IncydrTM Detection Features
Mitigate insider risk using file, vector and user signal
What is Incydr?
Incydr is a SaaS data risk detection and response product that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration.
An agent continuously monitors all file activity on corporate Mac, Windows and Linux computers. Direct integrations to corporate cloud services like Google Drive and OneDrive detect when employees use the service to share files from computers and phones. Integrations with corporate email services such as Microsoft Office365 and Gmail detect when file attachments are sent to untrusted recipients.
- Sync activity to cloud applications like Dropbox and iCloud
- Uploads to personal email and other sites through web browsers
- Files sent through Airdrop or accessed by web apps like Slack
- Sharing from corporate cloud services like GoogleDrive, OneDrive and Box
- Email attachments from corporate Office 365 or Gmail
- File deletions from user computers
- A company-wide view of suspicious file movement, sharing and exfiltration activities by vector and file type.
- Reveals the top employees whose file activity needs investigation as well as concerning remote employee activity.
- Quickly investigate insider threats as well as identify security awareness gaps, Shadow IT and policy violations.
- A view of activity for a subset of users who are at a higher likelihood of putting data at risk.
- Examples include users experiencing an employment milestone, such as departure, or who have risk factors that require closer monitoring, such as contractors.
- Adding users to a lens kicks off system alerts and user management workflows so you can programmatically protect data when it is most vulnerable.
- Provide comprehensive event, file, vector and user information to quickly assess priority.
- Can be emailed or sent to your system of record and are triggered based on a number of file and event criteria.
- Alerts rules determine when you are notified by Incydr and not what activity is monitored. This ensures there are no gaps in context during insider threat investigations.
Incydr risk prioritization & signal capabilities
Incydr identifies when an employee is typically active on their computer and uses this behavioral pattern to determine when a given user's endpoint file activity takes place at unusual times.
Incydr surfaces when files are emailed or uploaded to domains and URLs that are not considered trusted. Security users establish the trusted domains for their company.
Suspicious file mismatch
Incydr identifies when the MIME/Media type of a high-value file, such as a spreadsheet, is disguised with the extension of a low-value file type, such as a JPEG. This is indicative of attempts to conceal exfiltration.
Incydr uses IP addresses to determine which activity is taking place off-network and may indicate increased risk. Security users establish their in-network IP addresses.
Incydr ingests user attributes like name, title, department, manager, and employment type (full-time, part-time, contractor) from a company's identity management system.
Incydr analyzes file contents and extensions to determine a file's category (e.g. source code, document or spreadsheet). Categories help to determine a file's sensitivity and value.
Incydr uses employment milestones, like employee departure, to identify when employees are at a higher likelihood of putting data at risk.
Security users can set thresholds for acceptable activity based on file count or size. These can be customized for a given user or vector.
Employees can be labeled with risk factors including contract employee, high impact employee, flight risk, performance concerns and elevated access privileges.
File archive (ZIP) detection
Incydr highlights exposure events involving .zip files since they may indicate an employee is attempting to take many files or hide files using encrypted zip folders.
By default, Incydr monitors applications such as web browsers, Slack, Airdrop, FileZilla, FTP, and cURL. Organizations can easily add monitoring for additional applications such as WeChat, WhatsApp, Zoom and Amazon Chime.
Let's Talk Tech
See how Incydr simplifies insider risk investigations with user profiles and forensic search.
Review Incydr response options including SOAR playbooks, SIEM integrations, legal hold and deleted file recovery.
Interested in a free trial?
For companies with 200+ employees, we’d like to give you our best product plan at no cost for 60 days, with no commitment whatsoever.