Detect and respond to insider risk
IncydrTM allows you to mitigate data risk with simplicity, signal and speed
What makes Incydr different
Incydr is a SaaS data risk detection and response product that allows security teams to effectively mitigate file exposure and exfiltration risks without disrupting legitimate collaboration.
Quickly uncover your data security blindspots
Incydr detects file exposure and exfiltration across computers, cloud and email through an agent and direct integrations. It monitors all file activity (creation, deletion, modification and movement) regardless of what is considered acceptable or unacceptable by security policy. This comprehensive approach to monitoring reduces deployment and management time by removing the rule creation and refinement process. It also illuminates an organization's data security blindspots by showing activities that fly under the radar of other security technologies. You'll get an accurate understanding of your insider threat vulnerabilities.
Cut through the noise to find real risk
Incydr is smart enough to know there's a difference between everyday collaboration and the events that represent real risk. It filters out the noise of harmless activity, like sharing files between trusted domains, to reveal only the threats that could harm your business. Incydr takes a multidimensional approach to insider risk by combining rich context on files, vectors and users. It surfaces this information along with additional risk indicators to prioritize the events that require immediate security investigation.
Take a right-sized approach to insider threat response
Incydr provides the fast answers needed to substantiate insider threat investigations. There's no one-size-fits-all to insider threat response. Response actions should vary based on impact, employee history and intent. Armed with the facts, your organization can take a right-sized response. Whether that be automated action, corrective conversation, additional training or even legal action.
How Incydr Protects
3 Dimensions to Insider Risk: Files, Vectors and Users
Incydr allows you to detect and respond to data risk caused by those inside your organization. This includes exposure and exfiltration activities on computers and via corporate cloud and email services.
The foundation of Incydr's ability to speed insider risk detection and response comes from monitoring all file activity regardless of what is considered acceptable or unacceptable by security policy. Incydr logs every file event and enriches it with context on the vector, file and user to determine what represents real risk. This allows Incydr to not only reduce alerts and investigation time, but also remediate risk that goes unnoticed by traditional data security technologies.
- Monitors all files - not just those that have been deemed sensitive
- Offers critical metadata including file name, owner, size, path, category and hash
- Provides authorized security analysts with the ability to review the file's actual content
- Detects exposure and exfiltration including web browser uploads, cloud sync activity, file sharing, Airdrop, and use of removable media
- Offers vector detail such as domain name, active browser tab title and URL, and removable media make, model, volume name, partition ID and serial number
- Filters file events to reflect what is considered trusted vs untrusted activity
- Identifies behavioral risk indicators such as remote activity, off-hour file events and attempts to conceal exfiltration
- Allows security teams to programmatically monitor users with increased risk factors, such as departing and contract employees
- Provides 90 days of historical user activity to surface trends and abnormalities
Let's Talk Tech
Learn how Incydr evaluates and surfaces data risk using dashboards, lenses and alerts.
See how Incydr simplifies insider risk investigations with user profiles and forensic search.
Using Incydr to protect data
from insider threat
Odds are you're experiencing an insider threat right now. Here are
three of the most common times when employee's put data at risk:
Remote workers introduce new security challenges. We help you manage the risk of off-network activity when employees work from home.
Most employees take data with them when they leave for their next job. We make sure your most valuable files stay with you.
High-Value Data Leak
When trade secrets leak, business is threatened. We help you detect when sensitive data is at risk.
Mergers and Acquisitions
M&A deals often trigger employee turnover and layoffs. We keep your data protected during the transition.
Frequently Asked Questions
What types of removable media devices do you monitor?
Devices, such as flash drives, hard drives and cards, that connect via USB, eSata, Thunderbolt and SD Card ports. Incydr collects the vendor, name and serial number of all devices used.
What web browsers and applications do you monitor?
Internet Explorer, Chrome, Firefox, Safari, Edge, Chromium and Opera, as well as processes and applications such as FileZilla, Winscp, Slack, SFTP, FTP, cURL and SCP.
What cloud applications do you monitor?
Installed cloud sync applications for Dropbox, iCloud, Google Drive, Google Backup and Sync, OneDrive and Box. API integrations with corporate cloud services support monitoring of activity in Microsoft OneDrive, Google Drive and Box.
Does Incydr use an endpoint agent?
Yes, Incydr uses a non-disruptive agent installed on Windows, Mac and Linux devices to monitor file activity as well as collect files and file metadata. Maximum CPU allowances can be set for when users are present and away from their devices. The agent can be hidden from users.
How do you identify when important files are put at risk?
Customizable alerts can be set for near real-time notification of risky activity. Incydr also assigns categories to files in order to help you identify your most important data at a glance. Monitored categories include archive, audio, document, executable, image, PDF, presentation, script, source code, spreadsheet, video and virtual disk image. When you're alerted of risk, you can quickly access the file(s) in question to make an informed decision about whether that file needs to remain private. Finally, most organizations further narrow their focus by prioritizing alerting during times where data is put at the most risk, such as during employee departure and M&A.
What deployment models do you support?
Incydr is delivered in a cloud model. On-premises deployments are available but features and functionality will vary from what is offered in a cloud deployment. Learn more about our deployment options and data security.
Where are your data centers located?
Code42 offers a variety of data center destinations to support the requirements of global businesses. Data center locations include the U.S., Amsterdam, Dublin, Singapore and Sydney.
How do I deploy the Incydr agent to user computers?
The Incydr agent can be deployed directly through the administration console, or through your company's mass deployment software such as Windows System Center Configuration Manager (SCCM) and Jamf Pro.
Do you offer implementation services?
Yes, Code42 has a knowledgeable professional services team that helps you get up and running quickly. They will configure Code42 according to best practices and partner with you to integrate the product into your systems and processes.
How long do deployments typically take?
Most customers are able to start using the product within 2 weeks. From there, they continue to work with our deployment team to implement full product capabilities and best practices over the course of 1-2 months.
How do I get a quote?
You can request a quote and a member of our sales team will reach out to you within one business day.
Can I purchase through my preferred partner?
Code42 is proud to work with many industry-leading resellers. Code42 Elite Partners include: CDW, DG Technologies, PCM, SHI, Softchoice and Optiv.
What's the expected ROI?
Based on Code42 customer interviews and subsequent financial analysis, Forrester Consulting estimates that a 2,000 employee company would experience a 230 percent return on investment (ROI) over three years. Read the April 2019 commissioned Total Economic Impact™ study conducted by Forrester Consulting on behalf of Code42 to get the full details.
Where are your offices located?
Code42 has corporate offices located in the U.S. and England. Our support teams are located in the U.S. and England.
CrowdStrike and Code42 vs. External and Insider Threats
MacDonald-Miller protects 90 GB of sensitive data from high profile departing employee
Shape Technologies Group Protects acquisition data during M&A and workforce consolidations
Global Manufacturer reduces departing employee lawsuit by $9 million
Join more than 50,000 organizations using Code42 products
Get faster detection and response to data loss caused by insider threats.
Learn more about Code42
Source: 2019 Forrester Total Economic Impact study based on Code42 experiences