Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

Code42 Next-Gen Data Loss Protection (DLP) best practices

Overview

Code42 Next-Gen Data Loss Protection (DLP) is a product suite of capabilities that help protect your company's information. This article provides best practices for Code42 administrators to follow so you can most effectively use Code42 Next-Gen DLP.

Considerations

What is Code42 Next-Gen DLP?

Traditional DLP versus Code42 Next-Gen DLP

Traditional data loss prevention (DLP) solutions use policies and blocking technology to attempt to prevent data loss. While policies can be effective, they require a great amount of setup and maintenance, and once in place, they can block employees from getting their work done.

Code42 Next-Gen Data Loss Protection (DLP) focuses on protecting all data against loss. By tracking all data, you can identify where it lives, who has access to it, and how it moves and changes. Code42 Next-Gen DLP helps you better detect insider threat, satisfy regulatory compliance requirements, and speed up incident response.

Watch the short video below for an introduction to Code42 Next-Gen DLP. 

How to get Code42 Next-Gen DLP

To get Code42 Next-Gen DLP if you are a new customer, contact sales. If you are an existing customer, contact your Customer Success Manager (CSM) at csmsupport@code42.com.

If you are an existing customer with an on-premises authority server or storage server, watch the video below to learn how to migrate to the Code42 cloud so you can get Code42 Next-Gen DLP. 

Best practices

We recommend you follow these best practices when you implement Code42 Next-Gen DLP. 

Collection

Code42 automatically collects and stores every version of every file across all devices. Code42 also indexes all file activity across devices and cloud services like Google Drive and OneDrive.

To optimize file collection:

  • Select all the users' files
    By default, the Code42 app collects all files in a user's home directory. Use inclusion and exclusion settings to include any additional files from users' devices, and exclude any that you do not want to collect. Remember that any files that you do not collect cannot be recovered in the event of a data loss incident.
  • Collect new file versions every 15 minutes
    To get the best coverage for file recovery, use the default frequency and versions settings to collect new file versions every 15 minutes. 
  • Enable file metadata collection
    Select Forensic search and Cloud search detection types when enabling endpoint monitoring (described in the next section). Turning on these settings allows Code42 to collect file metadata on all files on all devices and in cloud services, even if the files themselves are not being collected in archives.

Monitoring

Code42 permits you to see files being moved by users to removable media or shared via cloud services.

To optimize monitoring:

Investigation

Use Code42 to triage and prioritize data threats by searching file activity across cloud services and all devices, even when they are offline.

To optimize threat investigation:

  • Review user activity
    Run the User Activity report to search for users' security events detected by endpoint monitoring. The report can help you identify and visualize potential data leaks. You can also export the results to a CSV file for analysis or archiving.
  • Use Forensic File Search to monitor data activity
    Use Forensic File Search to create saved searches to routinely scan for threats. Create saved searches for any number of use cases, such as finding known malware, seeing the location of critical files, and identifying cloud files shared with external users.
  • Use the Code42 API to automate threat detection
    Use the Forensic File Search API to create customized searches that you can script to automate threat detection.

Preservation

Use Code42 to retain files for all employees, for as long as the files are needed to satisfy data retention requirements related to compliance or litigation.

To optimize file preservation:

  • Never remove deleted files from archives
    To preserve files for threat investigation, use the default frequency and versions settings to never remove deleted files from archives. 
  • Preserve files with Legal Hold for enhanced surveillance
    If you suspect employees of malicious file activity, use Code42 Legal Hold to preserve their files as evidence. The resulting gathered files can be used in legal proceedings as needed. Gathering files for a legal hold is invisible to users and can use different file selection and preservation settings than Code42's standard file collection.
  • Extend cold storage duration
    Cold storage is a temporary storage state for data after a user or device is deactivated in your Code42 environment. You can specify how long this data is retained in cold storage before it is permanently deleted. Extending the cold storage duration preserves data for a longer period to ensure it is available for threat investigation, especially in cases of employee departure. Keep in mind that users whose data is in cold storage still consume subscriptions.

Recovery

In the event of data loss (for example, deletion, corruption, or ransom), retrieve files from Code42 file archives.

To most effectively recover files: