Code42 + Rapid7

Get Started

Visualize data risk events to surface insider threats

Code42 Incydr integrates with Rapid7 InsightIDR to allow security teams to visualize Incydr data within custom dashboards in InsightIDR. The integration helps SOC teams identify, prioritize and triage the most critical Insider Risk Indicators (IRIs), such as those that signal theft of corporate data. IRIs, which are surfaced within Incydr, are activities or characteristics that indicate data is at a high likelihood of exposure or exfiltration. With Incydr configured as a data collection source in InsightIDR, the highest severity events can be monitored in the same control plane as other threat types to ensure swift action.

When further investigation is required, SOC analysts can access Incydr directly from InsightIDR with one click to gather file, user and vector activity including how files were modified to the vectors in which they were exfiltrated, to the contents of the files themselves.

Benefits of the Code42 Incydr + Rapid7 InsightIDR integration

Fast response to insider threats


Centralize the initial triage of IRIs that matter most to your organization – including user activity or file events indicative of data theft or an attempt to conceal exfiltration.

Investigate in one click


Access Incydr directly from InsightIDR to execute fast, contextualized insider risk investigations to inform the right human and automated response actions.

Strengthen compliance


Strengthen compliance and file integrity monitoring (FIM) by validating critical file modification events and directly attributing users to suspicious activity in real-time.

Integration features

File integrity monitoring

See and validate all file modification events, such as a file extension change, then directly attribute users to suspicious activity in real-time.

Alert centralization

Ingest the most critical Incydr IRIs into InsightIDR to centralize monitoring and initial triage of certain events within a single control plane.

One-click investigations

Access Incydr from Rapid7 InsightIDR to run saved searches against Incydr data, such as filename or hash, to detect exposure events tied to specific use cases, or to see how a specific file moved, and who had access to it.

Compliance and audits

Create and schedule reports of aggregated Incydr data for targeted metrics gathering; then retain Incydr exposure data and audit logs for an extended period of time to meet compliance and audit requirements.

Integration features

File integrity monitoring

See and validate all file modification events, such as a file extension change, then directly attribute users to suspicious activity in real-time.

Alert centralization

Ingest the most critical Incydr IRIs into InsightIDR to centralize monitoring and initial triage of certain events within a single control plane.

One-click investigations

Access Incydr from Rapid7 InsightIDR to run saved searches against Incydr data, such as filename or hash, to detect exposure events tied to specific use cases, or to see how a specific file moved, and who had access to it.

Compliance and audits

Create and schedule reports of aggregated Incydr data for targeted metrics gathering; then retain Incydr exposure data and audit logs for an extended period of time to meet compliance and audit requirements.

FEATURED USE CASE

Visualize and triage data risk as a result of insider threat

Challenge

Challenge: In 2020, more than three-quarters of organizations suffered a data breach despite having a DLP solution in place. Traditional data loss prevention (DLP) technologies built to address regulatory compliance don't account for unstructured intellectual property – such as product roadmaps or source code – or have policies in place that can be easily circumvented by a malicious insider who changes the file extension type to disguise a spreadsheet with customer data disguised as a low-value file type, such as a JPEG.

Solution

Solution: Incydr data visualizations in InsightIDR enable security teams to prioritize data risk detected by Incydr. For events requiring further investigation, teams can access Incydr from InsightIDR with one click and build their case. Teams can also download files in question within Incydr for additional context.

Benefit

Benefit: Teams leveraging InsightIDR as a single control plane to view and triage threats in their environment can centralize how high-severity IRIs are monitored and initially triaged. For events requiring additional investigation, SOC teams can leverage the full extent of Incydr's purpose-built insider risk management platform, while also being able to seamlessly toggle between Incydr and InsightIDR in order to align to organizational processes around incident documentation and response.

Code42 + Rapid7 integration demo