* [Blog](https://www.paloaltonetworks.com/blog)
* [Security Operations](https://www.paloaltonetworks.com/blog/security-operations/)
* [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/)
* Code42 Joins Palo Alto Ne...

# Code42 Joins Palo Alto Networks Cortex XSOAR Marketplace to Address Insider Threats

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcode42-joins-palo-alto-networks-cortex-xsoar-marketplace-to-address-insider-threats%2F)  
[](https://twitter.com/share?text=Code42+Joins+Palo+Alto+Networks+Cortex+XSOAR+Marketplace+to+Address+Insider+Threats&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcode42-joins-palo-alto-networks-cortex-xsoar-marketplace-to-address-insider-threats%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcode42-joins-palo-alto-networks-cortex-xsoar-marketplace-to-address-insider-threats%2F&title=Code42+Joins+Palo+Alto+Networks+Cortex+XSOAR+Marketplace+to+Address+Insider+Threats&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/security-operations/code42-joins-palo-alto-networks-cortex-xsoar-marketplace-to-address-insider-threats/&ts=markdown)  
\[\](mailto:?subject=Code42 Joins Palo Alto Networks Cortex XSOAR Marketplace to Address Insider Threats)  
Link copied  
By [Abhik Mitra](https://www.paloaltonetworks.com/blog/author/abhik-mitra/?ts=markdown "Posts by Abhik Mitra")  
Aug 07, 2020  
3 minutes  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Incident Response](https://www.paloaltonetworks.com/blog/tag/incident-response/?ts=markdown)  
[insider threats](https://www.paloaltonetworks.com/blog/tag/insider-threats/?ts=markdown)  
[security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown)

**THE INSIDER THREAT CHALLENGE IS UNSOLVED AND GROWING:**

Insider threats are growing almost 40% year-over-year. These threats can be particularly difficult to discover and remediate, with 73% of breaches involving an insider going undetected for months.

Surfacing risk and accelerating response to insider threats should be key priorities for any security operations team -- even more so as the increasingly collaborative (and virtual) workforce culture continues to move the goalposts for data security. Currently, [31% of workers admit](https://www.code42.com/resources/report-2020-data-exposure/) to exfiltrating data through cloud-sharing platforms. At a time when employee departure rates are high for many industries, increased signal to look for potential insider threats -- such as an employee uploading a resume in a web browser -- in tandem with turn-key automated processes, can provide security teams with the actionable context needed to speed investigations and take a right-sized approach to incident response.

Furthermore, the shift to remote work has impacted how security teams work together cross-functionally with other departments -- such as HR and Legal -- on business processes throughout the employee lifecycle, including employee offboarding and incidents involving workers with access to sensitive or proprietary information.

![The Code42 Suspicious Activity Review playbook looks for signs of exfiltration and reports any potential exposure events to the appropriate security team members.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/08/Code42_CortexXSOAR.png)

**THE BENEFITS OF AN INTEGRATED ECOSYSTEM -- THE CODE42 INSIDER THREAT REMEDIATION CONTENT PACK:**

Considering most security stacks are built to address external threats and regulatory compliance, it continues to be difficult to detect when sensitive or proprietary data is put at risk from the inside. Code42's integration with [Cortex™ XSOAR](https://www.paloaltonetworks.com/cortex/xsoar?ts=markdown) by Palo Alto Networks allows joint customers to surface insider risk and accelerate incident response throughout the employee lifecycle.

Code42's turn-key pack within the [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/blog/2020/08/cortex-xsoar-marketplace/?ts=markdown) offers a configurable lookback of an employee's historic file movements -- including browser uploads and cloud sync activity -- and can be initiated based on preset triggers, such as an email sent from a human capital management (HCM) system indicating an employee has been terminated or is leaving the organization to go to a competitor.

**USE CASE: JOHN: A TRUE EXFILTRATION STORY**

**THE DISGRUNTLED EMPLOYEE -** You know how this story starts! John has been an employee with QRST Inc for 4 years and was recently passed up for a promotion. Coincidentally, John has recently turned in his 2-week notice and it turns out that he's joining a competitive firm. An email from the human capital management (HCM) system triggers the process. The big question for QRST - what files might John be taking with him?

**UNDERSTANDING RISK EXPOSURE** - QRST Inc is able to immediately add John to the departing employee workflow directly from Cortex XSOAR, enabling them to understand any situations of data exfiltration in real-time.

**ALERTS WITH CONTEXT -** Not surprisingly, within 24 hours the security team at QRST Inc receives an alert that John is indeed moving data around suspiciously. The alert is received within Cortex XSOAR (triggered by Code42).

**HISTORY MATTERS -** Based on the alert and the type of files John appears to be moving, the security team constructs a full picture of all John's historial file movements. It becomes clear that John has been moving company confidential files to an unsanctioned DropBox account - intent unknown.

**INVESTIGATION POWERED BY FACTS DELIVER RIGHT-SIZED RESPONSE** - Equipped with a complete forensic rundown of John's file movement patterns, his manager has all the information required to have a corrective conversation with John. All of this was done in a matter of days, potentially saving QRST Inc millions of dollars in potential damages.

**LEARN MORE ABOUT CODE42 + CORTEX XSOAR:**

Joint Solution Brief: Link Pending (in review)

Joint Webinar: [Palo Alto Networks + Code42: Managing Data Risks During WFH Workforce Changes](https://www.code42.com/resources/webinar-palo-alto-networks-and-code42-managing-data-risks-during-wfh-workforce-changes/)

*** ** * ** ***

## Related Blogs

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Code42 Incydr + Cortex XSOAR: Right-Sizing Insider Risk Response](https://www.paloaltonetworks.com/blog/security-operations/code42-xsoar-marketplace/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### SlashNext Reinvents Incident Response with Cortex XSOAR](https://www.paloaltonetworks.com/blog/security-operations/slashnext-xsoar-marketplace/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)

[#### Introducing Automated Firewall Management and Incident Response](https://www.paloaltonetworks.com/blog/security-operations/introducing-automated-firewall-management-and-incident-response/)  
[#### Discover the Power of Next-Gen Automation in XSIAM 3.x](https://www.paloaltonetworks.com/blog/security-operations/discover-the-power-of-next-gen-automation-in-xsiam-3-x/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Think You Have Visibility? Think Again.](https://www.paloaltonetworks.com/blog/security-operations/think-you-have-visibility-think-again/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Automating Response to Suspicious SaaS Access From a Tor Exit Node](https://www.paloaltonetworks.com/blog/security-operations/automating-response-to-suspicious-saas-access-from-a-tor-exit-node/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language