Code42 + Sumo Logic

GET STARTED

Correlate threat detection and respond faster

The Code42 Incydr app for Sumo Logic allows security teams to configure file exposure and exfiltration events into existing Sumo Logic dashboards to detect and respond to insider risk.

Code42's insider risk detection lenses surface insights for subsets of users more likely to put data at risk, such as users with access to proprietary information or departing employees. Visualizing this data in the Sumo Logic Cloud SIEM Enterprise platform provides security teams with actionable insights and the ability to correlate risk and speed response.

Benefits of the Code42 + Sumo Logic integration

Detect and mitigate insider risk


Detect data exfiltration across computers, cloud and email, and proactively protect data when it's more likely to be put at risk, such as when employees are working off-network or using sanctioned or unsanctioned cloud apps to collaborate.

Continuously monitor data without alert fatigue


Configure Code42 Incydr's file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards to programmatically monitor exfiltration events such as cloud sync activity, web browser uploads, file sharing and removable media exposure by user.

Correlate insider risk insights for faster response


Efficiently correlate and disseminate risky events and pertinent investigation details to make fast and informed decisions about how to respond.

Integration features

File telemetry information

Ingest file telemetry information from Code42 Incydr into existing Sumo Logic dashboards for correlation and triage.

Custom dashboards

Create custom dashboards within Sumo Logic using Code42 Incydr data — with the ability to tailor queries based on file, vector or user (i.e., only files that have been uploaded via a browser).

Actionable insights

Deliver new file and exposure data into Sumo Logic, using JavaScript Object Notation (JSON).

Prioritized risk detection

Accelerate response to data risk identified by Incydr by using data intelligence provided by the Sumo Logic Cloud SIEM Enterprise platform.

Insider risk workflows

Leverage Code42 Incydr to establish insider risk processes and maximize the potential of your existing security investments.

Integration features

File telemetry information

Ingest file telemetry information from Code42 Incydr into existing Sumo Logic dashboards for correlation and triage.

Custom dashboards

Create custom dashboards within Sumo Logic using Code42 Incydr data — with the ability to tailor queries based on file, vector or user (i.e., only files that have been uploaded via a browser).

Actionable insights

Deliver new file and exposure data into Sumo Logic, using JavaScript Object Notation (JSON).

Prioritized risk detection

Accelerate response to data risk identified by Incydr by using data intelligence provided by the Sumo Logic Cloud SIEM Enterprise platform.

Insider risk workflows

Leverage Code42 Incydr to establish insider risk processes and maximize the potential of your existing security investments.

Featured Use Case

Ingest Code42 Incydr data into Sumo Logic for actionable insights, correlation and triage of insider threats

Challenge

Challenge: Security teams have underdeveloped or non-existent processes in place to detect and respond to insider threats or data exfiltration.

Solution

Solution: Code42 Incydr's integration with Sumo Logic allows security teams to monitor file movement and sharing across computers, cloud and email providing an accurate picture of insider threat vulnerabilities. Teams can configure Incydr's file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards within Sumo Logic to easily visualize:

  • Cloud and endpoint data exposure events
  • Removable media exposure by user
  • Exposure by filename
  • Top files exposed
  • Top endpoint and cloud users by exposure type
  • Exposure events by location

Benefit

Benefit: Streamlining alert information and incident triage within the Sumo Logic Cloud SIEM Enterprise platform reduces complexity by correlating event information to deliver actionable insights that speed insider threat response.

Code42 + SumoLogic integration demo