Incydr™ Proof Of Value Guide
Your go-to resources for everything related to the Incydr POV.
What to expect during your Incydr POV
The Incydr Proof of Value takes the traditional proof of concept up a notch. This 4 week product experience will not only demonstrate Incydr’s visibility, context, and controls but will also validate how the use of Incydr will tangibly improve your organization’s Insider Risk posture.
Get Started
Estimated time: 60 min
- POV experience overview
- Deploy agents to test machines
- Code42 team members involved during kick-off include: Account Executive (AE), Systems Engineer (SE), Professional Services Engineer
- Your team members involved during kick-off include: Security Stakeholder, Desktop Deployment Engineer, Technical Decision Maker, Technical Sponsor
Helpful materials for Day 1
Test & Configure
Estimated time: 60-90 min
- Deep-dive of Incydr detection, investigation & response capabilities
- Begin silent rollout
- Perform configurations, including trusted domains and alert rules
- Discussion: Watchlists, verify use cases
- Code42 team members involved during Week 1 include: Account Executive (AE), Systems Engineer (SE), Professional Services Engineer
- Your team members involved during Week 1 include: Technical Sponsor
Helpful materials for Week 1
- Incydr Detection Features
- Support Article: How to add trusted domains
- Support Article: Trusted domain examples
- Support Article: Alert rule settings overview
- Support Article: Recommended alert rules
- Support Article: Forensic Search reference guide
- Support Article: Searching file activity
- Video: Forensic Search overview
Review Use Cases
Estimated time: 60-90 min
- Complete silent rollout
- Operationalize Watchlists and cases
- Discussion: Refine trusted domains, validate use cases
- Code42 team members involved during Week 2 include: Account Executive (AE), Systems Engineer (SE), Professional Services Engineer
- Your team members involved during Week 2 include: Technical Sponsor
Helpful materials for Week 2
- Support Article: Risk Exposure Dashboard overview
- Support Article: Departing Employee guide
- Support Article: How to add a departing employee
- Support Article: High-risk user guide
- Support Article: How to add a high-risk user
- Support Article: Cases reference guide
- Video: Detecting Insider Risk
- Video: Investigating Insider Risk
Discuss Preliminary Findings
Estimated time: 60-90 min
- Review Risk Detection findings
- Discussion: Current process and people pain points
- Code42 team members involved during Week 3 include: Account Executive (AE), Systems Engineer (SE)
- Your team members involved during Week 3 include: Technical Sponsor, Security Stakeholder
Helpful materials for Week 3
Insider Risk Posture Review & Recommendations
Estimated time: 60 min
- Complete POV Experience
- Code42 to present Insider Risk Posture review and technical recommendations
- Code42 team members involved during Week 4 include: Account Executive (AE), Systems Engineer (SE), Code42 Executive
- Your team members involved during Week 4 include: Technical Sponsor, Security Stakeholder, Technical Decision Maker, HR, Legal, IT
Helpful materials for Week 4
Code42’s Solution
See and stop data leak and theft caused by employees
Detect data theft on day 1 via cloud and endpoint exfiltration
Tailor your response to the offender and offense
Ally the business with security to protect IP
Stop data theft with Code42 IncydrHow-to videos
Data Exposure Dashboard
The Data Exposure Dashboard provides an overview of all exposure and exfiltration activity, both on the endpoint and in the cloud.
Watchlists: Departing Employees
Monitoring departing employees is an essential part of the offboarding process. Utilize the Departing Employees Watchlist to review file activity.
Watchlists: High Risk Employees
Discover how to review file activity in the High Risk Employees Watchlist and quickly identify suspicious file movement.
Forensic Search
Forensic Search allows you to investigate all file event activity detected by Incydr.
Cases
Cases provide a way to compile, document, and disseminate investigation details.
Use Case: Removable Media
Removable media is a common exfiltration vector. See how Incydr provides visibility of removable media misuse.
Use Case: Concealed File Exfiltration
File mismatches occur when a file’s extension doesn’t match the file’s content. Incydr flags these and protects against concealed file exfiltration.
Data Preferences: Trusted Domains
Learn how to identify specific domains and IP addresses and filter the noise of trusted activity, such as sharing files between trusted domains.
How-to support articles
Review Suspicious File Activity
Incydr offers a wide variety of options to help you quickly identify suspicious or unexpected file activity.
Forensic Search
Forensic Search provides detailed visibility about files and enables security teams to monitor and investigate suspicious file activity.
Cases
Cases helps you manage and respond to security investigations with tools that collect, organize, and retain user file activity.
Data Preferences
Data Preferences settings enable you to exclude file activity from IP addresses and domains you trust from dashboard visualizations, alerts, and search results in Forensic Search.
