michelangelus - Fotolia
Endpoint data protection specialist Code42 Software Inc. has built threat detection into its platform through the ability to monitor file movement and identify unusual patterns.
The Code42 enterprise data protection and security platform tracks patterns in data movement to endpoints, such as USB devices, external hard drives, secure digital cards and the public cloud. The new threat detection capability, called Code42 Inside Threat Detection, tracks high-risk activity in file movement and issues alerts, so administrators can lock down files before sensitive data is leaked or stolen.
The updated endpoint data protection software issues reports that identify data movement trends in user behavior and illustrate exactly how much data is being moved and where. IT administrators can set alert thresholds on the size of the file movement and customize indicators for unusual user behavior that indicate a risk to data security.
"If somebody takes files that should not be taken, you get an alert that it is happening, so you can prevent the theft of intellectual property," said John Durant, CTO at Code42, based in Minneapolis. "This is an automated, silent monitoring capability that runs in the background. It's a centralized [function] that allows administrators to query a system and run reports and then take action."
Code42 Inside Threat Detection is a licensed feature of Code42's software. The Inside Threat Detection is now part of the Code42 enterprise data protection and security platform and available to all future customers, while existing customers have the option of adding it on.
Code42's software-as-a-service application performs continuous backups for data on Mac, Microsoft Windows and Linux systems. It does point-in-time recovery with granular file versioning. Code42 can dedupe a single file, folder or entire device. The endpoint data protection software is integrated with Splunk data analysis, a data visualization tool that handles real-time monitoring.
Durant said the software's automated reports show the specific files that are being moved and the data path.
"The data elements then are exported to Splunk, where they can then be visualized for information security," Durant said. "Our customers already are using Splunk a great deal, so they can visualize the data in a way they are already familiar."
Doug Cahill, senior analyst for cybersecurity at Enterprise Strategy Group Inc. in Milford, Mass., said the Code42 endpoint data protection software incorporates user behavior analytics to spot unusual patterns.
"Insider threats take many forms," Cahill said. "And detection falls under two categories: data loss prevention or user behavior analytics, which is about detecting anomalous user activity. In the case of Code42, it can establish normal patterns and detect data flow anomalies. All of a sudden, if the user is uploading 100 gigs of data to Dropbox, that is anomalous."
Backup still the best defense against ransomware
Endpoint backup software as ransomware protection
How to keep up with the ever-evolving DR model