1
THE USUAL SUSPECTSSee them. Stop them. Be the hero.
3 WAYS TO PROTECT DATA FROM INSIDER THREATS.
INSIDER THREATS KEEP HAPPENING.
THE EMBARRASSMENT IS REAL.
Stopping accelerating insider threats is the biggest challenge facing security teams
today. But this isn’t news to you – because high-profile insider threat incidents are in
the news every week, causing embarrassing damage to some of the most respected
companies around the world.
Why can’t organizations stop them?
We all know about the insider threat program, so why are 90% of insider threats going
undetected – often for weeks or months? Because most organizations remain completely
unprepared to stop insiders from taking trade secrets and other valuable information.
Less than 20% of enterprise organizations have a defined insider threat program — and
most are counting on legacy DLP solutions that just aren’t up to the task.
You’re missing the usual suspects.
Sure, it could be anyone; it could be any time.
But the truth is that 80% of insider threat
incidents stem from three common scenarios:
departing employees, company re-orgs and
employees with access to your high-value files.
Security teams need to start by focusing on the
“usual suspects.”
You can’t stop what you can’t see.
Legacy DLP can tell you if some things happen,
but its limited visibility leaves security teams
flying blind. They can’t see all file activity, so
they can’t see creative policy workarounds.
They can’t see every file, so they can’t rapidly
investigate and respond. They can’t stop what
they can’t see.
2
3
IT’S TIME FOR A NEW APPROACH.
Security teams need to shift the paradigm on insider threat. Prevention will fail. Response
is what counts. By focusing in on the usual suspects – and enhancing your visibility
so you can see all files and file activity – your security team can reliably protect your
organization’s trade secrets and proprietary information — and save your business the
embarrassment and damage of letting this valuable information walk out the door.
Insiders account for
MORE THAN HALF
of all data loss incidents.
Insider threats
INCREASED 50% over the past four years.
4
IT’S ONLY GOING TO GET WORSE.
You’ve heard the scary statistics on insider threat. It’s a problem that’s not going
away – and is actually accelerating, thanks to three key factors:
Data is more valuable than ever.
Here’s a foundational stat of the so-called “knowledge economy”: Today, 80% of
the typical company’s value lies in its trade secrets and intellectual property (IP).
Trade secrets and IP aren’t just valuable to the business (and potentially valuable
to competitors); they’re tremendously valuable to your employees. Data is the
“product” most employees create and proof of the value they deliver. They feel a
sense of ownership, so it’s no surprise that they want to show it off (e.g., helping
them land a new job) and they want to take it with them (whether they’re leaving
voluntarily or not).
Data is more portable than ever.
Moving – and removing – data in an organization has never been easier.
Employees can store hundreds of gigabytes on their smartphones. They can
quickly take 1TB or more of data on a thumb drive. They can quickly transfer
dozens – or hundreds – of files to personal cloud storage services like Dropbox.
They can instantly share files through Slack, Microsoft Teams and other messenger
apps. Moreover, businesses recognize that their productivity, collaboration and
innovation depend on enabling employees to easily move files and data around
every day – so there’s tremendous incentive to continue expanding and enhancing
data portability.
4
5
Data is more valuable than ever.
Data is more portable than ever.
Organizations are in a constant state of change.
5
6
Organizations are in a constant state of change.
Perhaps the biggest change driving increasing insider threat is change itself: Several trends
in the workforce and across the global corporate landscape have come together to make
significant changes — and their associated risks are an ever-present reality for just about
any organization.
INCREASING TURNOVER: People are leaving jobs more frequently than
ever, which also means companies are hiring new
employees at a higher rate. Each situation presents
unique risks.
INCREASING M&A: M&A activity remains at high levels. Most M&A deals
are really IP/trade secret deals.
FREQUENT RE-ORGS: The buzzwords of constant innovation, business agility
and operational efficiency are driving more frequent
strategic redirections – from reductions in force
to shifting or rotating employees into new roles to
spur innovation.
The reality is that most organizations are dealing with multiple major changes at any given
time. In fact, this constant state of change is a core characteristic of the kind of ingenuity and
agility required to thrive as a business today.
7
INSIDERS ARE EMBARRASSING ORGANIZATIONS EVERY DAY.
