IncydrTM Response Features
Speed your time to respond to insider threat incidents
What is Incydr?
Incydr is a SaaS data risk detection and response product that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Incydr's high-fidelity information expedites both human and technical insider threat response actions.
Take a right-sized response.
There’s no one-size-fits-all response to insider threat. Actions taken depend on employee intent, past behavior and incident impact. Incydr's Cases feature provides an efficient way to compile, document and disseminate pertinent investigation details so security can make a fast and informed decision about how to respond.
- Send Incydr alerts and associated event data to your SOAR platform to investigate risky file activity across endpoints, email and cloud.
- Use insider threat playbooks to close insider threat incidents at speed and scale.
- Leverage automation to programmatically add departing employees to a Incydr risk detection lens.
- Pre-built SOAR platform integrations include Palo Alto Networks Cortex XSOAR, Splunk Phantom and IBM Resilient.
- Some insider threat responses are best handled through personal outreach.
- Incydr provides the information needed to confront an employee and require remediation.
- Personal outreach is generally performed by security, management, HR or legal teams members.
- Not all insider risk is malicious. Often, employees are just trying to get their work done quickly.
- Incydr can be used to inform insider threat programs and security awareness strategies.
- Security teams can use visibility provided by Incydr to identify employees who require additional security awareness training.
- Some insider threat incidents require legal action.
- Incydr has built-in functionality to place users on a legal hold to preserve their files for litigation.
- Legal hold can be performed remotely without user knowledge.
- Files can be retained indefinitely, even if an employee has left the company.
- Detect and respond to sabotage activities like an employee wiping a computer or deleting high-value files.
- Files can be recovered individually or for an entire device.
- Authorized users can restore files to the original device or to a target device used by legal, security or the employee's manager.
Capabilities to quickly remediate insider threat incidents
Use information supplied by Incydr to escalate insider threat incidents to the employee's manager, HR or legal counsel.
Incydr supports sending file events and alert information to an organization's SIEM for file event correlation and triage. This allows Incydr data to be applied to SOC workflows.
Splunk Phantom integration
Incydr delivers valuable data exfiltration information to Splunk which in turn powers the Splunk Security Operations Suite.
IBM Resilient integration
The Incydr and IBM Resilient integration enables security teams to create powerful, agile workflows that can automate the response process.
Palo Alto Networks Cortex XSOAR integration
Incydr integrates with Palo Alto Networks Cortex XSOAR to deliver accelerated insider threat incident response and automated remediation of potential data exfiltration across computers, email, cloud and SaaS apps.
Incydr has built-in functionality to perform a preserve-in-place legal hold on computer files. This can be performed remotely without user knowledge. Files can be ingested into eDiscovery platforms.
Incydr can recover files, including deleted files and previous file versions. Authorized security users can restore a single file, multiple files, or even an entire device. Files can be downloaded or restored to a target device.
Let's Talk Tech
Learn how Incydr evaluates and surfaces data risk using dashboards, lenses and alerts.
See how Incydr simplifies insider risk investigations with user profiles and forensic search.
Interested in a free trial?
For companies with 200+ employees, we’d like to give you our best product plan at no cost for 60 days, with no commitment whatsoever.