Code42 Software, Inc. announced it expanded the data risk detection capabilities in the Code42 Incydr product to give security teams visibility and context to situational Insider Risk events. Through its watchlist functionality,
Incydr simplifies security teams' ability to focus on data risk tied to
distinct user groups that are most likely to put data at risk, such as
departing employees, contractors, privileged users and new hires. Teams
can also create custom watch lists for specific projects or departments
or for users with common attributes.
"Since
the launch of Incydr, we've been giving security teams visibility to
insider risk events tied to departing employees, which continues to be a
primary trigger for data exfiltration. We've learned that other
clusters of employees, such as new hires, employees that have repeatedly
neglected security protocols, or teams working on confidential
projects, exhibit similar patterns of risky data movement - whether
unintentional or malicious. Security teams can now closely monitor the
data movement and exposure of these groups to apply tailored responses
that will reduce data risk," said Dave Capuano, senior vice president of
product management at Code42. "The context provided through watchlists
helps security teams respond more quickly and accurately to insider risk
events and drive targeted training to improve collaboration habits that
decrease future data risk."
An
Insider Risk Management (IRM) technology, Incydr helps security teams
understand their company's data exposure, prioritize events that matter,
and respond with confidence. With Incydr's watchlist functionality,
security analysts can create user groups with common attributes from
data that Incydr ingests, and automate investigation and response
management workflows. Security teams using Incydr watchlists can
programmatically:
- Focus
and streamline management workflows - Drive more efficient
prioritization and investigation workflows by providing administrators
with focused dashboard visualizations and alerts.
- Closely
monitor high-risk users - Organize users of similar risk level into
watchlist groups based on their employment milestones, attributes and
other risk factors.
- Automate
processes and reduce error - Automatically enhance monitoring by adding
users to Incydr's watchlists based on triggers from integrations with
IAM, PAM or HRIS systems.
- Easily
customize alert criteria - Create alert rules that are unique to user
groups on specific watchlists. Send prioritized alerts to preferred
systems, such as SIEM, ITSM or Slack.
As
part of Incydr, Code42 offers a variety of pre-configured as well as
custom watchlists to better manage insider risk events stemming from
high-value and high-risk users. Security teams can group users by:
- Custom
watchlist - Tailor a group by custom parameters, such as by department
or project, like confidential organizational or financial transactions
or product development initiatives. Security teams can automatically
populate or exclude users to a watchlist based on their directory
groups.
- New
hire watchlist - Segment file activity when employees first join an
organization and may unintentionally put data at risk, and respond in a
way that educates employees about their new work environment and
promotes a more security-aware culture long term.
- Departing
watchlist - Gain visibility into one of the biggest sources of data
loss in an organization - one in three organizations lose IP when
employees depart. Integrations with IAM, PAM or HRIS systems automate
workflows to make it easier and more efficient to stop data loss, leak
and theft.
- Contractors
watchlist - Segment independent contractors, vendor partners and
consultants with authorized access to company data that may be using
personal devices and apps, are not bought into an organization's
security culture and are likely to take subsequent jobs with
competitors.
- Privileged
users watchlist - Assign users with elevated system, app and network
access to a common group for focused visibility to their file movements.