User Profile
User Profile allows you to view suspicious file movement, endpoint and cloud services activity, and file activity for the previous 90 days of a specific user.
Risk Exposure Dashboard
The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Incydr environment, including high risk and departing employees as well as employees that have the most file activity.
Integrations
Code42 offers a variety of integrations to enable you to leverage Incydr features and data in other systems.
Frequently asked questions
Incydr capabilities
Incydr monitors exfiltration events across cloud services such as Dropbox and Google Drive, removable media, Airdrop, browsers, and other applications such as Slack.
Incydr alerts are completely customizable and oftentimes tailored to your specific needs. If you need assistance, please contact your Systems Engineer. Some common alerts include:
- Source Code Exfiltration
- Unsanctioned Cloud Exfiltration
- Compressed File Exfiltration
- Sensitive Keyword Exfiltration
Code42 offers workflow automation services to connect Incydr with your Human Resource Information System (HRIS). This integration will automatically populate Incydr lenses with the employees who meet the lens criteria. You can also manually add users to Watchlists by following these steps.
Incydr integrates with a range of tools such as Splunk, Okta, and Google Drive. We also have a robust and easy to use rest-based API for tools not in our ecosystem.
We are able to pull Department, Title, Manager, and Location from your Identity Management provider. To learn more, take a look at our support article on provisioning user attributes to Code42. Additionally, users can automatically be added to Watchlists based on information such as departure date through Incydr Flow automation with HR systems, PAM and IAM.
Incydr offers a variety of roles and permissions to ensure administrators only have access to what they need to do their jobs. For example, you can choose the administrators who should have access to various features (such as Watchlists), and you can also control who is able to download and view file content from Forensic Search during an investigation. We recommend you assign roles and permissions based on your administration use cases. To find more information around the best role for your use case, please refer to this article. View this article for instructions on how to assign or remove a role.
Incydr can be installed on Windows, macOS and Linux using your desktop management software. Once installed, Incydr begins to silently monitor and collect files. For more information, take a look at our support article on how to prepare to deploy a Code42 app.
Although results vary based on the above, we typically see 0-4% CPU and approximately 50MB of memory usage when the agent is in its steady state. Check out our Incydr Agent FAQs to learn more.
Data security
Check out our support article on Code42’s security architecture.
Take a look at our support article on how Code42 handles your subscription keys.
- Implementing an Insider Risk Management solution helps you comply with regulations governing who has access to what data — and when, where and how that data is exposed and/or exfiltrated. Here’s a document explaining how Incydr supports a variety of compliance standards.
- You can also rest assured that, as a company, Code42 utilizes industry standards and verification by independent auditors. We take a comprehensive approach to secure our products and solutions. Code42 maintains compliance certifications and attestations on our product and infrastructure to validate our robust security program. Additionally, Code42 ensures and monitors appropriate security assurance obligations. Learn more.
Ready to deploy Incydr? What you need to know
Accelerate your Incydr rollout
Complete your deployment and configuration basics in under 20 hours with Incydr ProStart.
Learn MoreIncydr’s Professional Services
Accelerate your time to value with deployment services. Our experts will assist with a new deployment or a health check when upgrading.
Learn MoreOptimize your configuration
Capture file activity that signals Insider Risk. Attend curated workshops to enhance your use of lenses, dashboards, alerts and integrations.
Learn MoreIncydr sees all
Published 9/21/21
“The ability to see where all our data is going is invaluable. Tracking where our documents go is an eye opener. Web-based emails, social media, zip files, renaming of files to obscure contents. This was exactly what we needed and since this is tied into our desktop backup system it was a no brainer to deploy this product.”
Read Full ReviewEasy to implement, configure, and use!
Published 6/3/21
“Service and support has been excellent. Knowledge-base documentation is well written and clear. It’s very easy to find what I need quickly. Information is presented in the dashboard in a very clear way, making things super easy to understand. Professional services has been very helpful.”
Read Full ReviewOne of the best tools I have experienced
Published 6/22/21
“The tool gives amazing monitoring to the endpoint and tracks the activity related to the file movement. The Investigate and filter part is really impressive and useful to triage the alert further and take the required actions based on the activity. The most Advanced Feature is downloading the file in real-time and making solid evidence to prove yourself.”
Read Full ReviewGARTNER is a registered trademark and service mark, and PEER INSIGHTS, Gartner Peer Insights Logo, and the Gartner Peer Insights Customer First badge are trademarks and service marks, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. The Gartner Peer Insights Customer First program constitutes an organization’s commitment to solicit reviews from its customers using programmatic sourcing strategies and best practices. They neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.