What if security could stop blocking productivity while still protecting from data loss? That was the mission we set out to accomplish two years ago. It required us to think differently about data loss prevention and about how people work today. It required speed and precision. It required innovation. It required conviction. It became Incydr – our new insider risk platform.
I love Incydr. I love how intuitive and easy it is to use. I love that Incydr is Cloud Native: born in the cloud and only in the cloud. I love that we can innovate instantaneously. Don’t like the way something is working in Incydr? We will improve that in the next release…often in 3 days. Wow. Incydr identifies Insider Risk Indicators – our signals to security teams that risky behavior is taking place – like:
- Is someone working odd hours
- Creating Zip files
- Changing files extensions to mask exfiltration
- Uploading files to Dropbox or Gmail
- Moving files to a thumb drive
These are just a few Insider Risk Indicators that Incydr tracks in real time so that security teams can identify and mitigate the risk of a breach caused by an insider.
Incydr is revolutionary in its technology. But what I love most is the way Incydr represents a point of view. Salesforce didn’t just copy Siebel, they had a point of view twenty years ago. CrowdStrike didn’t just copy McAfee and Symantec, they had a point of view. At the beginning, everyone said they were crazy – that’s not how it is done. Elon Musk once said, “Good ideas are always crazy until they’re not.”
Many of you will think we are crazy. I think we just have a point of view. Relying on security technology (read: DLP) designed for an on-premises world to protect your data in today’s cloud and mobile world simply isn’t sustainable.
For starters, we don’t believe in data classification. Why spend a year trying to figure out what data is important in your environment when that data is constantly changing? The entire process is inherently inadequate. It simply doesn’t work. Instead of watching the data classified as important, Incydr watches all data. Sure, Incydr will include your tags in our metadata repository but only to overcome your objection – not because we believe it is a smart way to protect your data. Classification systems don’t catch the most harmful exfiltrations because users don’t and won’t classify data as important before they take it.
We also don’t believe in focusing on some users – the “privileged”. Everyone has important data: from HR to sales to engineering to finance. With Incydr, we watch all users. (This is a key component of Zero Trust – everyone matters.)
And here is where the traditionalists will fall off their chairs and start screaming and probably stop reading: We don’t believe in trying to block data exfiltration in real time. Those DLP systems are the biggest failures in cybersecurity. If you try to block every browser upload or every public share in real-time you will massively slow down your company. It is a fool’s errand. The emperor has no clothes – so we say it: technologically blocking file movement in real-time is and always will be a failed strategy.
We believe there is a better way. Down the street from where I live, local authorities have installed a speed camera on Massachusetts Avenue. Nobody speeds on Massachusetts Avenue anymore. The speed camera prevents speeding by creating accountability and consequences. Our approach is to prevent data exfiltration by watching all data, all vectors and all users, and creating consequences for people who exfiltrate data. This upstream approach assumes positive intent, lets users collaborate and work together, and gets security people focused on actual cases of risk, not on normal business. A good Insider Threat program will be transparent about the data monitoring so that users know what is expected of them. That is what Incydr represents. It is a new and better way.
Some proponents of old-school DLP have asked me: “Can’t you work alongside DLP to improve visibility? Isn’t it fair to say that you are ‘better together’ when used with existing DLP systems?” No. We are not better together. Incydr attacks the same problem they’ve been trying to solve – it just does it better. Sure, you can run Incydr and DLP side by side if you want, but only to prove how bad your existing DLP is. We are not better together. DLP doesn’t make Incydr better in any way.
This is our conviction. This is Incydr. Many people won’t agree. That’s what happens when you trailblaze. Our customers allow employees to freely share data and collaborate while still preventing data loss. And they are reaping the value in the speed advantage this gives them over their competitors. We are on the right side of history on this one and the market has spoken. Incydr will triple in ARR this year and will double again next year. We have the courage of our conviction and we’re sticking to it. Come join us. We aren’t crazy; we just have a point of view.