Data Exfiltration

Learn about common data exfiltration challenges and how IncydrTM helps solve them

Start my free trial

Data exfiltration is common during employee departure


of employees admit to taking company data to a new job.

(Code42 Data Exposure Report 2019)


of security leaders believe prevention solutions are not enough to stop insider threat.

(Code42 Data Exposure Report 2019)


of organizations breached by insider threat had a DLP solution in place.

(Code42 Data Exposure Report 2019)

Downfalls of traditional approaches

Focusing on employee intent leaves data vulnerable
It is common for security teams to view Insider Risk as a rare or malicious problem and thus not assign it many resources. Insider Risk is more pervasive than the malicious actor problem, it occurs any time an authorized user puts data at risk--regardless of intent. A narrow definition of Insider Risk leaves sensitive files unprotected from everyday user mistakes.

Siloed visibility into corporate systems
Security teams who rely on built-in data security controls from vendors such as Microsoft, Google and Box lack a comprehensive understanding of Insider Risk in their environment. Additionally, security teams must duplicate their policy and management efforts across all systems in their environment.

Limited protection of IP and other high-value files
Products like endpoint Data Loss Prevention (DLP) only monitor activities that violate a policy. This leads to blind spots unless policies are perfectly written, implemented and maintained. Often, policies are only created to protect compliance data. This leaves many business files, like customer lists, financial reports, product roadmaps and marketing strategies, vulnerable to Insider Risk.

Difficult deployment and management
Products with long deployment times, such as DLP and Cloud Access Security Broker (CASB) delay effective data protection by taking organizations months if not years to fully implement. Coupled with this, products that significantly impact device performance or have a high per-user cost are often only deployed in pockets of the organization. This limits security visibility into data risk.

Incydr Solution

Incydr is a SaaS data risk detection and response product. It enables organizations to detect and respond to data exfiltration from computers as well as corporate cloud and email services.

An agent continuously monitors all file activity on corporate Mac, Windows and Linux computers to detect exfiltration via web, apps and removable media. Direct integrations to corporate cloud services like Google Drive and OneDrive detect when employees use the service to share files from computers and phones. Integrations with corporate email services such as Microsoft Office 365 and Gmail detect when file attachments are sent to untrusted recipients.

Show me how it works

Using Incydr to detect and respond to data exfiltration

Detect data exfiltration activity
See high-risk activity including browser uploads, email attachments, and file transfers to USB, Slack, Dropbox and iCloud.

Investigate Insider Risk events
Identify the employees most likely to put data at risk and get a prioritized list of employees whose recent file activity requires investigation.

Quickly take action
Automate remediation with SOAR, inform security awareness training strategies and substantiate insider threat litigation.

You might also like: