Skip to main content

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, no.

Incydr Basic, Advanced, and Gov F1, no.

CrashPlan Cloud, no.

Retired product plans, no.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Best practices for using Code42 to address insider risk

...

An Insider riskinsider threat is a potential for harm coming from people within an organization, such as employees, former employees, contractors, or business associates. An insider threat can compromise an organization's data, computer systems, or security, and the threat itself might be theft of information, fraud, or sabotage. This article provides best practices for security teams to follow in order to to most effectively detect insider threat file activities and respond to incidents.

This article applies only to

ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/p[3]/strong/ins/span, line 1, column 10
s with anis intended for customers running a on-premises
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/p[3]/strong/span, line 1, column 10
.c42}}
 

For
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/ins[1]/span[1], line 1, column 10
environments, see
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/ins[1]/span[2], line 1, column 10
.
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/span, line 1, column 10
. Customers using
Upgrade to the
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/div[1]/strong/span, line 1, column 10
 should

Upgrade to the
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/div[1]/a[1]/ins/span, line 1, column 10
see the cloud article
to take advantage of. Our features in the  
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/div[1]/a[2]/span, line 1, column 10
, our most advanced insider risk detection, investigation, and response features.
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/div[1]/ins[2]/span, line 1, column 10
offers many insider risk capabilities not available in on-premises environments
offer far greater insider threat detection and investigation capabilities than our on-premises offering.

...

...

User activity searches for users' security events detected by endpoint monitoring. Use this option when you want to view activity rather than receive notifications. You can see a trend of the user's activity over the last 60 days, providing a baseline of

typicalnormal activity that helps you identify spikes in file movement that signal unusualabnormal activity. 

...

If you already use

ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/p[8]/span, line 1, column 10
, contact your Customer Success Manager (CSM) 

at csmsupport@code42.com for assistance with:

...

If External resources
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/del[7]/span, line 1, column 10
:
 you do not know your CSM, please Inside Threat: The Evolving Nature of Attack Patternscontact our
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Best_practices_for_using_Code42_to_address_insider_risk), /content/body/a[2]/ins/span, line 1, column 10
.

External resources

...

Other changes:

  1. /body/div/a/@href:
  2. "/Administrator/Cloud/Monitoring_and_managing/Detect_and_respond_to_insider_risks""/Administrator/6/Monitoring_and_managing/Upgrade_to_the_Code42_Cloud"
  3. /body/div/a/@title:
  4. "Administrator/Cloud/Monitoring_and_managing/Best_practices_for_defending_against_insider_threat""Upgrade to the Code42 Cloud"
  5. /body/ul/li[2]/a/@href:
  6. "/Administrator/6/Monitoring_and_managing/Roles_resources/Roles_reference#Customer_Cloud_Admin""/Administrator/6/Monitoring_and_managing/Roles_resources/Roles_reference#SYSADMIN"
  7. /body/ul/li[2]/a/@title: nothing ⇒
  8. "Roles reference"
  9. /body/ul[5]/li[2]/a/@href:
  10. "/Administrator/6/Monitoring_and_managing/Detect_and_respond_to_insider_risks#Activity_notifications""/Administrator/6/Monitoring_and_managing/Detect_and_respond_to_insider_risks#Activity_Notifications"
  11. /body/ul[5]/li[2]/a/@title:
  12. "Best practices for defending against insider threat""Best practices for using Code42 to address insider risk"
  13. /body/p[11]/a/@href:
  14. "/Administrator/6/Monitoring_and_managing/Detect_and_respond_to_insider_risks#Third-party_tools""/Administrator/6/Monitoring_and_managing/Detect_and_respond_to_insider_risks#Integrations_with_third-party_security_tools"
  15. /body/p[11]/a/@title:
  16. "Best practices for defending against insider threat""Best practices for using Code42 to address insider risk"
  17. /body/p[12]/a/@href:
  18. "/Administrator/6/Code42_console_reference/User_Activity_and_Activity_Notifications_reference#User_Activity""/Administrator/6/Code42_console_reference/User_Activity_and_Activity_Notifications_reference#User_activity"
  19. /body/p[12]/a/@title:
  20. "Security Center reference""User Activity and Activity Notifications reference"
  21. /body/p[14]/a/@href:
  22. "/Administrator/6/Code42_console_reference/User_Activity_and_Activity_Notifications_reference#Activity_Notifications""/Administrator/6/Code42_console_reference/User_Activity_and_Activity_Notifications_reference#Activity_notifications"
  23. /body/p[14]/a/@title:
  24. "Security Center reference""User Activity and Activity Notifications reference"
  • Was this article helpful?