Experts estimate that a startling 90% of insider threats go undetected – at least until a competitor beats you to market with suspiciously similar
product or steals some of your biggest clients. Scan the headlines any given week and you’ll find stories of insiders at some of the most respected
companies in the world walking out the door with trade secrets, IP and other incredibly valuable business files and data:
Even DLP “market leaders” are failing spectacularly
News recently broke that McAfee, the self-appointed “market leader” in traditional data loss prevention solutions, let several departing finance
and sales employees walk out the door with trade secrets (pricing info, marketing plans, customer lists and more) worth millions. This wasn’t a
sophisticated heist; the evil geniuses just put files on thumb drives or emailed them to personal accounts.
AMAZON
Discovered employees
were taking bribes to leak
confidential information
on how to game Amazon’s
review system.
GE
A top engineer
in GE’s Power &
Water division stole
trade secrets on its
turbine technologies.
MICRON
Ex-employees stole trade
secrets worth $400 million
from the semiconductor
manufacturer.
BASF
Employees were taking
payments in exchange
for stealing trade secrets
worth millions.
SUNPOWER
An executive emailed
himself trade secrets before
jumping to a competing solar
energy company.
DESJARDINS
One of the world’s largest
banks found that an
employee inappropriately
accessed nearly 3 million
customers’ private data.
THE STORY YOU’VE BEEN TOLD IS A LIE.
When even the “market leader” in data loss prevention solutions can’t stop insiders, you know
it’s time for an honest look at how we’re approaching the problem. The truth is that the scary
and daunting narrative around insider threat simply doesn’t line up with the truth about where
it’s coming from – and how to stop it. The story you’ve been told is a lie.
THE SCARY NARRATIVE:
INSIDER THREAT IS
LURKING EVERYWHERE
As Zero Trust moves from a buzzword to a
reality (or at least a goal), more and more
organizations are embracing a terrifying
narrative: The insider threat could be anyone.
It could happen at any time. It’s probably
happening right now. THE CALL IS COMING
FROM INSIDE THE HOUSE.
It’s a compelling narrative — and it’s pulling your
attention away from your biggest threats.
Security teams need to start by focusing on the
“usual suspects.”
THE DAUNTING DEMAND:
STOP EVERYTHING
Data loss prevention remains the accepted
paradigm in the security industry. It’s a tall
order: Looking at everyone – and trusting no
one. Recognizing every threat – and stopping
them before they even start.
8
9
BUT IT’S FAILING IN PRACTICE.
IN THEORY.
SOUNDS IDEAL
CHRIS
Chris works on a production team of a
top-rated TV show – and he’s getting paid
to leak the season finale.
10
ALEX
Alex just got a new job – and he’s
taking his customer lists with him.
MARIA
Maria just got laid off as part of an
M&A – and she’s taking the company’s
product roadmap with her.
MEET THE USUAL SUSPECTSIt could be anyone. It could be any time. But in fact, more than 80% of insider threat incidents stem from
three common scenarios:
QUITTERS M&A + RE-ORGS HIGH-VALUE DATA ACCESS
11
THE REALITY: PREVENTION WILL FAIL.
RESPONSE IS WHAT COUNTS.
Even if you’ve focused your security resources on the usual suspects, the truth is that you’ll
never fully put a stop to employees taking files and data. The most sophisticated policies still
can’t keep up with creative workarounds. And rigid rules will only stifle the ideas and innovation
that your insider threat program is ultimately trying to protect. Moreover, the actual damage to
your business doesn’t come from the act of data theft – but rather from the unmitigated sharing
of those trade secrets and IP.
“ Rather than going immediately to wholesale
monitoring, we believe that organizations
should take a more nuanced approach...The
key to this approach is microsegmentation,
which identifies particular groups of
employees that are capable of doing the
most damage, and then develops focused
interventions specific to those groups.”
– McKinsey & Company,
“Insider threat: The human element
of cyberrisk,” 2018
11
12
IF YOU CAN’T SEE, YOU CAN’T RESPOND.
Insider threats happen when you can’t answer these basic data security questions:
• WHAT DATA DO YOU HAVE?
• WHERE DOES THAT DATA LIVE?
• WHO HAS ACCESS TO THAT DATA?
