Incydr™ POV Guide
POV Experience Overview
The Incydr Proof of Value takes the traditional proof of concept up a notch. This 4 week product experience will not only demonstrate the signal, simplicity and speed of Incydr’s functionality, but also validate how the use of Incydr will tangibly improve your organization's Insider Risk posture.
Estimated time: 60 min
- POV experience overview
- Deploy agents to test machines
- Code42 team members involved during kick-off include: Account Executive (AE), Systems Engineer (SE), POV Deploy Services (PDS)
- Your team members involved during kick-off include: Security Stakeholder, Technical Decision Maker, Technical Sponsor
Helpful Materials for Day 1
Test & Configure
Estimated time: 60-90 min
- Deep-dive of Incydr detection, investigation & response capabilities
- Begin silent rollout
- Perform configurations, including trusted domains and alert rules
- Discussion: Risk Detection Lenses, verify use cases
- Code42 team members involved during Week 1 include: Account Executive (AE), Systems Engineer (SE), POV Deploy Services (PDS)
- Your team members involved during Week 1 include: Technical Sponsor
Helpful Materials for Week 1
- Incydr Detection Features
- Support Article: How to add trusted domains
- Support Article: Trusted domain examples
- Support Article: Alert rule settings overview
- Support Article: Recommended alert rules
- Support Article: Forensic Search reference guide
- Support Article: Searching file activity
- Video: Forensic Search overview
Review Use Cases
Estimated time: 60-90 min
- Complete silent rollout
- Operationalize Risk Detection Lenses and cases
- Discussion: Refine trusted domains, validate use cases
- Code42 team members involved during Week 2 include: Account Executive (AE), Systems Engineer (SE), POV Deploy Services (PDS)
- Your team members involved during Week 2 include: Technical Sponsor
Helpful Materials for Week 2
- Support Article: Risk Exposure Dashboard overview
- Support Article: Departing Employee guide
- Support Article: How to add a departing employee
- Support Article: High-risk user guide
- Support Article: How to add a high-risk user
- Support Article: Cases reference guide
- Video: Detecting Insider Risk
- Video: Investigating Insider Risk
Discuss Preliminary Findings
Estimated time: 60-90 min
- Review Risk Detection findings
- Discussion: Current process and people pain points
- Code42 team members involved during Week 3 include: Account Executive (AE), Systems Engineer (SE)
- Your team members involved during Week 3 include: Technical Sponsor, Security Stakeholder
Helpful Materials for Week 3
Insider Risk Posture Review & Recommendations
Estimated time: 60 min
- Complete POV Experience
- Code42 to present Insider Risk Posture review and technical recommendations
- Code42 team members involved during Week 4 include: Account Executive (AE), Systems Engineer (SE), Code42 Executive
- Your team members involved during Week 4 include: Technical Sponsor, Security Stakeholder, Technical Decision Maker, HR, Legal, IT
Helpful Materials for Week 4
Incydr brings together three dimensions of risk to quickly and accurately detect and respond to Insider Risk.
- Data: What IP is most valuable to the business?
- Vector: When, where and how is your IP moving?
- User: Who is moving it?
Incydr detects data risk across computers, cloud and email.
- Sync activity to cloud applications like Dropbox and iCloud
- Uploads to personal email and other sites through web browsers
- Files sent through Airdrop or accessed by web apps like Slack
- Sharing from corporate cloud services like GoogleDrive, OneDrive and Box
- Email attachments from corporate Office 365 or Gmail
- File deletions from user computers
Watch a 5-minute product demo
View this video to get a quick introduction to Incydr.
50,000+ organizations trust Code42
Let's talk tech
Learn how Incydr evaluates and surfaces data risk using dashboards, lenses and alerts.
See how Incydr simplifies Insider Risk investigations with user profiles and forensic search.
Resources to Learn More
This overview outlines Incydr’s product architecture and explains how it meets Insider Risk Management requirements.
Code42 is recognized as a Representative Vendor in the December 2020 Gartner Market Guide for Insider Risk Management Solutions.
Mario Duarte, VP of Security at Snowflake, explains how his team used the Insider Risk Management Framework to build a modern data protection program.
Learn about the five technical requirements of Code42’s Insider Risk Management framework. See how Incydr supports these requirements and get architectural considerations for optimizing an IRM ecosystem.
