Incydr™ POV Guide
Incydr brings together three dimensions of risk to quickly and accurately detect and respond to Insider Risk.
- Data: What IP is most valuable to the business?
- Vector: When, where and how is your IP moving?
- User: Who is moving it?
Incydr detects data risk across computers, cloud and email.
- Sync activity to cloud applications like Dropbox and iCloud
- Uploads to personal email and other sites through web browsers
- Files sent through Airdrop or accessed by web apps like Slack
- Sharing from corporate cloud services like GoogleDrive, OneDrive and Box
- Email attachments from corporate Office 365 or Gmail
- File deletions from user computers
Watch a 5-minute product demo
View this video to get a quick introduction to Incydr.
50,000+ organizations trust Code42
Let's talk tech
Learn how Incydr evaluates and surfaces data risk using dashboards, lenses and alerts.
See how Incydr simplifies Insider Risk investigations with user profiles and forensic search.
Resources to Learn More
Code42 is recognized as a Representative Vendor in the December 2020 Gartner Market Guide for Insider Risk Management Solutions.
Mario Duarte, VP of Security at Snowflake, explains how his team used the Insider Risk Management Framework to build a modern data protection program.
Learn about the five technical requirements of Code42’s Insider Risk Management framework. See how Incydr supports these requirements and get architectural considerations for optimizing an IRM ecosystem.
Risk Exposure Dashboard
Risk Detection Lenses:
High Risk Employees
Concealed File Exfiltration via File Mismatch
How-To Support Articles
Review Suspicious File Activity
Incydr offers a wide variety of options to help you quickly identify suspicious or unexpected file activity. Learn more →
Data Preferences settings enable you to exclude file activity from IP addresses and domains you trust from dashboard visualizations, alerts, and search results in Forensic Search. Learn more →
Forensic Search provides detailed visibility about files and enables security teams to monitor and investigate suspicious file activity. Learn more →
User Profile allows you to view suspicious file movement, endpoint and cloud services activity, and file activity for the previous 90 days of a specific user. Learn more →
Risk Exposure Dashboard
The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Incydr environment, including high risk and departing employees as well as employees that have the most file activity. Learn more →
Code42 offers a variety of integrations to enable you to leverage Incydr features and data in other systems. Learn more →
FAQ: Incydr Capabilities
What exfiltration vectors does Incydr monitor?
Incydr monitors exfiltration events across cloud services such as Dropbox and Google Drive, removable media, Airdrop, browsers, and other applications such as Slack.
What alerts do you recommend we set up during our POV?
Incydr alerts are completely customizable and oftentimes tailored to your specific needs. Some common alerts include:
- Source Code Exfiltration
- Unsanctioned Cloud Exfiltration
- Compressed File Exfiltration
- Sensitive Keyword Exfiltration
If you need assistance, please contact your Systems Engineer.
How do I add a user to the Departing Employee or High Risk detection lenses?
What tools does Incydr integrate with?
Where does the contextual information about a user come from?
To learn more about contextual information about a user, take a look at our support article on Code42’s security architecture.
What roles and permissions are available for Incydr?
Incydr offers a variety of roles and permissions to ensure administrators only have access to what they need to do their jobs. For example, you can choose the administrators who should have access to various features (such as the Risk Detection Lenses), and you can also control who is able to download and view file content from Forensic Search during an investigation. We recommend you assign roles and permissions based on your administration use cases. To find more information around the best role for your use case, please refer to this article. View this article for instructions on how to assign or remove a role.
How do I deploy the agent?
Incydr can be installed on Windows, macOS and Linux using your desktop management software. Once installed, Incydr begins to silently monitor and collect files. For more information, take a look at our support article on how to prepare to deploy a Code42 app.
What is the agent impact?
We are in line with other major security companies, typically seeing 0-10% CPU and 200-700MB of memory usage when the agent is in its steady state. Check out our Incydr Agent FAQs to learn more.
FAQ: Data Security
How does Code42 secure my data?
Check out our support article on Code42’s security architecture.
How does Code42 handle my encryption keys?
Take a look at our support article on how Code42 handles your subscription keys.
My company needs to meet compliance and regulatory requirements. How does Incydr support these requirements?
Implementing an Insider Risk Management solution helps you comply with regulations governing who has access to what data — and when, where and how that data is exposed and/or exfiltrated. Here’s a guide explaining how Incydr supports a variety of compliance standards.
You can also rest assured that, as a company, Code42 utilizes industry standards and verification by independent auditors. We take a comprehensive approach to secure our products and solutions. Code42 maintains compliance certifications and attestations on our product and infrastructure to validate our robust security program. Additionally, Code42 ensures and monitors appropriate security assurance obligations. Learn more here.
Hear From Your Peers
Technical Business Analyst Enterprise Architecture and Technology Innovation
"Code42 has really revolutionized and changed our culture as a security team in our organization. The easy of use and overall capabilities of their tools have given us complete transparency with how data moves in our organization. This has helped from security processes, user training, and infrastructure improvements that we may never have known without having our finger on this pulse. the support we receive while we navigate this landscape is fantastic. I also have never had a software company solicit, review, and act on feedback like Code42. They truly do care about their customer's input to help shape their product."
Principal Security Engineer Security and Risk Management
"Code42 has been a key partner in developing our Insider Threat Program. We needed a control to validate and record what had been a blind spot for our organization. Code42 delivered these capabilities and more."