Skip to content

Prioritize Insider Threat Events by Tracking High Value Source File Information

Security personnel prioritizing file data risk in their corporate organization.

Prioritizing insider threat events is critical to a security team’s efficiency and effectiveness. One way to prioritize events is by understanding how valuable the file being moved is to the organization. By understanding the source system from which a file came, security analysts can better prioritize events. This prioritization helps lower the number of events to review and increase the likelihood you are investigating events that are truly risky for the organization.

Incydr uses Incydr Risk Indicators (IRIs) to determine the level of severity of a file being exfiltrated. These IRIs include destination, file type, user, and now source. By tracking Source IRIs, Incydr gives critical insight into the important files moving out of your organization.

You know where your most valuable data is held, whether it’s your customer information in a CRM such as Salesforce, your source code in a Git repository such as GitHub, personal identifiable information (PII) from an HR system such as ADP, or protected health information (PHI) in an electronic medical record system such as Epic. With Incydr, you have visibility into when files downloaded from these systems are shared, and the type of sensitive data they contain without having to manually classify or tag data. Incydr does the work for you. Having access to this information gives your security team even more clarity on which events to investigate and which events are the most risky.

With Incydr, security teams can:

  • Detect file downloads from key corporate systems.
  • Increase risk scores for data exposure events involving files originally downloaded from high-value systems.  

View the top systems from which files are being exfiltrated on the Risk Exposure Dashboard.

Ready to learn more? Contact Code42 or try Incydr in your environment

You might also like: