Code42 Forensic File Search delivers visibility to file movement across cloud services

Code42 has extended the investigation capabilities of its Code42 Forensic File Search product beyond endpoints to include cloud services, offering security teams visibility to data no matter where it lives and moves.

To start, the company is offering this new expanded cloud search capability for Google Drive and Microsoft OneDrive. In the near future, Code42 plans to broaden its support to additional cloud services, such as Box and Slack.

Code42 Forensic File Search will save time for security teams — cutting the time it takes to investigate, respond to and recover from data security incidents. The product can search billions of file events in seconds across all endpoints and cloud services.

“When it comes to threat investigation, hunting and remediation, workflows are getting more complicated. As a result, incident response is taking longer, dwell times are increasing and organizational risk is growing,” said Vijay Ramanathan, senior vice president of product management at Code42.

“By creating a single, simple view to all file activity across both endpoints and cloud applications, we can give security teams comprehensive near real-time answers to complicated data security questions. You no longer need to spend weeks sifting through piles of data from multiple tools in order to arrive at a single answer.”

Code42 Forensic File Search helps security teams shrink the time it takes to triage a wide variety of security incidents, reducing hours, and even days, to seconds. Scenarios include:

• Which users had copies of this file on their endpoints or cloud folders? Who were the files shared with and when?
• How did this file end up on a user’s computer even though it was secured in a restricted folder in the company’s Microsoft OneDrive or Google Drive account?
• What files in the company’s Microsoft OneDrive or Google Drive account include public links or links shared with non-company individuals?
• What files did an employee download, share, delete or transfer from the company’s endpoints or cloud services months before resigning?

Security professionals can use Code42 Forensic File Search to:

• Collect forensic details on files and file events across endpoints and cloud services.
• Search and investigate file activity across all endpoints and cloud services in seconds — even when they are offline.
• Gather current and historical file events and metadata details, including MD5 and SHA-256 hashes, date ranges, and file types and paths.

“Code42 Forensic File Search is a natural addition to a security stack,” said Ramanathan. “Going forward, we will continue to expand the product to offer even more search capabilities, including the ability to look for sensitive data patterns within files.”