Alert: HighCode42

Exposure type

Time range of events

Number of files

Production Team Activity MonitoringLarge amount of file exposure events

Time range of events

Number of files

I may have found something.

28

29

YOU OPEN THAT FILE.

You open the file named S6_E23_0024f.mp4 and, sure enough, it’s a 43-minute

video of the entire season finale.

S6_E23_0024f.mp4 Restored the file. It’s the season finale.

29

30

Dear Chris,

Alright, sent him a legal notice.

CHRIS MUST RETURN THE

HARD DRIVE.

You contact Legal and they send a sternly worded letter to Chris requiring him to

return the hard drive – specifying the vendor name and the exact serial number

of the hard drive in question – and outlines potential legal action if Chris fails

to fully comply. Chris is hoping to keep his job – and doesn’t want to end up in

court or in jail – so he promptly brings the hard drive in to the office the very

next day.

YOU STOPPED CHRIS. YOU SAVED THE

SEASON FINALE. YOU’RE THE HERO.

You get to tell network leadership that you hunted down Chris before anything bad

happened. You kept the season finale from leaking. You protected the ratings of the

show and the reputation of the network.

31

BE THE HERO TO YOUR TEAM.

By shifting to next-gen data loss protection, you’re not just stopping the usual suspects

and protecting your business from insider threat — you’re saving your team time, money

and frustration.

Focused efforts. Simple workflows.

With your legacy DLP solution, your team was struggling to manage and adapt the

complex web of policies — and buried in endless alerts. But with next-gen data loss

protection, you’ve focused your team’s efforts on your biggest risks — and you’ve given

them simple, purpose-built workflows triggered by specific events:

ADD Add user to alert profile

LOOK BACK Review last 90 days of file activity

DETECT Receive targeted alerts via email or SIEM

INVESTIGATE Examine flagged file activity in-depth

REVIEW Restore file(s) in question to review exact contents

LOOK BACK Review last 90 days of file activity

RESPOND Close case OR escalate to LOB manager, HR, Legal, etc.

“ As an outcome of adopting Code42,

organizations reduced the time spent by IT

and security on data collection, recovery

and investigations — giving staff capacity to

support other initiatives.”

– Forrester Total Economic Impact Study, 2018

“ Moving to Code42 was a transition from having

multiple teams that put a lot of efforts and hours

to conduct investigations, to having one person

achieve better results with a few clicks.”

– Senior Manager on Equipment Services Team,

Forrester Total Economic Impact Study, 2018

32

GIVE YOUR TEAM UNIQUE CAPABILITIES THAT DRIVE

SMARTER OUTCOMES.The unique capabilities of Next-Gen DLP deliver smart outcomes that drive this powerful combination of efficiency,

efficacy and speed:

Next-Gen Capability:

Trigger-Based, High-Risk Alert Profiles

Leverage pre-built alert profiles for your

most high-risk scenarios, including departing

employees, staff re-orgs and employees

with access to high-value data. Specific

triggers allow you to consistently monitor the

“usual suspects.”

Next-Gen Capability:

Forensic Depth

Detect when your employees move files to

removable media devices, web browsers,

web applications and cloud sync folders,

as well as when they share files externally

via corporate OneDrive, Google Drive and

Box environments.

Next-Gen Capability:

Historical Breadth

Because you’re constantly monitoring file

activity for all employees, you can instantly

conduct historical analysis of file activity for

any employee. Narrow your investigation by

timeframe, exposure type, file category, file

name, file hash and more.

Next-Gen Capability:

Customizable Alerts

Easily customize alerts for near-real-time

notification of risky behavior based on the type

of activity (removable media, web browsers/

apps, cloud sync applications or file sharing)

as well as by file size and count. Alerts don’t

depend on data classification, because

Code42 automatically assigns file categories

to help you identify your most important data

at a glance.

A Smarter Outcome:

Focus on your biggest risks.

Your security team is honed in on the specific

and unique risk presented by Alex, Maria and

Chris – and the rest of the recognizable lineup

of “usual suspects.”

A Smarter Outcome:

Take a look back — see all activity.

Your security team has the historical breadth to

follow the best practice of looking back at the

last 90 days of file activity — when most data

theft happens.

33

GIVE YOUR TEAM UNIQUE CAPABILITIES THAT DRIVE

SMARTER OUTCOMES.The unique capabilities of Next-Gen DLP deliver smart outcomes that drive this powerful combination of efficiency,

efficacy and speed:

A Smarter Outcome:

Alerts you can trust.

