Skip to content

Case Study

How CrowdStrike And Incydr™ Work Together Against External Threats And Insider Risk

Download Case Study

CrowdStrike discusses their approach to data loss incident investigations

Tim Briggs, Director of Incident Response at CrowdStrike, shared a story about a recent incident when their security team received an alert from CrowdStrike Falcon that was related to torrent activity in their system. Torrent activity could be extremely malicious, in that an employee may be exfiltrating valuable IP, or it could simply mean an employee was misusing company assets.

With the alert in hand, the CrowdStrike security team was able to use Code42 Incydr to look at the files and download the history of the employee in question. They quickly figured out that the employee was downloading movies onto their device. With that context, the CrowdStrike team was able to ascertain that while the employee was misusing company assets, he wasn’t behaving maliciously or exfiltrating data. The security team was then able to report that to their executive team.

While the threat landscape is in a constant state of flux, two things will never change. Breaches will happen, and employees will take data when they leave. It is that simple. Together, CrowdStrike and Code42 are dedicated to making it faster and easier for our respective customers to detect and respond to insider and external threats.

Nathan Hunstad, Principal Security Research & Engineer at Code42, was able to sit down with Tim to further discuss how his usage of CrowdStrike’s Falcon in tandem with Code42’s Incydr has evolved. Hear more about how Tim’s team has continued to build a powerful tech stack and started to understand the human side of Insider Risk in the full case study readout.

Download Full Case Study

Reduce low & moderate data sharing activity just like CrowdStrike

Did you know you can send security education as a response to detected Incydr events? When Incydr flags a low-risk security event, employees receive an Instructor™ video lesson stating what they did wrong and how to prevent this mishap in the future.

CrowdStrike experienced a 36% reduction in low & moderate data sharing activity after just 4 months of using Instructor.

Learn More About Instructor

Can you put a price tag on your company’s IP?

Don’t be the next company to hit headlines for a data breach. Our customers remediate massive insider incidents before major damage is done.

Connect With Sales


worth of deleted files helped disprove lawsuit accusations – thanks to Incydr.