Incydr™ for Insider Risk Management
Mitigate insider risks to data with simplicity, signal and speed
What makes Incydr different
Spend less time administering and more time protecting data
- Cloud-native and environment agnostic architecture
- Get up and running in a matter of days
- No proxies to manage or complex policies to maintain
Avoid analyst burnout with unrivaled signal-to-noise ratio
- Detect file exfiltration via computers, cloud and email
- Intelligently differentiate between sanctioned and unsanctioned activity
- Use rich file, vector and user context to prioritize the risks that matter
Quickly take a right-sized response to detected risks
- Concrete context reduces your time to respond
- Automate a variety of controls to contain, resolve and educate
- Respond appropriately to protect data without disrupting productivity
Incydr’s approach to Insider Risk Management
Intelligently distinguish between sanctioned and unsanctioned activity
Incydr uses its Inferred Trust and Defined Trust capabilities to filter sanctioned corporate activity from view so you don’t have to comb through false positive alerts. You’ll gain accurate detection of corporate vs personal file activity, be able to detect files downloaded from corporate systems onto unmonitored devices, and speed the time it takes to respond to file exfiltration events – without having to administer network proxies or manage rule-based policies.
Use Insider Risk Indicators (IRIs) to surface the risks that matter most
Incydr offers a context-driven approach to prioritizing risk to data based on file, vector and user Insider Risk Indicators (IRIs). A numerical risk score is assigned to every IRI out of the box and these are used to determine the total risk of an event. You’ll see users and activities that need your attention on day one without having to configure anything. Since Incydr is transparent about how risk is prioritized, you can adapt the model to fit your own risk tolerance where necessary.
Contain, resolve and educate with right-sized response controls
Risk tolerance is unique to each organization and each line of business – there’s no one-size-fits-all response. Incydr offers three categories of response types to give you the right control for every type of activity. With Incydr, you can contain, resolve and educate when file exfiltration is detected. These controls are executed via no-code automated integrations called Incydr Flows.
Let's Talk Tech
Learn how Incydr evaluates and surfaces data risk using dashboards, lenses and alerts.
See how Incydr simplifies Insider Risk investigations with user profiles and forensic search.
Watch a 5-minute product demo
View this video to get a quick introduction to Incydr.
Using Incydr to protect data
from insider threat
Odds are you're experiencing an insider threat right now. Here are
a few of the most common times when employee's put data at risk:
Remote workers introduce new security challenges. We help you manage the risk of off-network activity when employees work from home.
Most employees take data with them when they leave for their next job. We make sure your most valuable files stay with you.
High Risk Employee
Programmatically protect data by monitoring flight risks and other high-risk employee types.
Mergers and Acquisitions
M&A deals often trigger employee turnover and layoffs. We keep your data protected during the transition.
Insider Threat Analyst Security and Risk Management
"My experience has been from a security perspective, piloting their incydr product. I have found the team to be diligent and exceptionally responsive. Many times they have immediately hopped on a call when questions arose. Overall, very satisfied."
Principal Security Engineer Security and Risk Management
"Code42 has been a key partner in developing our Insider Threat Program. We needed a control to validate and record what had been a blind spot for our organization. Code42 delivered these capabilities and more."
Frequently Asked Questions
What types of removable media devices do you monitor?
Devices, such as flash drives, hard drives and cards, that connect via USB, eSata, Thunderbolt and SD Card ports. Incydr collects the vendor, name and serial number of all devices used.
What web browsers and applications do you monitor?
Internet Explorer, Chrome, Firefox, Safari, Edge, Chromium and Opera, as well as processes and applications such as FileZilla, Winscp, Slack, SFTP, FTP, cURL and SCP.
What cloud applications do you monitor?
Installed cloud sync applications for Dropbox, iCloud, Google Drive, Google Backup and Sync, OneDrive and Box. API integrations with corporate cloud services support monitoring of activity in Microsoft OneDrive, Google Drive and Box.
Does Incydr use an endpoint agent?
Yes, Incydr uses a non-disruptive agent installed on Windows, Mac and Linux devices to monitor file activity as well as collect files and file metadata. Maximum CPU allowances can be set for when users are present and away from their devices. The agent can be hidden from users.
How do you identify when important files are put at risk?
Customizable alerts can be set for near real-time notification of risky activity. Incydr also assigns categories to files in order to help you identify your most important data at a glance. Monitored categories include archive, audio, document, executable, image, PDF, presentation, script, source code, spreadsheet, video and virtual disk image. When you're alerted of risk, you can quickly access the file(s) in question to make an informed decision about whether that file needs to remain private. Finally, most organizations further narrow their focus by prioritizing alerting during times where data is put at the most risk, such as during employee departure and mergers and acquisitions.
What deployment models do you support?
Incydr is delivered in a cloud model. On-premises deployments are available but features and functionality will vary from what is offered in a cloud deployment. Learn more about our deployment options and data security.
Where are your data centers located?
Code42 offers a variety of data center destinations to support the requirements of global businesses. Data center locations include the U.S., Amsterdam, Dublin, Singapore and Sydney.
How do I deploy the Incydr agent to user computers?
The Incydr agent can be deployed directly through the administration console, or through your company's mass deployment software such as Windows System Center Configuration Manager (SCCM) and Jamf Pro.
Do you offer implementation services?
Yes, Code42 has a knowledgeable professional services team that helps you get up and running quickly. They will configure Code42 according to best practices and partner with you to integrate the product into your systems and processes.
How long do deployments typically take?
Most customers are able to start using the product within 2 weeks. From there, they continue to work with our deployment team to implement full product capabilities and best practices over the course of 1-2 months.
How do I get a quote?
You can request a quote and a member of our sales team will reach out to you within one business day.
Can I purchase through my preferred partner?
Code42 is proud to work with many industry-leading resellers. Code42 Elite Partners include: CDW, DG Technologies, PCM, SHI, Softchoice and Optiv.
What's the expected ROI?
Based on Code42 customer interviews and subsequent financial analysis, Forrester Consulting estimates that a 2,000 employee company would experience a 230 percent return on investment (ROI) over three years.
Where are your offices located?
Code42 has corporate offices located in the U.S. and England. Our support teams are located in the U.S. and England.
CrowdStrike and Code42 vs. External and Insider Threats
MacDonald-Miller protects 90 GB of sensitive data from high profile departing employee
Shape Technologies Group Protects acquisition data during M&A and workforce consolidations
Global Manufacturer reduces departing employee lawsuit by $9 million
Join more than 50,000 organizations using Code42 products
Get faster detection and response to data loss caused by Insider Risk.