• HAS DATA LEFT?
• WHAT DATA LEFT?
If your security team lacks the visibility to answer all of those questions, then you can’t
accurately identify and rapidly respond to insider threats – no matter how narrowly you
target your insider threat program.
Legacy DLP is Letting You Down
Traditional data loss prevention products were
built to protect structured, regulated data
like account numbers and patient records –
they were never meant to deal with insider
theft of trade secrets, IP and other dynamic,
unstructured data.
Overburdened by policy management: 76%
of organizations say their security teams are
struggling to adapt DLP policies to account for
dynamic business and user needs.1
Stifled by rigid rules: Three-quarters of
organizations agree that legacy DLP is
hindering productivity and collaboration.2
Numbed by alert fatigue: With the endless
stream of alerts – and false positives – 2 in
3 organizations say their DLP solution isn’t
adequately prioritizing or triaging threats.3
1 Forrester TLP2 Forrester TLP3 Forrester TLP
13
LEGACY DLP LEAVES YOU FLYING BLIND.
Four out of five organizations are leaning on legacy DLP solutions to enable their Zero
Trust environments. But legacy DLP really only answers one of those questions — some
of the time: has data left? Because you don’t know who has (or has access to) what data,
your DLP rules fail to catch all the creative ways that quitters take data. And when you do
catch it, you can’t always tell exactly what’s happened, what’s been taken, and what you
should do about it.
The truth is that legacy DLP leaves you flying blind: unable to fully identify the weird
data events that signal insider threat, and unable to effectively investigate those files to
determine what’s been taken – and what you should do next. It’s just one of the reasons
that 81% of organizations agree that they need a better option than legacy DLP.
13
14
YOU NEED SIMPLER
DETECTION.
YOU NEED FASTER
RESPONSE.
YOU NEED NEXT-GEN
DATA LOSS PROTECTION.
15
THE NEXT-GENERATION APPROACH:
CODE42 DATA LOSS PROTECTION
It’s time to change the paradigm on insider threat. Instead of targeting everyone and
stopping hardly anyone, it’s time to start focusing on the right people: the usual suspects
that account for 80% of insider threats. And instead of tools that take an all-or-nothing
approach to prevention, it’s time to start focusing on tools that enable rapid, effective
response when an incident does happen.
Focus on your biggest risks.
SEE THE USUAL SUSPECTS
By homing in on the specific user groups and
common scenarios that present the biggest
insider threat risk to your organization, you
can more effectively allocate your security
resources – tools and staff – to monitoring,
identifying and responding to threats as
they emerge.
Eliminate blind spots and
respond faster.
STOP THE DAMAGE
Gain comprehensive visibility into all files
and all file activity, giving your security team
the ability to quickly spot weird data events
– and to dive into the files themselves to
understand the actual risk and determine the
appropriate response.
1616
MEET ALEX.
Alex is a mid-level sales rep at Globex Corporation. He’s 32, one kid, one dog, loves
kayaking, came from one of your biggest competitors and has quickly earned respect
around the office. Alex is about to join the more than 40 million people that quit their jobs
in the last year.4 He’s has landed a new sales gig at a competing company — lured by a
promotion and a nice raise.
Alex gets added to the Quitter alert profile.
Because you know that 2 in 3 departing employees admit to taking data when they leave – and
that quitters account for around half of insider threat incidents – you’re utilizing the pre-built
departing employee alert profile and workflow. As soon as Alex gives his notice, your security team
adds him to the departing employee alert profile.
4 Forrester TLP
Time frame of events
Within 15 minutes
And
File count greater than:
Total size greater than:
File size & count
File exfiltrated by:
Specific user(s)
Departing Employee (Voluntary)
Alright – I've added a security alert.
17
You take a closer look at Alex.
Adding Alex to the departing employee profile also triggers an automatic
90-day historical review – because you know that the vast majority of
data theft happens before quitters give their notice. Your security team
looks back at the last 90 days of Alex’s file activity. Fortunately, the review
shows nothing unusual happened.
