Today, Code42, the Insider Risk Management leader, announced it has integrated the Code42® Incydr™ product with Rapid7 InsightIDR. Security teams using InsightIDR with the Code42 Incydr integration will have the ability to identify, prioritize and triage the most critical insider threat events – data leakage, theft or malicious attempts to conceal file exfiltration. Code42 Incydr is the first data source dedicated to insider threat events to be accessible to InsightIDR users.
This integration will improve SOC analysts' abilities to detect insider threat events by improving the signal of risky events, reducing the noise from trusted activities, and simplifying investigations, thereby saving security teams hours of time. One-click access to the Code42 Incydr console directly from InsightIDR enables analysts to execute fast, contextualized insider threat investigations and strengthens compliance and file integrity monitoring (FIM). Incydr technology surfaces critical file modification events, contents of exfiltrated files and directly attributes users to suspicious activity in real-time. These combined capabilities inform appropriate triage through the right human and automated response actions.
"Distributed work environments and the increased use of file sharing and collaboration for legitimate work purposes are making it more difficult for security analysts to determine which file activities within their organizations are real threats to the business," said David Beaver, global director of strategic alliances at Rapid7. "The Code42 Incydr solution is helping InsightIDR further diminish noise with advanced contextualization of data movement by employees and contractors, which will accelerate response times and better support critical investigations."
Traditional approaches to protecting against insider threats – data loss prevention (DLP) tools – are dependent on classification and policies and are unable to keep pace with the modern-day workforce. As the borderless and hybrid workforce continues to rely on cloud-based, collaborative technologies post-pandemic, organizations must move away from strategies that block employees' legitimate work and file sharing. Otherwise, their data could be put at risk by employees and users who modify sensitive files in an attempt to circumvent policies, misclassify valuable data or adopt unsanctioned technologies that introduce new vectors for exfiltration.
"Security leaders have indicated in our research that 69% of them have experienced a data breach even when they have had a DLP in place. It is clear that today's organizations need a better way to identify and respond to data exposure and exfiltration happening from inside their organizations," said Ananth Appathurai, senior vice president of strategic partnerships and ecosystem at Code42. "Our integration with InsightIDR helps analysts quickly determine what is and isn't a threat. It combines the granular context and high-fidelity alerts that the Code42 Incydr product is known for with Rapid7's industry-leading detection and response solution to deliver actionable insights immediately and eliminate blindspots to insider threats."
Additional Code42 Resources