How It Works
Incydr™ Is A SaaS Solution With An Extensible Cloud Architecture

Spend less time administrating and more time protecting data
Cloud-native SaaS architecture
Deploy in hours, fully operational in days
No proxies or complex policies to manage
What to expect
Incydr monitors all the places your data lives to identify when files move outside your trusted environment. It prioritizes the highest risk employee activity using 60+ contextual Incydr Risk Indicators (IRIs). Watchlists allow you to programmatically protect data when files are most at risk, such as during employee departure. Incydr offers a wide range of controls to contain, resolve and educate on events via Incydr Flows and SOAR. Without a lot of resources, you’ll gain control over the data leaving your organization today, and drive the secure work habits needed to decrease risk to data in the future.
Cross-platform endpoint agent
- Windows, Mac, Linux
- 0-4% CPU, ≤ 35MB memory
Incydr Exfiltration Detectors
- Cloud: OneDrive, Google Drive, Box
- Email: Office365 and Gmail
- Apps: Salesforce
Developer resources
- Open API with published documentation
- SDK & CLI
Integrations
- IAM & PAM
- SOAR/XDR
- SIEM
- HRIS
3 ways Incydr mitigates risk to data
Pinpoints Exposure
Defined and Inferred Trust capabilities automatically distinguish between trusted activity and data exposure.
Read White PaperPrioritizes Risk
More than 60+ Incydr Risk Indicators transparently score and prioritize risky file activity.
Read White PaperInforms Response
Take a right-sized response via Incydr Flow or SOAR to contain, resolve and educate risks.
Read White PaperTech that stands out
Comprehensive exfiltration detection
In addition to endpoints, Incydr monitors corporate cloud, email and business applications at the source using API-based integrations.
Unmatched browser detection
See exactly where files are being uploaded, with support for bulk uploads and multiple tabs. No proxies or browser plug-ins.
Downloads to personal devices
Identify when files are downloaded from corporate systems such as Salesforce to unmanaged devices such as personal laptops or phones.
No-gap file monitoring
Identify untrusted activity without policy management. There’s no gap in monitoring since even trusted activity is logged for reference.
Access to exfiltrated files
Download and view the actual contents of exfiltrated files to verify their sensitivity and value. Retain files as evidence.
Queryable metadata index
Easily query an organization-wide index of all metadata with no strain on endpoints. No physical device access needed for investigation.
Simple UI, powerful workflows
Incydr’s intuitive interface and use case-driven approach make it easy to onboard new analysts with nearly no learning curve.
How Incydr™ Works: A Technical Overview of the Incydr Product Architecture
SOAR
SOAR playbooks leverage Incydr’s context-driven alerts to automatically initiate right-sized response controls to contain, resolve and educate on data leak events via technologies like IAM, PAM and EDR/XDR.
Learn MoreSIEM
Incydr sends prioritized alerts with contextual Incydr Risk Indicator intel to your SIEM, allowing you to streamline your SOC triage process through a central workflow. A single click brings you to Incydr for investigation and follow up.
Learn MoreHRIS
Incydr Flows with HR Information Systems allow you to automatically add users to Watchlists based on user attributes and lifecycle milestones. For example, automatically add all departing employees to a Watchlist for enhanced monitoring before their departure.
Learn MoreIAM
Incydr Flows with IAM platforms allow you to automatically add users to Watchlists as well as contain data exposure by removing user access to applications when data risk is detected.
Learn MorePAM
Incydr Flows with PAM platforms allow you to automatically add users to Watchlists as well as contain data exposure by removing user access to sensitive vaults when data risk is detected.
Learn MoreLearn why the most innovative organizations use Code42 Incydr
Get faster detection, investigation and response to data loss caused by insider threats.
Contact Sales