Exposure type includes
Public on the web
Activity on removable media
Public via direct link Re
1-100 of 133 Results
Date Observed Event Type Filename File Path
Username is
Observed on or before
Last 90 days
2019-02-22 15:39:30 (UTC) New file family-trip.jpg C:/Users/Alex/OneDrive
2019-02-22 15:39:30 (UTC) New file esdstub.dll C:/Users/Alex/OneDrive
2019-02-27 21:25:33 (UTC) New file desktop.ini C:/Users/Alex/OneDrive
2019-03-07 18:55:41 (UTC) Modified desktop.ini C:/Users/Alex/OneDrive
2019-02-22 15:39:30 (UTC) No longer observed photos.pdf E:/
2019-02-22 15:39:30 (UTC) No longer observed cosquery.dll E:/
Nope! Everything looks good so far.
Activityy on removable media
Thanks! See any high-risk activity?
Alex moves files to Dropbox — and you see it.
Three days after giving his notice, your security team receives an alert
that Alex added several files to a Dropbox account minutes ago.
Code42 Alert: HighCode42
Exposure type
Time range of events
Endpoint File ExposureLarge amount of file exposure events
I may have found something.
18
YOU SEE EXACTLY WHAT ALEX MOVED.Looking at the list of files Alex moved to Dropbox, most look harmless – a W-9 form, his resume, a
few photos — but the file named EastCoast_Contacts.xlsx sounds like it could be a customer list.
1-6 of 6 Results
Date Observed (UTC) Event Type Filename File Category
2019-02-22 15:39:30 (UTC) Modified SalesProposalTemplate.pptx Presentation
2019-02-22 15:39:45 (UTC) Modified EastCoast_Customers.xlsx Spreadsheet
2019-02-22 15:40:02 (UTC) Modified 2019_AlexResume.docx Document
2019-02-22 15:40:30 (UTC) Modified Family-Vacation.jpg Image
2019-02-22 15:40:45 (UTC) Modified Alex Johnson W-9.xlsx Spreadsheet
2019-02-22 15:41:15 (UTC) Modified Project Summary.docx Document
Yup – there’s a file that looks like a risk.
18
1919
YOU OPEN THAT FILE.There’s no guesswork about whether the file in question is sensitive or valuable.
You simply open the file and immediately see that, yes, it’s a list of all of Alex’s
customer contacts on the east coast.
Reception Hub
Cloud Coder
NestEasy
Ivy Ladder
Nuvallo
Catherine Pierce
Joel Fox
Patrick Poole
Annie Ross
Beulah Reeves
[email protected] +1 (212) 555-9450
+1 (803) 555-1219
+1 (215) 555-3415
+1 (212) 555-8589
+1 (401) 555-9813
Company Name
EastCoast_Customers.xslx
Client Name Email Address Phone Number
Restored the file. It’s definitely proprietary and needs to be removed.
20
YOU MAKE ALEX PERMANENTLY DELETE
THE FILE FROM DROPBOX.
You call Alex’s manager with a clear and confident response plan. Alex’s manager
tells Alex that we know exactly what he’s taken — and his manager watches as Alex
permanently deletes the file from his Dropbox account.
YOU STOPPED ALEX. YOU’RE THE HERO.
You get to tell your C-suite that you hunted down Alex. That you beat him at his own
game and stopped him from poaching customers.
EastCoast_Customers.xslx
Permanently Delete
Watched him delete the file, so we’re all set.
2121
MEET MARIA.
Maria is a marketing coordinator at Acme Corporation, which is in the process of
merging with Stark Industries. She’s been a steady performer, but she’s ultimately less
experienced than most of the Stark marketing team. Maria’s getting laid off – with a nice
severance package to cushion the blow.
Maria gets added to the M&A alert profile.
HR and security work together on employee offboarding, so HR has already provided security with
the names of all employees that will be let go as result of the merger. Security adds Maria to the
pre-built M&A alert profile and monitoring workflow.
22
You put a legal hold on Maria’s files.
Before Maria is notified that she will be let go, security proactively adds
her to a legal hold to preserve her files in case of litigation. You’ve
automatically collected and stored all of Maria’s files in the cloud,
preventing tampering and deletion, and enabling easy access when and if
eDiscovery is needed.
Time frame of events
Within 15 minutes
And
File count greater than:
Total size greater than:
File size & count
File exfiltrated by:
Specific user(s)
Alright – I've added a security alert.
