Correlate threat detection and respond faster
Detect and mitigate insider risk
Detect data exfiltration across computers, cloud and email, and proactively protect data when it’s more likely to be put at risk, such as when employees are working off-network or using sanctioned or unsanctioned cloud apps to collaborate.
Continuously monitor data without alert fatigue
Configure Code42 Incydr’s file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards to programmatically monitor exfiltration events such as cloud sync activity, web browser uploads, file sharing and removable media exposure by user.
Correlate insider risk insights for faster response
Efficiently correlate and disseminate risky events and pertinent investigation details to make fast and informed decisions about how to respond.
How Code42 Incydr Works
Code42 Incydr detects when data is put at risk by observing all the employee file activity that takes place on computers and within corporate cloud and email services. Direct integrations with corporate cloud services detect public or untrusted file sharing while integrations with email services detect when file attachments are sent to untrusted recipients.
An agent continuously monitors all file activity on Mac, Windows and Linux computers. It logs all file movement, creation, modification and deletion events that take place within a watched path or using a monitored application. This includes activities like uploading files to web browsers, web apps like Slack, syncing files to personal cloud apps, printing files, and transferring files to removable media devices.
Data risk detection and response for insider threat
Code42 Incydr’s integration with Sumo Logic allows security teams to monitor file movement and sharing across computers, cloud and email providing an accurate picture of insider threat vulnerabilities. Teams can configure Incydr’s file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards within Sumo Logic to easily visualize:
- Cloud and endpoint data exposure events
- Removable media exposure by user
- Exposure by filename
- Top files exposed
- Top endpoint and cloud users by exposure type
- Exposure events by location
Correlate actionable insider risk insights for faster response
There’s no one-size-fits-all to insider threat response. Response actions should vary based on corporate and customer impact, employee history and intent. Armed with the facts, Incydr’s integration with Sumo Logic allows security teams to take a right-sized response – whether that be automated action, corrective conversation, additional training or even legal action.
