Incydr™ POV Guide

Introducing Incydr

Incydr brings together three dimensions of risk to quickly and accurately detect and respond to Insider Risk.

  • Data: What IP is most valuable to the business?
  • Vector: When, where and how is your IP moving?
  • User: Who is moving it?

Incydr detects data risk across computers, cloud and email.

  • Sync activity to cloud applications like Dropbox and iCloud
  • Uploads to personal email and other sites through web browsers
  • Files sent through Airdrop or accessed by web apps like Slack
  • Sharing from corporate cloud services like GoogleDrive, OneDrive and Box
  • Email attachments from corporate Office 365 or Gmail
  • File deletions from user computers

Watch a 5-minute product demo

View this video to get a quick introduction to Incydr.

50,000+ organizations trust Code42

Resources to Learn More

Gartner market guide thumbnail
Report
Gartner 2020 Market Guide for Insider Risk Management

Code42 is recognized as a Representative Vendor in the December 2020 Gartner Market Guide for Insider Risk Management Solutions.

Get the report right arrow icon
Snowflake Mario Duarte thumbnail
Customer Story
How Snowflake Built a Modern Insider Risk Management Program with Incydr

Mario Duarte, VP of Security at Snowflake, explains how his team used the Insider Risk Management Framework to build a modern data protection program.

Read the customer story right arrow icon
Embrace Insider Risk Management Strategy With Incydr Asset Preview
Guide
Technical Requirements and Integrations for an Insider Risk Management Strategy

Learn about the five technical requirements of Code42’s Insider Risk Management framework. See how Incydr supports these requirements and get architectural considerations for optimizing an IRM ecosystem.

Get the guide right arrow icon

How-To Videos

The Dashboard:

Risk Exposure Dashboard

Data Preferences:

Trusted Domains

Risk Detection Lenses:

Departing Employees

 

High Risk Employees

Forensic Search:

Cases:

Use Cases:

Removable Media

 

Concealed File Exfiltration via File Mismatch

How-To Support Articles

Review Suspicious File Activity

Incydr offers a wide variety of options to help you quickly identify suspicious or unexpected file activity. Learn more →

Data Preferences

Data Preferences settings enable you to exclude file activity from IP addresses and domains you trust from dashboard visualizations, alerts, and search results in Forensic Search. Learn more →

Forensic Search

Forensic Search provides detailed visibility about files and enables security teams to monitor and investigate suspicious file activity. Learn more →

Cases

Cases helps you manage and respond to security investigations with tools that collect, organize, and retain user file activity. Learn more →

User Profile

User Profile allows you to view suspicious file movement, endpoint and cloud services activity, and file activity for the previous 90 days of a specific user. Learn more →

Risk Exposure Dashboard

The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Incydr environment, including high risk and departing employees as well as employees that have the most file activity. Learn more →

Departing Employees

Review the file activity of employees leaving your company. Learn more →

Set Up Alerts

Alerts let you know when important data may be leaving your company. Learn more →

Integrations

Code42 offers a variety of integrations to enable you to leverage Incydr features and data in other systems. Learn more →

Initial File Metadata Collection

When you enable file metadata collection, Incydr scans and indexes all files on endpoints and in any monitored cloud data sources. Learn more →

FAQ: Incydr Capabilities

What exfiltration vectors does Incydr monitor?

Incydr monitors exfiltration events across cloud services such as Dropbox and Google Drive, removable media, Airdrop, browsers, and other applications such as Slack.

What alerts do you recommend we set up during our POV?

Incydr alerts are completely customizable and oftentimes tailored to your specific needs. Some common alerts include:

  • Source Code Exfiltration
  • Unsanctioned Cloud Exfiltration
  • Compressed File Exfiltration
  • Sensitive Keyword Exfiltration

If you need assistance, please contact your Systems Engineer.

How do I add a user to the Departing Employee or High Risk detection lenses?

Code42 offers workflow automation services to connect Incydr with your Human Resource Information System (HRIS). This integration will automatically populate Incydr lenses with the employees who meet the lens criteria. You can also manually add users to lenses by following these steps.

What tools does Incydr integrate with?

Incydr integrates with a range of tools such as Splunk, Okta, and Google Drive. We also have a robust and easy to use rest-based API for tools not in our ecosystem.

Where does the contextual information about a user come from?

To learn more about contextual information about a user, take a look at our support article on Code42’s security architecture.

What roles and permissions are available for Incydr?

Incydr offers a variety of roles and permissions to ensure administrators only have access to what they need to do their jobs. For example, you can choose the administrators who should have access to various features (such as the Risk Detection Lenses), and you can also control who is able to download and view file content from Forensic Search during an investigation. We recommend you assign roles and permissions based on your administration use cases. To find more information around the best role for your use case, please refer to this article. View this article for instructions on how to assign or remove a role.

How do I deploy the agent?

Incydr can be installed on Windows, macOS and Linux using your desktop management software. Once installed, Incydr begins to silently monitor and collect files. For more information, take a look at our support article on how to prepare to deploy a Code42 app.

What is the agent impact?

We are in line with other major security companies, typically seeing 0-10% CPU and 200-700MB of memory usage when the agent is in its steady state. Check out our Incydr Agent FAQs to learn more.

FAQ: Data Security

How does Code42 secure my data?

Check out our support article on Code42’s security architecture.

How does Code42 handle my encryption keys?

Take a look at our support article on how Code42 handles your subscription keys.

My company needs to meet compliance and regulatory requirements. How does Incydr support these requirements?

Implementing an Insider Risk Management solution helps you comply with regulations governing who has access to what data — and when, where and how that data is exposed and/or exfiltrated. Here’s a guide explaining how Incydr supports a variety of compliance standards.

You can also rest assured that, as a company, Code42 utilizes industry standards and verification by independent auditors. We take a comprehensive approach to secure our products and solutions. Code42 maintains compliance certifications and attestations on our product and infrastructure to validate our robust security program. Additionally, Code42 ensures and monitors appropriate security assurance obligations. Learn more here.

Hear From Your Peers


Technical Business Analyst Enterprise Architecture and Technology Innovation


"Code42 has really revolutionized and changed our culture as a security team in our organization. The easy of use and overall capabilities of their tools have given us complete transparency with how data moves in our organization. This has helped from security processes, user training, and infrastructure improvements that we may never have known without having our finger on this pulse. the support we receive while we navigate this landscape is fantastic. I also have never had a software company solicit, review, and act on feedback like Code42. They truly do care about their customer's input to help shape their product."


Principal Security Engineer Security and Risk Management


"Code42 has been a key partner in developing our Insider Threat Program. We needed a control to validate and record what had been a blind spot for our organization. Code42 delivered these capabilities and more."