Acme Co. Acquisition Separations
Maria emails files to herself – and you see it.
Shortly after Maria meets with her manager and learns she’s being let
go, security receives an alert that Maria has logged into her personal
Gmail account and sent herself five files.
Name
Maria Garrison
Devices Organization
I’ve also added all their names to the legal hold.
2323
3 IN 4
M&A deals are delayed or
destroyed by data loss
DATA LEAKSare a big reason that 80%
of M&As fail to achieve
expected value
24
YOU SEE EXACTLY WHAT MARIA SENT.You look through the five files Maria emailed to herself: campaign results from a few of Maria’s
most successful projects, marketing personas she helped develop, and a few files labeled
“Project Tiger.”
24
Code42 Alert: HighCode42
Exposure type
Time range of events
Number of files
Acme Co. Acquisition HoldLarge amount of file exposure events
Got an alert… Looks like Maria sent 5 files to her personal email.
25
YOU OPEN THOSE FILES.You don’t need to contact Maria’s manager to ask about Project Tiger. You simply open
the file named “ProjectTiger_LaunchStrategy.docx” and see that it contains confidential
information on the development roadmap of your flagship product.
1-6 of 6 Results
Date Observed (UTC) Event Type Filename File Category
2019-02-22 15:39:30 (UTC) Modified 2019CampaignResults.xlsx Spreadsheet
2019-02-22 15:39:50 (UTC) Modified ProjectTiger_LaunchStrategy.docx Document
2019-02-22 15:40:30 (UTC) Modified MarketingPersonas.docx Document
2019-02-22 15:42:30 (UTC) Modified SalesProposalTemplate.pptx Presentation
2019-02-22 15:42:59 (UTC) Modified Darrell Garrison W-9.xlsx Spreadsheet
2019-02-22 15:44:59 (UTC) Modified Project Summary.docx Document
Looked into it and found a number of files that look suspicious.
25
26
Project Summary
Key Stakeholders
ProjectTiger_LaunchStrategy.docx
Restored the files. They’re definitely proprietary and need to be deleted.
MARIA MUST DELETE THE EMAIL.
You have the full information you need to take immediate action: HR has
a meeting with Maria to let her know that they can see she’s taken the
product roadmap files. HR watches Maria delete the email containing the
file attachments – and confirms that the files were not copied or synced to
another location.
YOU STOPPED MARIA. YOU PROTECTED
THE M&A DEAL. YOU’RE THE HERO.
You get to tell your C-suite that you stopped Maria from delaying, damaging or even
destroying the merger with Stark Industries. You preserved your trade secrets – and
protected the full value of your company.
2727
MEET CHRIS.
Chris works at 123 Networks, where he’s on the production team of the network’s
highest-rated TV series. The hugely popular show is wrapping up production on the
highly anticipated season finale. The network has been burned by leaks before, so it
knows it can’t afford to let the highly anticipated final episode leak before the air date.
Chris gets added to the high-value access alert profile.
The production team works together on each episode, sending and sharing files between each
other as they collaborate. Since each member has full access privileges to the high-value video
files, security adds Chris and his fellow team members to the pre-built high-value access alert
profile and monitoring workflow.
Time frame of events
Within 15 minutes
And
File count greater than:
Total size greater than:
File size & count
File exfiltrated by:
Specific user(s)
Alright – I've added a security alert.
Production Team Activity Monitoring
28
CHRIS MOVES A LARGE FILE TO AN
EXTERNAL DRIVE – AND YOU SEE IT.
Just 10 days before the episode air date, security receives an alert that Chris just moved a large
file to an external hard drive. You can see the vendor name and serial number of the device, as
well as the file name: S6_E23_0024f.mp4.
Code42 Alert: HighCode42
Exposure type
Time range of events
Number of files
Production Team Activity MonitoringLarge amount of file exposure events
Time range of events
Number of files
I may have found something.
28
29
YOU OPEN THAT FILE.
You open the file named S6_E23_0024f.mp4 and, sure enough, it’s a 43-minute
video of the entire season finale.
S6_E23_0024f.mp4 Restored the file. It’s the season finale.
29
30
Dear Chris,
Alright, sent him a legal notice.
