Data risk detection and response to insider threat
Detect data exfiltration across computers, cloud and email, and proactively protect data when it’s more likely to be put at risk, such as when employees are working off-network or using sanctioned or unsanctioned cloud apps to collaborate.
Configure Code42 Incydr’s file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards to programmatically monitor exfiltration events such as cloud sync activity, web browser uploads, file sharing and removable media exposure by user.
Efficiently correlate and disseminate risky events and pertinent investigation details to make fast and informed decisions about how to respond.
Code42 Incydr detects when data is put at risk by observing all the employee file activity that takes place on computers and within corporate cloud and email services. Direct integrations with corporate cloud services detect public or untrusted file sharing while integrations with email services detect when file attachments are sent to untrusted recipients.
An agent continuously monitors all file activity on Mac, Windows and Linux computers. It logs all file movement, creation, modification and deletion events that take place within a watched path or using a monitored application. This includes activities like uploading files to web browsers, web apps like Slack, syncing files to personal cloud apps, printing files, and transferring files to removable media devices.
Code42 Incydr’s integration with Sumo Logic allows security teams to monitor file movement and sharing across computers, cloud and email providing an accurate picture of insider threat vulnerabilities. Teams can configure Incydr’s file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards within Sumo Logic to easily visualize:
There’s no one-size-fits-all to insider threat response. Response actions should vary based on corporate and customer impact, employee history and intent. Armed with the facts, Incydr’s integration with Sumo Logic allows security teams to take a right-sized response – whether that be automated action, corrective conversation, additional training or even legal action.
