Incydr™ POV Guide

POV Experience Overview

The Incydr Proof of Value takes the traditional proof of concept up a notch. This 4 week product experience will not only demonstrate the signal, simplicity and speed of Incydr’s functionality, but also validate how the use of Incydr will tangibly improve your organization's Insider Risk posture.

Day 1/Kick-off

Get Started

Estimated time: 60 min
  • POV experience overview
  • Deploy agents to test machines
  • Code42 team members involved during kick-off include: Account Executive (AE), Systems Engineer (SE), POV Deploy Services (PDS)
  • Your team members involved during kick-off include: Security Stakeholder, Technical Decision Maker, Technical Sponsor

Helpful Materials for Day 1

Week 1

Test & Configure

Estimated time: 60-90 min
  • Deep-dive of Incydr detection, investigation & response capabilities
  • Begin silent rollout
  • Perform configurations, including trusted domains and alert rules
  • Discussion: Risk Detection Lenses, verify use cases
  • Code42 team members involved during Week 1 include: Account Executive (AE), Systems Engineer (SE), POV Deploy Services (PDS)
  • Your team members involved during Week 1 include: Technical Sponsor

Helpful Materials for Week 1

Week 2

Review Use Cases

Estimated time: 60-90 min
  • Complete silent rollout
  • Operationalize Risk Detection Lenses and cases
  • Discussion: Refine trusted domains, validate use cases
  • Code42 team members involved during Week 2 include: Account Executive (AE), Systems Engineer (SE), POV Deploy Services (PDS)
  • Your team members involved during Week 2 include: Technical Sponsor

Helpful Materials for Week 2

Week 3

Discuss Preliminary Findings

Estimated time: 60-90 min
  • Review Risk Detection findings
  • Discussion: Current process and people pain points
  • Code42 team members involved during Week 3 include: Account Executive (AE), Systems Engineer (SE)
  • Your team members involved during Week 3 include: Technical Sponsor, Security Stakeholder

Helpful Materials for Week 3

Week 4

Insider Risk Posture Review & Recommendations

Estimated time: 60 min
  • Complete POV Experience
  • Code42 to present Insider Risk Posture review and technical recommendations
  • Code42 team members involved during Week 4 include: Account Executive (AE), Systems Engineer (SE), Code42 Executive
  • Your team members involved during Week 4 include: Technical Sponsor, Security Stakeholder, Technical Decision Maker, HR, Legal, IT

Helpful Materials for Week 4

Introducing Incydr

Incydr brings together three dimensions of risk to quickly and accurately detect and respond to Insider Risk.

  • Data: What IP is most valuable to the business?
  • Vector: When, where and how is your IP moving?
  • User: Who is moving it?

Incydr detects data risk across computers, cloud and email.

  • Sync activity to cloud applications like Dropbox and iCloud
  • Uploads to personal email and other sites through web browsers
  • Files sent through Airdrop or accessed by web apps like Slack
  • Sharing from corporate cloud services like GoogleDrive, OneDrive and Box
  • Email attachments from corporate Office 365 or Gmail
  • File deletions from user computers

Watch a 5-minute product demo

View this video to get a quick introduction to Incydr.

50,000+ organizations trust Code42

Resources to Learn More

A Technical Overview of the Incydr Product Architecture thumbnail image
White Paper
How Incydr™ Works: A Technical Overview of the Incydr Product Architecture

This overview outlines Incydr’s product architecture and explains how it meets Insider Risk Management requirements.

Get the white paper right arrow icon
Gartner market guide thumbnail
Gartner 2020 Market Guide for Insider Risk Management

Code42 is recognized as a Representative Vendor in the December 2020 Gartner Market Guide for Insider Risk Management Solutions.

Get the report right arrow icon
Snowflake Mario Duarte thumbnail
Customer Story
How Snowflake Built a Modern Insider Risk Management Program with Incydr

Mario Duarte, VP of Security at Snowflake, explains how his team used the Insider Risk Management Framework to build a modern data protection program.

Read the customer story right arrow icon
Embrace Insider Risk Management Strategy With Incydr Asset Preview
Technical Requirements and Integrations for an Insider Risk Management Strategy

Learn about the five technical requirements of Code42’s Insider Risk Management framework. See how Incydr supports these requirements and get architectural considerations for optimizing an IRM ecosystem.

