How It Works
Incydr™ Is A SaaS Solution With An Extensible Cloud Architecture

Spend less time administrating and more time protecting data
Incydr allows security teams to gain control over the data leaving the organization and drive the secure work habits needed to decrease data risk in the future – even if the team is low on resources.
Cloud-native SaaS architecture
Deploy in hours, fully operational in days
No proxies or complex policies to manage
How Incydr works
- Monitor all the places your data lives to identify when files move outside your trusted environment
- Prioritize the highest risk employee activity using 120+ contextual Incydr Risk Indicators (IRIs)
- Programmatically protect data when files are most at risk, such as during employee departure
- Access to a wide range of controls to contain, resolve and educate on events via Incydr Flows, SOAR and Code42 Instructor
Cross-platform endpoint agent
- Windows, Mac, Linux
- 0-4% CPU, ≤ 50MB memory
Integrations
- IAM & PAM
- SOAR/XDR
- SIEM
- HRIS
Developer resources
- Open API with published documentation
- SDK & CLI
Incydr Exfiltration Detectors
- Cloud: OneDrive, Google Drive, Box
- Email: Office365, Gmail
- Apps: Salesforce, Git
Tech that stands out
Proven performance on Macs
Native, non-disruptive agent with a history of day 1 support for new macOS versions.
Source code protection
Monitor Git activity to detect when source code is pushed to unsanctioned cloud repositories.
Visibility into Salesforce
Detect exports to personal devices and gain visibility into all data fields within the report.
Browser visibility without headaches
Get detailed event info on file uploads to web without proxies, browser plugins or TLS inspection.
Identify high-value file movement
Incydr uses the source of files to “classify” them without requiring data tagging or content inspection.
Access to exfiltrated files
Download and view the actual contents of exfiltrated files to verify their sensitivity and value. Retain files as evidence.
No-gap file monitoring
Identify untrusted activity without policy management using Incydr’s Trust methodology. Even trusted activity is logged for reference.
Queryable metadata index
Easily query a company-wide index of all metadata without strain on endpoints. The device doesn’t need to be online for investigation.
3 ways Incydr mitigates risk to data
Pinpoints Exposure
Defined and Inferred Trust capabilities automatically distinguish between trusted activity and data exposure.
Read White PaperPrioritizes Risk
More than 120 Incydr Risk Indicators transparently score and prioritize risky file activity.
Read White PaperInforms Response
Take a right-sized response via Incydr Flows, Code42 Instructor, and SOAR to contain, resolve and educate.
Read White PaperSOAR
SOAR playbooks leverage Incydr’s context-driven alerts to automatically initiate right-sized response controls to contain, resolve and educate on data leak events via technologies like IAM, PAM and EDR/XDR.
Learn MoreSIEM
Incydr sends prioritized alerts with contextual Incydr Risk Indicator intel to your SIEM, allowing you to streamline your SOC triage process through a central workflow. A single click brings you to Incydr for investigation and follow up.
Learn MoreHRIS
Incydr Flows with HR Information Systems allow you to automatically add users to Watchlists based on user attributes and lifecycle milestones. For example, automatically add all departing employees to a Watchlist for enhanced monitoring before their departure.
Learn MoreIAM
Incydr Flows with IAM platforms allow you to automatically add users to Watchlists as well as contain data exposure by removing user access to applications when data risk is detected.
Learn MorePAM
Incydr Flows with PAM platforms allow you to automatically add users to Watchlists as well as contain data exposure by removing user access to sensitive vaults when data risk is detected.
Learn MoreLearn why the most innovative organizations use Code42 Incydr
Get faster detection, investigation and response to data loss caused by insider threats.
Contact Sales