Code42 Incydr App for Sumo Logic

Code42 Incydr detects when data is put at risk by observing all the employee file activity that takes place on computers and within corporate cloud and email services. Direct integrations with corporate cloud services detect public or untrusted file sharing while integrations with email services detect when file attachments are sent to untrusted recipients.

An agent continuously monitors all file activity on Mac, Windows and Linux computers. It logs all file movement, creation, modification and deletion events that take place within a watched path or using a monitored application. This includes activities like uploading files to web browsers, web apps like Slack, syncing files to personal cloud apps, printing files, and transferring files to removable media devices.

Code42 Incydr’s integration with Sumo Logic allows security teams to monitor file movement and sharing across computers, cloud and email providing an accurate picture of insider threat vulnerabilities. Teams can configure Incydr’s file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards within Sumo Logic to easily visualize:

• Cloud and endpoint data exposure events
• Removable media exposure by user
• Exposure by filename
• Top files exposed
• Top endpoint and cloud users by exposure type
• Exposure events by location

There’s no one-size-fits-all to insider threat response. Response actions should vary based on corporate and customer impact, employee history and intent. Armed with the facts, Incydr’s integration with Sumo Logic allows security teams to take a right-sized response – whether that be automated action, corrective conversation, additional training or even legal action.