IncydrTM Response Features

Take action on Insider Risk incidents with a right-sized response for your organization


What is Incydr?

Incydr is a SaaS produced used for Insider Risk Management that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Incydr's high-fidelity information expedites both human and technical Insider Risk response actions.

Insider Risk requires a
right-sized response

Risk tolerance is unique to each organization and each line of business – there’s no one-size-fits-all response to Insider Risk. Risk severity should dictate the type of response or control a security team employs. Incydr provides this context through prioritized file, vector and user Insider Risk Indicators (IRIs) and informs the type of control that’s needed for the level of risk. This is called taking a right-sized response.

Right Sized Response white paper mock up

Using Incydr controls to manage Insider Risk

Incydr offers three categories of response types: containment, resolution and education. Each response type offers a variety of controls to accurately address Insider Risk incidents. The controls are executed via no-code automated integrations called Incydr Flows, or through SOAR playbooks.

Incydr response contain icon
Contain ongoing data leaks

Accelerate the time to remediate critical events at the user, network or device level so that no further data exposure takes place while your security team investigates. Incydr Response Flows and SOAR integrations make it easy to automate actions like:

  • Conditional access controls
  • Stop local sync applications
  • Disable USB ports
  • Lock the device
  • Network contain the endpoint
Learn more about Response Flows right arrow icon
Incydr Response resolve icon
Speed the time to resolution

Reduce manual, repetitive or error-prone tasks by automating security operation processes that require information from disparate systems or involve stakeholders from multiple departments. Incydr Response Flows automate a combination of human and technical controls, such as:

  • Streamline and log user inquires
  • Resolve data exposure vulnerability with the user over screen share
  • Escalate incidents to HR, legal or the users manager
  • Open a case in Incydr’s Cases feature to disseminate investigation details
Learn more about Response Flows right arrow icon
Incydr Response educate icon
Use education to mitigate future data leaks

Build a more risk-aware culture by automating controls to educate users when their actions unintentionally put data at risk. Incydr Response Flows will reduce alert fatigue by responding to low risk incidents, so that you don’t have to. It automates educational controls like:

  • Assigning security awareness training
  • Sends users Acceptable Use Policy documents to re-acknowledge
Learn more about Response Flows right arrow icon

Trigger response controls with Incydr Flows

Insider Risk incidents can be addressed with more than one response control. Critical severity events like a departing employee moving customer lists to a USB may require multiple contain, resolve and educate controls, while a low risk event may need education only. Incydr’s responses are delivered through Incydr Flows and direct integrations with SOAR platforms.

Capabilities to quickly remediate Insider Risk incidents

Incydr Response Flows
Purpose built automated integrations that that connect Incydr with corporate systems like IAM, PAM, ITSM, and communication systems in order to orchestrate controls to contain, resolve or use education to mitigate corporate data leak.

Incydr Cases
Use Incydr Cases to quickly gather and document investigation evidence for distribution among key stakeholders

SOAR integrations
Use playbooks to orchestrate workflows to respond to Insider Risk Indicators (IRIs) by sending Incydr alert information to SOAR platforms.

SIEM integrations
Incydr supports sending file events and alert information to an organization's SIEM for file event correlation and triage. This allows Incydr data to be applied to SOC workflows.

IAM integrations
Incydr Flows enable automated integrations with IAM platforms in order to lower access permissions as a control to contain data leak incidents.

PAM integrations
Leverage Incydr Flows to cut off user access to your most sensitive vaults via automated integrations with PAM platforms.


"Excellent product for quickly tracking data movement within your organization. The Code42 team has been quick to take customer feedback to create dashboards that provide meaningful data. At a quick glance at Incydr dashboards, you can see who your high risk employees are, track top file activity, and top file destinations. Highly recommend for incident response and insider threat teams."
Submitted date: 3/11/21

Security Operations Manager Security and Risk Management

"Overall we have liked the product. Automation from Xsoar allows us to automatically move users to different risk groups based on other situational awareness. Visibility into file movement, especially to cloud file storage or via web-based email is fantastic and gives us confidence that high-value data is not leaving the organization."
Submitted date: 12/1/20

Try Incydr today

A free product experience will demonstrate the signal, simplicity and speed of Incydr’s functionality on your endpoints in just 4 weeks.