FFS! Umm… Code42’s FFS doesn’t mean what you think it means

Backup supplier Code42 has an endpoint Forensic File Search (FFS) capability to which it has added the ability to monitor certain cloud services.

This is initially available for Google Drive and Microsoft OneDrive, and support for Box and Slack is pencilled for the near future.

Code42 claims its Forensic File Search will cut the time needed to investigate, respond to and recover from data security incidents. The product can search billions of file events in seconds across all endpoints and cloud services. 

Or, as a canned quote from Code42’s Vijay Ramanathan, SVP product management, puts it: “By creating a single, simple view to all file activity across both endpoints and cloud applications, we can give security teams comprehensive near real-time answers to complicated data security questions. You no longer need to spend weeks sifting through piles of data from multiple tools in order to arrive at a single answer.”

Metadata stored in the cloud allows for near instantaneous search results for all files across all endpoints and cloud services, even when offline.

FFS can help security teams answer questions such as;

  • Which users had copies of this sensitive file on their endpoints or cloud folders? Who were the files shared with and when?
  • How did this sensitive file end up on a user’s computer even though it was secured in a restricted folder in the company’s Microsoft OneDrive or Google Drive account?
  • What files in the company’s Microsoft OneDrive or Google Drive account include public links or links shared with non-company individuals?
  • What files did an employee download, share, delete or transfer from the company’s endpoints or cloud services months before resigning? 

Ramanathan said Code42 intends to add the ability to look for sensitive data patterns within files. Download a tech overview of FFS here. B&F