Code42 announced it is offering security analysts a new automated
workflow that speeds alert triage and "right-sizes" an appropriate
response based on the severity of Insider Risk events. The workflow is
available through an integration between Code42's Incydr data risk detection and response product and Slack collaboration
software, and is recommended for non-malicious Insider Risk events, the
most common cause of insider security events today. Now, security teams
from collaborative work environments can effectively manage Insider
Risk while staying within a commonly used productivity and communication
platform. View a video demo and blog about the Slack automated workflow.
Using
the automation, Incydr sends low severity and/or time sensitive alerts
to a private Slack channel for security analyst review. Alerts include
detailed context about the event, such as user information, exfiltration
vector detail, and the name and total count of all files transferred.
The alert in Slack allows security analysts to automatically generate a
direct message, which can be sent to the user to inquire about the
Insider Risk event. This speeds the time it takes to respond to a user's
activity and ensures security professionals are able to address
concerning behaviors in a collaborative way. Through a direct message in
Slack, security teams are able to understand intent, request
remediation, and educate on the appropriate action that should be taken
in the future - all within minutes. This ultimately creates a more
cohesive, trusting relationship between the security team and the rest
of the organization.
"There
is no one-size-fits-all response to Insider Risk. Security teams must
prioritize risk and take action depending on employee intent, past
behavior and incident impact, but they need an automated way to do it,"
said Joe Payne, president and CEO for Code42. "This automated workflow
using Slack delivers a streamlined experience for security teams and
improves how they engage with their organizations to build more
security-aware cultures. It really helps to shift the perception of
security from police to partner while automating alert response."
Workflow
automation is one of the four primary technical requirements or tactics
- along with case management, playbooks and security awareness training
- recommended for automating risk remediation in the Code42 Insider Risk Management (IRM) framework to
data protection. By taking an IRM approach, organizations can protect
their data from leaks caused by insiders while ensuring compliance with
data use policy, creating a more risk-aware culture and accelerating
security's time to value.
Code42
Incydr is the purpose-built product for Insider Risk Management. Incydr
surfaces the top indicators of Insider Risk and accelerates an
organization's ability to detect and respond to data exposure and
exfiltration events. Incydr is cloud-native and built to directly
address the gaps in conventional data security solutions. Organizations
looking for detailed security intelligence about on- and off-network
file movements can use Incydr to help identify and act on the greatest
risks to their data.