Code42 Incydr Flows accelerates incident response for insider risk events

Code42 announced Incydr Flows, a series of actions that are automated and triggered by the Code42 Incydr product to effectively respond to different types of insider risk events.

Code42 Incydr Flows

Incydr Flows are designed to monitor, contain, educate or resolve events and can be tailored by severity, context and priority level for a “right-sized” response to the wide variety of insider risk events organizations face.

Fully integrated into the Code42 Incydr product, Flows are automated to accelerate insider risk response and reduce the workloads of often overburdened security teams. At a time when employees average 13 data exposure events per user per day, security teams require scalable solutions that balance reducing insider risk with the business need for collaboration.

Taking a “right-sized” response approach to insider risk, Incydr Flows focus on monitoring, containment, resolution and/or education of employees and can be customized to an organization’s unique risk tolerance levels. This approach is in stark contrast to conventional data protection tools that focus exclusively on blocking employee productivity and collaboration regardless of the context behind the data exposure event.

“When it comes to Insider Risk Management, there is no one size-fits-all response. The severity of the risk should dictate the type of response or control,” said Matheo Lord-Martinez, security engineer for Okta. “This approach to ‘right-sized response’ is not a widely-used strategy today, but it should be. Incydr Flows is a critical piece of our Zero Trust strategy and we look forward to continuing to work with the Code42 team.”

Automation and clear context about insider risk events can reduce security analysts’ alert fatigue, eliminate manual, repetitive or error prone tasks, and streamline processes that rely on disparate systems and multiple teams. In addition, by responding to accidental and negligent insider risk events with a focus on education, security teams can begin to cultivate a culture rooted in security and risk awareness.

Respond accordingly: Implementing Incydr Flows for improved insider risk management

Incydr Flows – a series of no-code automated actions – trigger a variety of controls that are either native to Incydr or available through third-party integrations to monitor, contain, resolve and use education to mitigate insider risk. The Incydr Flows integrations connect the Code42 Incydr product to Identity Access Management (IAM), Privileged Access Management (PAM), Endpoint Detection and Response (EDR), Human Capital Management (HCM), IT Service Management (ITSM) systems and other platforms.

  • Incydr Context Flows ingest user attributes – such as if an employee is departing, is a contractor, or has access to high-value data – in order to automatically enable enhanced user monitoring and alerts rules.
  • Incydr Response Flows leverage a library of over 60 Insider Risk Indicators (IRIs) to trigger outbound-response controls, and include actions like:
    • Contain: Remove user access to an application via IAM and PAM platforms.
    • Resolve: Open an investigation case in Incydr and generate a ticket in ITSM systems.
    • Educate: Send the user an email or Slack message, with educational content or add them to an Insider Risk lesson plan.

First privileged access management integration

One of the newest Incydr Flows is with CyberArk, a global leader in Identity Security. The Incydr + CyberArk Flow marks Code42’s first Privileged Access Management (PAM) integration. Through this Incydr Flow, users with privileged access can have their permissions automatically revoked on a temporary basis or their accounts disabled altogether if a critical data exfiltration event is detected.

“Incydr Flows allow security teams to respond appropriately to employees who create Insider Risk events. Just over half of security leaders receive daily or weekly complaints about mistakenly blocking legitimate employee file activity. Overbearing security response actions like this are out of touch with the fast paced, collaborative and remote way we work today where employees need to be able to freely share and move files to get their jobs done,” said Joe Payne, Code42 president and CEO. “Simply put, Incydr Flows make security analysts’ jobs easier, particularly at large organizations where alert fatigue is truly challenging. Our automation filters out the noise to more effectively contain, control and address response actions to insider risk events needed with larger enterprises today.”

More about

Don't miss