Product

Using Incydr + Slack to Perform a Right-Sized Response

5 min Read

Mark Wojtasiak

Vice President, Portfolio Marketing

There’s no one-size-fits-all response to Insider Risk. Actions taken depend on employee intent, past behavior, and incident impact. Incydr, our insider risk management solution, provides the high-fidelity information needed to make an informed decision on how best to respond, and it expedites a variety of response actions. We call this a right-sized response.  

Insider Risk Management with Incydr

It’s common for security professionals to view in-line blocking as their primary preventative control. But this is outdated and flawed thinking is hindering collaboration and productivity. Prevention — the Incydr way — is about prioritizing risk and taking informed actions to obstruct or stop data leaks. This is at the heart of Insider Risk Management (IRM) and what Incydr does well.

IRM promises to effectively protect data from Insider Risk while never compromising employees’ ability to innovate. To do this, security analysts must be able to detect risk, quickly triage alerts, understand the severity and context of Insider Risk Indicators (IRI) associated with them, determine the right response, and communicate the action needed to all parties involved. 

Effectively managing Insider Risk requires a combination of human and technical responses. Automating human processes in a way that is documented, repeatable, and efficient is a challenge for all organizations. One solution to this problem is utilizing integrations to perform workflow automations that deter or disrupt activities. 

Incydr and Slack 

The Incydr and Slack integration is one way security teams can optimize their remediation process for low-severity Insider Risk events. Security teams can receive their Incydr alerts through a private channel in Slack and perform right-sized responses by directly reaching out to a user to learn more about an action they took. 

Watch how Incydr alerts can be sent to a private Slack channel for security review

Alerts are color coded by severity to allow security analysts to quickly identify the importance of the alert at a glance, and in as little as one click in Slack, the analyst is able to close out the alert in Incydr or trigger a response process. The analyst may use an auto-populated message to reach out to the employee directly via Slack to learn more and request remediation.

An auto-populated message might read:

Greetings sean.cassidy,

Our security tools picked up the following document(s):

2021-03-08 longfellow-pentest-toolbox.zip, 2021-03-08 longfellow-pentest-toolbox.zip, 2021-03-08 CONFIDENTIAL Pentest Runbook V3.1.pdf, 2021-03-08 CONFIDENTIAL Pentest Runbook V3.1.pdf, 2021-03-08 Pentest Customers Q3 2020-October Update.xlsx, 2021-03-08 Pentest Customers Q3 2020-October Update.xlsx

being moved to a personal cloud service on Monday, 08 March 2021 15:00. Could you tell me more about that?

By messaging an employee, security teams are able to easily manage non-malicious actions. They can ask the employee to remediate by deleting the files from their account. They can even initiate a Slack call to confirm this happens. Finally, security teams can ensure the employee is aware of the secure alternative they should use next time around.

Learn how Incydr provides an efficient way to compile, document and disseminate pertinent investigation details so security can make a fast and informed decision about how to respond.

Mark Wojtasiak

As vice president of portfolio marketing at Code42, Mark leads the market research, competitive intelligence and product marketing teams. Mark joined Code42 in 2016 bringing more than 20 years of B2B data storage, cloud and data security experience with him, including several roles in marketing and product management at Seagate.