Your security team is getting alerts that

means something. No more alert fatigue; just

focused alerts that you know deserve your

full attention.”

Next-Gen Capability:

Fast Response

Armed with full visibility into exactly what

has happened, you can quickly take action

to address the specific, identified risk. This

generally begins with requiring the files be

returned or deleted, but may also include

escalating to management, taking disciplinary

action through HR, or sending a legal notice to

the employee.

A Smarter Outcome:

See the file in question.

Make an informed decision.

Access to the file in question enables you to

make a fully informed decision about whether

it’s acceptable, harmless activity — or if it

warrants a response.

Next-Gen Capability:

File Access

When you’re alerted of risky file activity, you

can quickly access the file(s) in question —

even restoring files that users have deleted.

A Smarter Outcome:

Take confident action sooner.

You’re getting all the facts — and getting

them in near-real-time. You can respond

quickly and confidently to protect against the

identified risk(s).

34

BE THE HERO TO THE C-SUITE.

Money talks — and business leaders listen. That’s why talking risk mitigation to business

leaders is typically so tough. They don’t want to hear about what might have happened

— they want to see what you’ve done. The money you’ve saved. The value you’ve

added. Next-gen DLP gives you the compelling metrics you need. Hard numbers that you

can point to — proving the value you bring to your business. Hard numbers your business

leaders can point to — showing they’re helping move the organization forward.

5. Forrester Total Economic Impact study, 20196. Forrester Total Economic Impact study, 20197. Forrester Total Economic Impact study, 2019

PAYBACK IN

3 MONTHS7

That’s more than two dollars

earned for every dollar spent.

The bottom line:

Next-gen Data Loss Protection

stops your biggest insider threats

for just a day.

230% ROI Forrester calculated a risk-

adjusted Return on Investment

(ROI) of 230% over three years.5

$925,000

NPV (Net Present Value)6

33 CENTS

35

IT’S TIME FOR A NEW APPROACH TO

STOPPING INSIDER THREAT.

When the “market leader” in legacy DLP can’t stop insiders from walking out the

door with trade secrets, it’s clear that the time has come for a new approach.

Prevention will fail. Response is what counts.

Putting all your resources behind legacy DLP’s all-or-nothing approach to stopping

data exfiltration isn’t working. It never worked. It won’t work. Your business success

depends on your employees’ ability to work freely – and intentional data thieves

will always be one step ahead of rigid policies. You need to shift your focus to

enabling rapid identification and response to data loss threats as they happen.

It’s always been the usual suspects.

No security team has endless resources, so trying to actively monitor every single

employee will only lead to frustration and alert fatigue. Moreover, looking at every

employee as an equal threat just ignores the facts: 80% of insider threat incidents

stem from the same three common scenarios. Focusing in on these usual suspects

– employee departures, M&A and re-orgs, and employees with high-value data

access – enables you to hone your resources to make the biggest impact.

You can’t stop what you can’t see. You shouldn’t be flying blind.

Rapid response hits a dead end when you can’t get the answers you need. Your

security team needs to do more than identify the weird data events – they need to

be able to immediately see the exact files and where they’ve moved.

Enable faster response.

To move from alert to response quickly, you need full access to every file, so you

can investigate unusual events, confidently assess the risk and swiftly take action.35

AVOID THE EMBARRASSMENT.

PROTECT YOUR DATA. BE THE HERO.

It’s time to see how Code42 Next-Gen Data Loss Protection can give your security

team the powerful visibility and focus you need to see your threats and respond

quickly – before the damage is done. Save time and money. Save frustration and

embarrassment. Protect your trade secrets and valuable files – and save the day.

DATA LOSS PROTECTION FOR WHEN PEOPLE QUIT

CORPORATE HEADQUARTERS | 100 WASHINGTON AVENUE SOUTH | MINNEAPOLIS, MN 55401 | 612.333.4242 | CODE42.COM

Code42, the leader in cloud-based endpoint data security and recovery, protects more than 47,000 organizations worldwide. Code42 enables IT and security teams to centrally manage and protect critical data for some of the most recognized brands in business and education. From monitoring endpoint data movement and use, to meeting data privacy regulations, to simply and rapidly recovering from data incidents no matter the cause, Code42 is central to any organization’s data security strategy. Code42 is headquartered in Minneapolis, MN and backed by Accel Partners, JMI Equity, NEA and Split Rock Partners. For more information, visit code42.com. © 2019