CHRIS MUST RETURN THE
HARD DRIVE.
You contact Legal and they send a sternly worded letter to Chris requiring him to
return the hard drive – specifying the vendor name and the exact serial number
of the hard drive in question – and outlines potential legal action if Chris fails
to fully comply. Chris is hoping to keep his job – and doesn’t want to end up in
court or in jail – so he promptly brings the hard drive in to the office the very
next day.
YOU STOPPED CHRIS. YOU SAVED THE
SEASON FINALE. YOU’RE THE HERO.
You get to tell network leadership that you hunted down Chris before anything bad
happened. You kept the season finale from leaking. You protected the ratings of the
show and the reputation of the network.
31
BE THE HERO TO YOUR TEAM.
By shifting to next-gen data loss protection, you’re not just stopping the usual suspects
and protecting your business from insider threat — you’re saving your team time, money
and frustration.
Focused efforts. Simple workflows.
With your legacy DLP solution, your team was struggling to manage and adapt the
complex web of policies — and buried in endless alerts. But with next-gen data loss
protection, you’ve focused your team’s efforts on your biggest risks — and you’ve given
them simple, purpose-built workflows triggered by specific events:
ADD Add user to alert profile
LOOK BACK Review last 90 days of file activity
DETECT Receive targeted alerts via email or SIEM
INVESTIGATE Examine flagged file activity in-depth
REVIEW Restore file(s) in question to review exact contents
LOOK BACK Review last 90 days of file activity
RESPOND Close case OR escalate to LOB manager, HR, Legal, etc.
“ As an outcome of adopting Code42,
organizations reduced the time spent by IT
and security on data collection, recovery
and investigations — giving staff capacity to
support other initiatives.”
– Forrester Total Economic Impact Study, 2018
“ Moving to Code42 was a transition from having
multiple teams that put a lot of efforts and hours
to conduct investigations, to having one person
achieve better results with a few clicks.”
– Senior Manager on Equipment Services Team,
Forrester Total Economic Impact Study, 2018
32
GIVE YOUR TEAM UNIQUE CAPABILITIES THAT DRIVE
SMARTER OUTCOMES.The unique capabilities of Next-Gen DLP deliver smart outcomes that drive this powerful combination of efficiency,
efficacy and speed:
Next-Gen Capability:
Trigger-Based, High-Risk Alert Profiles
Leverage pre-built alert profiles for your
most high-risk scenarios, including departing
employees, staff re-orgs and employees
with access to high-value data. Specific
triggers allow you to consistently monitor the
“usual suspects.”
Next-Gen Capability:
Forensic Depth
Detect when your employees move files to
removable media devices, web browsers,
web applications and cloud sync folders,
as well as when they share files externally
via corporate OneDrive, Google Drive and
Box environments.
Next-Gen Capability:
Historical Breadth
Because you’re constantly monitoring file
activity for all employees, you can instantly
conduct historical analysis of file activity for
any employee. Narrow your investigation by
timeframe, exposure type, file category, file
name, file hash and more.
Next-Gen Capability:
Customizable Alerts
Easily customize alerts for near-real-time
notification of risky behavior based on the type
of activity (removable media, web browsers/
apps, cloud sync applications or file sharing)
as well as by file size and count. Alerts don’t
depend on data classification, because
Code42 automatically assigns file categories
to help you identify your most important data
at a glance.
A Smarter Outcome:
Focus on your biggest risks.
Your security team is honed in on the specific
and unique risk presented by Alex, Maria and
Chris – and the rest of the recognizable lineup
of “usual suspects.”
A Smarter Outcome:
Take a look back — see all activity.
Your security team has the historical breadth to
follow the best practice of looking back at the
last 90 days of file activity — when most data
theft happens.
33
GIVE YOUR TEAM UNIQUE CAPABILITIES THAT DRIVE
SMARTER OUTCOMES.The unique capabilities of Next-Gen DLP deliver smart outcomes that drive this powerful combination of efficiency,
efficacy and speed:
A Smarter Outcome:
Alerts you can trust.
Your security team is getting alerts that
means something. No more alert fatigue; just
focused alerts that you know deserve your
full attention.”