Get the guide right arrow icon

How-To Videos

The Dashboard:

Risk Exposure Dashboard

Data Preferences:

Trusted Domains

Risk Detection Lenses:

Departing Employees

High Risk Employees

Forensic Search:


Use Cases:

Removable Media

Concealed File Exfiltration via File Mismatch

How-To Support Articles

Review Suspicious File Activity

Incydr offers a wide variety of options to help you quickly identify suspicious or unexpected file activity. Learn more →

Data Preferences

Data Preferences settings enable you to exclude file activity from IP addresses and domains you trust from dashboard visualizations, alerts, and search results in Forensic Search. Learn more →

Forensic Search

Forensic Search provides detailed visibility about files and enables security teams to monitor and investigate suspicious file activity. Learn more →


Cases helps you manage and respond to security investigations with tools that collect, organize, and retain user file activity. Learn more →

User Profile

User Profile allows you to view suspicious file movement, endpoint and cloud services activity, and file activity for the previous 90 days of a specific user. Learn more →

Risk Exposure Dashboard

The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Incydr environment, including high risk and departing employees as well as employees that have the most file activity. Learn more →

Departing Employees

Review the file activity of employees leaving your company. Learn more →

Set Up Alerts

Alerts let you know when important data may be leaving your company. Learn more →


Code42 offers a variety of integrations to enable you to leverage Incydr features and data in other systems. Learn more →

Initial File Metadata Collection

When you enable file metadata collection, Incydr scans and indexes all files on endpoints and in any monitored cloud data sources. Learn more →

FAQ: Incydr Capabilities

What exfiltration vectors does Incydr monitor?

Incydr monitors exfiltration events across cloud services such as Dropbox and Google Drive, removable media, Airdrop, browsers, and other applications such as Slack.

What alerts do you recommend we set up during our POV?

Incydr alerts are completely customizable and oftentimes tailored to your specific needs. Some common alerts include:

  • Source Code Exfiltration
  • Unsanctioned Cloud Exfiltration
  • Compressed File Exfiltration
  • Sensitive Keyword Exfiltration

If you need assistance, please contact your Systems Engineer.

How do I add a user to the Departing Employee or High Risk detection lenses?

Code42 offers workflow automation services to connect Incydr with your Human Resource Information System (HRIS). This integration will automatically populate Incydr lenses with the employees who meet the lens criteria. You can also manually add users to lenses by following these steps.

What tools does Incydr integrate with?

Incydr integrates with a range of tools such as Splunk, Okta, and Google Drive. We also have a robust and easy to use REST-based API for tools not in our ecosystem.

Where does the contextual information about a user come from?

We are able to pull Department, Title, Manager, and Location from your Identity Management provider. To learn more, take a look at our support article on provisioning user attributes to Code42.

What roles and permissions are available for Incydr?

Incydr offers a variety of roles and permissions to ensure administrators only have access to what they need to do their jobs. For example, you can choose the administrators who should have access to various features (such as the Risk Detection Lenses), and you can also control who is able to download and view file content from Forensic Search during an investigation. We recommend you assign roles and permissions based on your administration use cases. To find more information around the best role for your use case, please refer to this article. View this article for instructions on how to assign or remove a role.

FAQ: Data Security

How does Code42 secure my data?

Check out our support article on Code42’s security architecture.

How does Code42 handle my encryption keys?

Take a look at our support article on how Code42 handles your subscription keys.

My company needs to meet compliance and regulatory requirements. How does Incydr support these requirements?

Implementing an Insider Risk Management solution helps you comply with regulations governing who has access to what data — and when, where and how that data is exposed and/or exfiltrated. Here’s a guide explaining how Incydr supports a variety of compliance standards.

You can also rest assured that, as a company, Code42 utilizes industry standards and verification by independent auditors. We take a comprehensive approach to secure our products and solutions. Code42 maintains compliance certifications and attestations on our product and infrastructure to validate our robust security program. Additionally, Code42 ensures and monitors appropriate security assurance obligations. Learn more here.

FAQ: Incydr Implementation

How do I deploy the agent?

Incydr can be installed on Windows, macOS and Linux using your desktop management software. Once installed, Incydr begins to silently monitor and collect files. For more information, take a look at our support article on how to prepare to deploy a Code42 app.

What is the agent impact?

We are in line with other major security companies. The agent typically uses 0-4% CPU and approximately 50MB of memory usage. Check out our Incydr Agent FAQs to learn more.

How do I ensure my AV/EDR agents will not interfere with Incydr?

Incydr complements the functionality of many security, antivirus, and EDR applications. Most of these applications work seamlessly with Incydr and do not require any configuration changes. However, some applications may require you to add exceptions. Learn more here.

How do I prepare my network to deploy the agent?

You can work with your Code42 Systems Engineer to confirm that network and system requirements are being met. For more information, check out this document which outlines network and system requirements for the agent.

Hear From Your Peers

Technical Business Analyst Enterprise Architecture and Technology Innovation

"Code42 has really revolutionized and changed our culture as a security team in our organization. The easy of use and overall capabilities of their tools have given us complete transparency with how data moves in our organization. This has helped from security processes, user training, and infrastructure improvements that we may never have known without having our finger on this pulse. the support we receive while we navigate this landscape is fantastic. I also have never had a software company solicit, review, and act on feedback like Code42. They truly do care about their customer's input to help shape their product."

Principal Security Engineer Security and Risk Management

"Code42 has been a key partner in developing our Insider Threat Program. We needed a control to validate and record what had been a blind spot for our organization. Code42 delivered these capabilities and more."