Incydr™ Detect and respond to data risk

Incydr allows you to mitigate data risk with simplicity, signal and speed


What makes Incydr different

Incydr is a SaaS data risk detection and response product that allows security teams to effectively mitigate file exposure and exfiltration risks without disrupting legitimate collaboration.


Quickly uncover your data security blindspots

Incydr detects file exposure and exfiltration across computers, cloud and email through an agent and direct integrations. It monitors all file activity (creation, deletion, modification and movement) regardless of what is considered acceptable or unacceptable by security policy. This comprehensive approach to monitoring reduces deployment and management time by removing the rule creation and refinement process. It also illuminates an organization's data security blindspots by showing activities that fly under the radar of other security technologies. You'll get an accurate understanding of your Insider Risk vulnerabilities.

Explore detection features right arrow icon

Cut through the noise to find real risk

Incydr watches for file, vector and user Insider Risk Indicators (IRIs) associated with the activity it monitors. IRIs are activities or characteristics that indicate corporate data is at risk of exposure or exfiltration. Incydr uses these IRIs to prioritize the users and events that represent the greatest risk to your organization. This ensures you know the difference between harmless file movement and actual data leak or theft.

Explore risk detection features right arrow icon

Take a right-sized approach to Insider Risk response

Incydr provides the fast answers needed to substantiate Insider Risk investigations. There's no one-size-fits-all to Insider Risk response. Response actions should vary based on impact, employee history and intent. Armed with the facts, your organization can take a right-sized response. Whether that be automated action, corrective conversation, additional training or even legal action.

Explore response features right arrow icon

How Incydr prioritizes risk

Incydr prioritizes your highest risk users and events so you can clearly differentiate between harmless file movement and true data leak or theft.

When monitoring file activity, Incydr watches for file, vector, and user Insider Risk Indicators (IRIs). IRIs are activities or characteristics that indicate corporate data is at risk of exposure or exfiltration.

Incydr assigns a numerical risk score to every IRI. These scores are totaled to determine the overall risk of a detected event and its severity. IRI severities allow Incydr and security teams to take a use-case centric approach to Insider Risk Management.

If needed, Incydr administrators can adjust the model to fit their own risk tolerance. Risk settings allow administrators to modify how users and events are prioritized. Incydr’s trust settings tell Incydr what activity it should de-prioritize, like activity with trusted domains. This prevents approved file activity from triggering alerts or cluttering dashboard views. Incydr’s extensive library of IRIs includes IRIs such as:


File IRIs

  • Zip file exfiltration
  • Source code exfiltration
  • SalesForce report exfiltration
  • Earnings report exfiltration

Vector IRIs

  • Public link in Google Drive
  • Dropbox sync app
  • Attachment to ProtonMail
  • Airdrop transfer

User IRIs

  • Departing employee
  • Contract employee
  • Off hours activity
  • Concealed exfiltration via file mismatch

Watch a 5-minute product demo

View this video to get a quick introduction to Incydr.

Want to dig deeper?

Get Started

Insider Threat Analyst Security and Risk Management

"My experience has been from a security perspective, piloting their incydr product. I have found the team to be diligent and exceptionally responsive. Many times they have immediately hopped on a call when questions arose. Overall, very satisfied."

Principal Security Engineer Security and Risk Management

"Code42 has been a key partner in developing our Insider Threat Program. We needed a control to validate and record what had been a blind spot for our organization. Code42 delivered these capabilities and more."


Incydr integrates with top technologies to help correlate data risks, deliver actionable insights and improve the efficiency and effectiveness of customer workflows.

See all integrations right arrow icon

Using Incydr to protect data
from insider threat

Odds are you're experiencing an insider threat right now. Here are
a few of the most common times when employee's put data at risk:

Frequently Asked Questions

What types of removable media devices do you monitor?

Devices, such as flash drives, hard drives and cards, that connect via USB, eSata, Thunderbolt and SD Card ports. Incydr collects the vendor, name and serial number of all devices used.

What web browsers and applications do you monitor?

Internet Explorer, Chrome, Firefox, Safari, Edge, Chromium and Opera, as well as processes and applications such as FileZilla, Winscp, Slack, SFTP, FTP, cURL and SCP.

What cloud applications do you monitor?

Installed cloud sync applications for Dropbox, iCloud, Google Drive, Google Backup and Sync, OneDrive and Box. API integrations with corporate cloud services support monitoring of activity in Microsoft OneDrive, Google Drive and Box.

Does Incydr use an endpoint agent?

Yes, Incydr uses a non-disruptive agent installed on Windows, Mac and Linux devices to monitor file activity as well as collect files and file metadata. Maximum CPU allowances can be set for when users are present and away from their devices. The agent can be hidden from users.

How do you identify when important files are put at risk?

Customizable alerts can be set for near real-time notification of risky activity. Incydr also assigns categories to files in order to help you identify your most important data at a glance. Monitored categories include archive, audio, document, executable, image, PDF, presentation, script, source code, spreadsheet, video and virtual disk image. When you're alerted of risk, you can quickly access the file(s) in question to make an informed decision about whether that file needs to remain private. Finally, most organizations further narrow their focus by prioritizing alerting during times where data is put at the most risk, such as during employee departure and mergers and acquisitions.

What deployment models do you support?

Incydr is delivered in a cloud model. On-premises deployments are available but features and functionality will vary from what is offered in a cloud deployment. Learn more about our deployment options and data security.

Where are your data centers located?

Code42 offers a variety of data center destinations to support the requirements of global businesses. Data center locations include the U.S., Amsterdam, Dublin, Singapore and Sydney.

How do I deploy the Incydr agent to user computers?

The Incydr agent can be deployed directly through the administration console, or through your company's mass deployment software such as Windows System Center Configuration Manager (SCCM) and Jamf Pro.

Do you offer implementation services?

Yes, Code42 has a knowledgeable professional services team that helps you get up and running quickly. They will configure Code42 according to best practices and partner with you to integrate the product into your systems and processes.

How long do deployments typically take?

Most customers are able to start using the product within 2 weeks. From there, they continue to work with our deployment team to implement full product capabilities and best practices over the course of 1-2 months.

How do I get a quote?

You can request a quote and a member of our sales team will reach out to you within one business day.

Can I purchase through my preferred partner?

Code42 is proud to work with many industry-leading resellers. Code42 Elite Partners include: CDW, DG Technologies, PCM, SHI, Softchoice and Optiv.

What's the expected ROI?

Based on Code42 customer interviews and subsequent financial analysis, Forrester Consulting estimates that a 2,000 employee company would experience a 230 percent return on investment (ROI) over three years.

Where are your offices located?

Code42 has corporate offices located in the U.S. and England. Our support teams are located in the U.S. and England.

Join more than 50,000 organizations using Code42 products

Get faster detection and response to data loss caused by Insider Risk.