Code42 and Splunk Partner to Enhance Detection and Response to Insider Threat Events

Incydr’s context-rich alerts help security teams and SOC analysts prioritize insider risk, speed response and investigate data leaks and malicious insider threats to company data

Today, Code42, announced it is to deliver its data exfiltration alerts and dashboards within the Splunk® Security Operations Suite. Security teams using the Code42 Insider Threat app for Splunk can identify and prioritize the most critical insider risk events, speeding response to data leaks and malicious attempts to exfiltrate data.

The Code42 Insider Threat app for Splunk will advance SOC analysts’ insider threat detection capabilities by making it easier to surface data leak alerts with context, simplifying triage and investigations. Accessible through Splunkbase, the Code42 Insider Threat app for Splunk will help security teams reduce investigation and response time.

FinancialForce, the leading provider of customer-centric business applications across finance, services and customer success teams, leverages the Code42 and Splunk integration to support their Insider Risk program. “This integrated risk score [between Code42 and Splunk] provides FinancialForce with a comprehensive view into risk,” said Aaron Momin, CSO for FinancialForce.

“It gives us a precise and factual indication of who is most likely to become an insider risk to the company. We can also group risk by function. So, for example, we can decipher that a certain function may tend to be the riskiest based on a concentration of employees with high risk scores,” he continued.

As a part of the offering, the Code42 Insider Threat app for Splunk enables organizations to operationalize insider risk workflows, such as employee offboarding, and mitigate Shadow IT risks. The app helps detect and visualize data movement to unsanctioned cloud applications, messaging systems and unmanaged devices.

Prioritize Real Insider Threat and Protect Intellectual Property

Today, two in three IT security leaders say they don’t know which Insider Risks to prioritize. The Code42 Insider Threat app for Splunk is powered by the Code42 Incydr product’s context-driven prioritization model, which correlates file, exfiltration destination and user risk indicators to surface and report on the risks that matter most to businesses. Through the app, Incydr sends prioritized alerts, audit log, file exposure and device health information to Splunk, where it is visualized in custom dashboards and can be triaged.

The Code42 app contains data exposure dashboards that provide a brief summary of detected high risk employees, insider risk cases, removable media transfers, cloud file shares, cloud desktop syncs, browser and app reads. These combined capabilities inform appropriate triage through the right human and automated response actions.

The Code42 Insider Threat app for Splunk provides insights that can be applied to existing SOC workflows. Features of the cloud-native app include:

  • Alert Prioritization: Gain actionable intelligence and reduce noise by ingesting Incydr prioritized alerts into Splunk.
  • Exposure Dashboards: Analyze and report on Insider Risk posture trends to quickly identify untrusted activity. At a glance, analysts can see the most critical user activity, destinations and events.
  • Audit Log Retention: Satisfy compliance requirements by retaining audit log metadata beyond 90 days.
  • Device Health Checks: Ensure analysts have accurate and up-to-date exfiltration information by making sure devices are checking in and sending data to respective clouds.

“The increased use of collaboration technology goes hand in hand with today’s hybrid work environments. As employees share files in their normal course of business, it is increasingly difficult for security analysts to determine which file activities are real threats to their business versus part of legitimate work,” said Ananth Appathurai, senior vice president of strategic partnerships and ecosystem at Code42. “Incydr tunes out 97% of noise created by employee collaboration to give security practitioners using Splunk the insight, control and transparency they need to speed response to the most critical insider threat events.”

Additional Code42 Resources

About Code42

Code42 is the Insider Risk Management leader. Native to the cloud, the Code42® Incydr™ solution rapidly detects data loss, leak and theft as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. The Code42® Instructor™ solution helps enterprises rapidly mature their Insider Risk Management programs by incorporating holistic, hyper-relevant Insider Risk education for end-users to reduce risk events due to accidental and negligent behavior.

With Code42, security professionals can protect corporate data and reduce insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, the Code42 Incydr solution is FedRAMP authorized and can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

More than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and is backed by Accel Partners, JMI Equity, NewView Capital and Split Rock Partners. Code42 was recognized by Inc. magazine as one of America’s best workplaces in 2020 and 2021. For more information, visit code42.com or join the conversation on our blog, LinkedIn, Twitter and YouTube.

© 2021 Code42 Software, Inc. All rights reserved. Code42, the Code42 logo, Incydr and Instructor are registered trademarks or trademarks of Code42 Software, Inc. in the United States and/or other countries. All other marks are properties of their respective owners.

Contacts

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.