What are Incydr Response Flows?
Incydr Response Flows orchestrate controls to mitigate corporate data leak when Insider Risk events are detected. Containment and resolution controls are automated based on the severity of the event. They are delivered through integrations with systems like IAM, PAM, EDR and ITSM.
Contain:
Take action at the user, device, or network level so that no further data exposure will take place while security investigates.
| Containment Controls | Incydr Response Flow |
|---|---|
| Conditional access controls | Incydr + Okta Flow |
| Stop local sync apps | Incydr + CrowdStrike Flow |
| Revoke access to sensitive safes | Incydr + CyberArk Flow |
| Disable USB ports | Incydr + CrowdStrike Flow |
| Network contain the endpoint | Incydr + CrowdStrike Flow |
Resolve:
Address and remediate the data exposure event that was originally detected by Incydr.
| Resolution Controls | Incydr Response Flow |
|---|---|
| User inquiry | Incydr + Slack Flow |
| Escalate to manager, HR or legal | Incydr + JIRA or ServiceNow Flow |
Featured Use Case
Contain source code leaks with Incydr Flows
User Action: An engineer disguises a source code file to look like a personal .jpeg file. They AirDrop this file to their mobile device.
Incydr IRI: Incydr alerts that it has detected a suspicious file mismatch IRI.
Containment Control: This triggers CrowdStrike to network contain the users endpoint.
What’s next: Incydr Context Flows
Incydr Context Flows enhance Incydr’s signal by ingesting user attributes, such as employment milestones, departure or elevated access credentials from corporate IAM, PAM and HCM systems. With user context from these systems, Incydr Flows automatically adds users to alert rules or risk detection lenses when they are considered a high risk user.
Learn More