Code42 integrates with Palo Alto Networks Cortex XSOAR (previously Demisto) to provide accelerated incident response and automated remediation to potential file exfiltration from insiders happening across endpoints, email, cloud and SaaS applications. The Code42 exfiltration playbook in Cortex XSOAR investigates potential file exfiltration and provides fast access to file events and metadata across physical and cloud environments.
Code42 together with Cortex XSOAR enables security teams to scale, standardize and accelerate their overall incident response process for Insider Risk, so they can quickly detect and respond to data risk when employees or temporary workers leave your organization.
- Identify potential data exfiltration and insider risk, while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
- Accelerate and standardize incident escalation workflows for insider threats throughout the employee lifecycle.
- Automate steps within the employee offboarding process by triggering a configurable lookback of an employee’s historic file movements for manager review.
- Right-size response to insider risk at scale, whether that be through automated action, alerting the employee’s manager for corrective conversation, or placing a user on legal hold.
- Remotely add employees to, or remove employees from, Code42 risk detection lenses for departing employees or high-risk users, or to legal hold from within Cortex XSOAR.
- Leverage hundreds of Cortex XSOAR third-party product integrations to coordinate response across security functions based on insights from Code42.