IncydrTM Detection Features
Mitigate Insider Risk using file, vector and user signal
What is Incydr?
Incydr is a SaaS data risk detection and response product that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration.
An agent continuously monitors all file activity on corporate Mac, Windows and Linux computers. Direct integrations to corporate cloud services like Google Drive and OneDrive detect when employees use the service to share files from computers and phones. Integrations with corporate email services such as Microsoft Office365 and Gmail detect when file attachments are sent to untrusted recipients.
- Sync activity to cloud applications like Dropbox and iCloud
- Uploads to personal email and other sites through web browsers
- Files sent through Airdrop or accessed by web apps like Slack
- Sharing from corporate cloud services like GoogleDrive, OneDrive and Box
- Email attachments from corporate Office 365 or Gmail
- File deletions from user computers
- A company-wide view of suspicious file movement, sharing and exfiltration activities by vector and file type.
- Reveals the top employees whose file activity needs investigation as well as concerning remote employee activity.
- Quickly investigate Insider Risk as well as identify security awareness gaps, Shadow IT and policy violations.
- A view of activity for a subset of users who are at a higher likelihood of putting data at risk.
- Examples include users experiencing an employment milestone, such as departure, or who have risk factors that require closer monitoring, such as contractors.
- Adding users to a lens kicks off system alerts and user management workflows so you can programmatically protect data when it is most vulnerable.
- Provide comprehensive event, file, vector and user information to quickly assess priority.
- Can be emailed or sent to your system of record and are triggered based on a number of file and event criteria.
- Alerts rules determine when you are notified by Incydr and not what activity is monitored. This ensures there are no gaps in context during Insider Risk investigations.
Insider Risk Indicator (IRI) examples
Off hours activity
Incydr identifies when an employee is typically active on their computer and uses this behavioral pattern to determine when a given user's endpoint file activity takes place at unusual times.
Incydr surfaces when files are emailed or uploaded to domains and URLs that are not considered trusted. Security users establish the trusted domains for their company.
Suspicious file mismatch
Incydr identifies when the MIME/Media type of a high-value file, such as a spreadsheet, is disguised with the extension of a low-value file type, such as a JPEG. This is indicative of attempts to conceal exfiltration.
Incydr uses IP addresses to determine which activity is taking place off-network and may indicate increased risk. Security users establish their in-network IP addresses.
Incydr ingests user attributes like name, title, department, manager, and employment type (full-time, part-time, contractor) from a company's identity management system.
Incydr analyzes file contents and extensions to determine a file's category (e.g. source code, document or spreadsheet). Categories help to determine a file's sensitivity and value.
Incydr uses employment milestones, like employee departure, to identify when employees are at a higher likelihood of putting data at risk.
Security users can set thresholds for acceptable activity based on file count or size. These can be customized for a given user or vector.
Employee risk factors
Employees can be labeled with risk factors including contract employee, high impact employee, flight risk, performance concerns and elevated access privileges.
ZIP / compressed file movement
Incydr highlights exposure events involving .zip files since they may indicate an employee is attempting to take many files or hide files using encrypted zip folders.
Shadow IT apps
By default, Incydr monitors applications such as web browsers, Slack, Airdrop, FileZilla, FTP, and cURL. Organizations can easily add monitoring for additional applications such as WeChat, WhatsApp, Zoom and Amazon Chime.
Public cloud sharing links
Incydr detects when files are shared with untrusted domains or made publicly available in corporate Google Drive, OneDrive and Box systems.
Senior Information Security Analyst Security and Risk Management
"Product is fantastic and covers all the bases when it comes to insider threat. They continue to be a leader in the DLP space. The ease of use of this platform also makes it an easy sell. From analysis to reporting it is unmatched for other offerings. There system engineers are top notch at getting your deployment in place and making sure you are compliant with all geological restriction. They also had the availability to be flexible with crazy schedules. The agent is light and doesn't impact normal operations. The account managers are informed and willing to help guide you into ensuring you get what you need for your solution."
Technical Business Analyst Enterprise Architecture and Technology Innovation
"Code42 has really revolutionized and changed our culture as a security team in our organization. The easy of use and overall capabilities of their tools have given us complete transparency with how data moves in our organization. This has helped from security processes, user training, and infrastructure improvements that we may never have known without having our finger on this pulse. the support we receive while we navigate this landscape is fantastic. I also have never had a software company solicit, review, and act on feedback like Code42. They truly do care about their customer's input to help shape their product."
Let's Talk Tech
See how Incydr simplifies Insider Risk investigations with user profiles and forensic search.
Review Incydr response options including SOAR playbooks, SIEM integrations, legal hold and deleted file recovery.
Interested in a free trial?
For companies with 200+ employees, we’d like to give you our best product plan at no cost for 60 days, with no commitment whatsoever.