Risk Exposure Dashboard
Risk Detection Lenses:
High Risk Employees
Concealed File Exfiltration via File Mismatch
How-To Support Articles
Review Suspicious File Activity
Incydr offers a wide variety of options to help you quickly identify suspicious or unexpected file activity. Learn more →
Data Preferences settings enable you to exclude file activity from IP addresses and domains you trust from dashboard visualizations, alerts, and search results in Forensic Search. Learn more →
Forensic Search provides detailed visibility about files and enables security teams to monitor and investigate suspicious file activity. Learn more →
User Profile allows you to view suspicious file movement, endpoint and cloud services activity, and file activity for the previous 90 days of a specific user. Learn more →
Risk Exposure Dashboard
The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Incydr environment, including high risk and departing employees as well as employees that have the most file activity. Learn more →
Code42 offers a variety of integrations to enable you to leverage Incydr features and data in other systems. Learn more →
FAQ: Incydr Capabilities
What exfiltration vectors does Incydr monitor?
Incydr monitors exfiltration events across cloud services such as Dropbox and Google Drive, removable media, Airdrop, browsers, and other applications such as Slack.
What alerts do you recommend we set up during our POV?
Incydr alerts are completely customizable and oftentimes tailored to your specific needs. Some common alerts include:
- Source Code Exfiltration
- Unsanctioned Cloud Exfiltration
- Compressed File Exfiltration
- Sensitive Keyword Exfiltration
If you need assistance, please contact your Systems Engineer.
How do I add a user to the Departing Employee or High Risk detection lenses?
What tools does Incydr integrate with?
Where does the contextual information about a user come from?
We are able to pull Department, Title, Manager, and Location from your Identity Management provider. To learn more, take a look at our support article on provisioning user attributes to Code42.
What roles and permissions are available for Incydr?
Incydr offers a variety of roles and permissions to ensure administrators only have access to what they need to do their jobs. For example, you can choose the administrators who should have access to various features (such as the Risk Detection Lenses), and you can also control who is able to download and view file content from Forensic Search during an investigation. We recommend you assign roles and permissions based on your administration use cases. To find more information around the best role for your use case, please refer to this article. View this article for instructions on how to assign or remove a role.
FAQ: Data Security
How does Code42 secure my data?
Check out our support article on Code42’s security architecture.
How does Code42 handle my encryption keys?
Take a look at our support article on how Code42 handles your subscription keys.
My company needs to meet compliance and regulatory requirements. How does Incydr support these requirements?
Implementing an Insider Risk Management solution helps you comply with regulations governing who has access to what data — and when, where and how that data is exposed and/or exfiltrated. Here’s a guide explaining how Incydr supports a variety of compliance standards.
You can also rest assured that, as a company, Code42 utilizes industry standards and verification by independent auditors. We take a comprehensive approach to secure our products and solutions. Code42 maintains compliance certifications and attestations on our product and infrastructure to validate our robust security program. Additionally, Code42 ensures and monitors appropriate security assurance obligations. Learn more here.
FAQ: Incydr Implementation
How do I deploy the agent?
Incydr can be installed on Windows, macOS and Linux using your desktop management software. Once installed, Incydr begins to silently monitor and collect files. For more information, take a look at our support article on how to prepare to deploy a Code42 app.
What is the agent impact?
We are in line with other major security companies, typically seeing 0-10% CPU and 200-700MB of memory usage when the agent is in its steady state. Check out our Incydr Agent FAQs to learn more.
How do I ensure my AV/EDR agents will not interfere with Incydr?
Incydr complements the functionality of many security, antivirus, and EDR applications. Most of these applications work seamlessly with Incydr and do not require any configuration changes. However, some applications may require you to add exceptions. Learn more here.
How do I prepare my network to deploy the agent?
You can work with your Code42 Systems Engineer to confirm that network and system requirements are being met. For more information, check out this document which outlines network and system requirements for the agent.
Hear From Your Peers
Technical Business Analyst Enterprise Architecture and Technology Innovation
"Code42 has really revolutionized and changed our culture as a security team in our organization. The easy of use and overall capabilities of their tools have given us complete transparency with how data moves in our organization. This has helped from security processes, user training, and infrastructure improvements that we may never have known without having our finger on this pulse. the support we receive while we navigate this landscape is fantastic. I also have never had a software company solicit, review, and act on feedback like Code42. They truly do care about their customer's input to help shape their product."
Principal Security Engineer Security and Risk Management
"Code42 has been a key partner in developing our Insider Threat Program. We needed a control to validate and record what had been a blind spot for our organization. Code42 delivered these capabilities and more."