Next-Gen Capability:
Fast Response
Armed with full visibility into exactly what
has happened, you can quickly take action
to address the specific, identified risk. This
generally begins with requiring the files be
returned or deleted, but may also include
escalating to management, taking disciplinary
action through HR, or sending a legal notice to
the employee.
A Smarter Outcome:
See the file in question.
Make an informed decision.
Access to the file in question enables you to
make a fully informed decision about whether
it’s acceptable, harmless activity — or if it
warrants a response.
Next-Gen Capability:
File Access
When you’re alerted of risky file activity, you
can quickly access the file(s) in question —
even restoring files that users have deleted.
A Smarter Outcome:
Take confident action sooner.
You’re getting all the facts — and getting
them in near-real-time. You can respond
quickly and confidently to protect against the
identified risk(s).
34
BE THE HERO TO THE C-SUITE.
Money talks — and business leaders listen. That’s why talking risk mitigation to business
leaders is typically so tough. They don’t want to hear about what might have happened
— they want to see what you’ve done. The money you’ve saved. The value you’ve
added. Next-gen DLP gives you the compelling metrics you need. Hard numbers that you
can point to — proving the value you bring to your business. Hard numbers your business
leaders can point to — showing they’re helping move the organization forward.
5. Forrester Total Economic Impact study, 20196. Forrester Total Economic Impact study, 20197. Forrester Total Economic Impact study, 2019
PAYBACK IN
3 MONTHS7
That’s more than two dollars
earned for every dollar spent.
The bottom line:
Next-gen Data Loss Protection
stops your biggest insider threats
for just a day.
230% ROI Forrester calculated a risk-
adjusted Return on Investment
(ROI) of 230% over three years.5
$925,000
NPV (Net Present Value)6
33 CENTS
35
IT’S TIME FOR A NEW APPROACH TO
STOPPING INSIDER THREAT.
When the “market leader” in legacy DLP can’t stop insiders from walking out the
door with trade secrets, it’s clear that the time has come for a new approach.
Prevention will fail. Response is what counts.
Putting all your resources behind legacy DLP’s all-or-nothing approach to stopping
data exfiltration isn’t working. It never worked. It won’t work. Your business success
depends on your employees’ ability to work freely – and intentional data thieves
will always be one step ahead of rigid policies. You need to shift your focus to
enabling rapid identification and response to data loss threats as they happen.
It’s always been the usual suspects.
No security team has endless resources, so trying to actively monitor every single
employee will only lead to frustration and alert fatigue. Moreover, looking at every
employee as an equal threat just ignores the facts: 80% of insider threat incidents
stem from the same three common scenarios. Focusing in on these usual suspects
– employee departures, M&A and re-orgs, and employees with high-value data
access – enables you to hone your resources to make the biggest impact.
You can’t stop what you can’t see. You shouldn’t be flying blind.
Rapid response hits a dead end when you can’t get the answers you need. Your
security team needs to do more than identify the weird data events – they need to
be able to immediately see the exact files and where they’ve moved.
Enable faster response.
To move from alert to response quickly, you need full access to every file, so you
can investigate unusual events, confidently assess the risk and swiftly take action.35
AVOID THE EMBARRASSMENT.
PROTECT YOUR DATA. BE THE HERO.
It’s time to see how Code42 Next-Gen Data Loss Protection can give your security
team the powerful visibility and focus you need to see your threats and respond
quickly – before the damage is done. Save time and money. Save frustration and
embarrassment. Protect your trade secrets and valuable files – and save the day.
DATA LOSS PROTECTION FOR WHEN PEOPLE QUIT
CORPORATE HEADQUARTERS | 100 WASHINGTON AVENUE SOUTH | MINNEAPOLIS, MN 55401 | 612.333.4242 | CODE42.COM
Code42, the leader in cloud-based endpoint data security and recovery, protects more than 47,000 organizations worldwide. Code42 enables IT and security teams to centrally manage and protect critical data for some of the most recognized brands in business and education. From monitoring endpoint data movement and use, to meeting data privacy regulations, to simply and rapidly recovering from data incidents no matter the cause, Code42 is central to any organization’s data security strategy. Code42 is headquartered in Minneapolis, MN and backed by Accel Partners, JMI Equity, NEA and Split Rock Partners. For more information, visit code42.com. © 2019