IncydrTM Response Features
Take action on Insider Risk incidents with a right-sized response for your organization
What is Incydr?
Incydr is a SaaS produced used for Insider Risk Management that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Incydr's high-fidelity information expedites both human and technical Insider Risk response actions.
Insider Risk requires a
Risk tolerance is unique to each organization and each line of business – there’s no one-size-fits-all response to Insider Risk. Risk severity should dictate the type of response or control a security team employs. Incydr provides this context through prioritized file, vector and user Insider Risk Indicators (IRIs) and informs the type of control that’s needed for the level of risk. This is called taking a right-sized response.
Using Incydr controls to manage Insider Risk
Incydr offers three categories of response types: containment, resolution and education. Each response type offers a variety of controls to accurately address Insider Risk incidents. The controls are executed via no-code automated integrations called Incydr Flows, or through SOAR playbooks.
Accelerate the time to remediate critical events at the user, network or device level so that no further data exposure takes place while your security team investigates. Incydr Response Flows and SOAR integrations make it easy to automate actions like:
- Conditional access controls
- Stop local sync applications
- Disable USB ports
- Lock the device
- Network contain the endpoint
Reduce manual, repetitive or error-prone tasks by automating security operation processes that require information from disparate systems or involve stakeholders from multiple departments. Incydr Response Flows automate a combination of human and technical controls, such as:
- Streamline and log user inquires
- Resolve data exposure vulnerability with the user over screen share
- Escalate incidents to HR, legal or the users manager
- Open a case in Incydr’s Cases feature to disseminate investigation details
Build a more risk-aware culture by automating controls to educate users when their actions unintentionally put data at risk. Incydr Response Flows will reduce alert fatigue by responding to low risk incidents, so that you don’t have to. It automates educational controls like:
- Assigning security awareness training
- Sends users Acceptable Use Policy documents to re-acknowledge
Trigger response controls with Incydr Flows
Insider Risk incidents can be addressed with more than one response control. Critical severity events like a departing employee moving customer lists to a USB may require multiple contain, resolve and educate controls, while a low risk event may need education only. Incydr’s responses are delivered through Incydr Flows and direct integrations with SOAR platforms.
Capabilities to quickly remediate Insider Risk incidents
Incydr Response Flows
Purpose built automated integrations that that connect Incydr with corporate systems like IAM, PAM, ITSM, and communication systems in order to orchestrate controls to contain, resolve or use education to mitigate corporate data leak.
Use Incydr Cases to quickly gather and document investigation evidence for distribution among key stakeholders
Use playbooks to orchestrate workflows to respond to Insider Risk Indicators (IRIs) by sending Incydr alert information to SOAR platforms.
Incydr supports sending file events and alert information to an organization's SIEM for file event correlation and triage. This allows Incydr data to be applied to SOC workflows.
Incydr Flows enable automated integrations with IAM platforms in order to lower access permissions as a control to contain data leak incidents.
Leverage Incydr Flows to cut off user access to your most sensitive vaults via automated integrations with PAM platforms.
"Excellent product for quickly tracking data movement within your organization. The Code42 team has been quick to take customer feedback to create dashboards that provide meaningful data. At a quick glance at Incydr dashboards, you can see who your high risk employees are, track top file activity, and top file destinations. Highly recommend for incident response and insider threat teams."
Submitted date: 3/11/21
Security Operations Manager Security and Risk Management
"Overall we have liked the product. Automation from Xsoar allows us to automatically move users to different risk groups based on other situational awareness. Visibility into file movement, especially to cloud file storage or via web-based email is fantastic and gives us confidence that high-value data is not leaving the organization."
Submitted date: 12/1/20
Let's Talk Tech
Learn how Incydr evaluates and surfaces data risk using dashboards, lenses and alerts.
See how Incydr simplifies Insider Risk investigations with user profiles and forensic search.
Try Incydr today
A free product experience will demonstrate the signal, simplicity and speed of Incydr’s functionality on your endpoints in just 4 weeks.