Code42 Incydr detects data exposure movements from trusted corporate systems to unmonitored devices

Code42 announced that the Code42 Incydr product can automatically detect data exposure movement from trusted corporate systems to unmonitored devices, such as personal mobile phones, laptops and tablets. By identifying when a file moves to an unmonitored device, Incydr alerts security teams to blindspots, with the critical context – what type of information is being exposed, from where and similar historical events – necessary to take fast action. This new detection capability uses the Incydr Trust Model, which intelligently differentiates between sanctioned and unsanctioned activity.

Today, 91% of information security leaders are likely to exfiltrate data from corporate systems via mobile phones. Urgency is growing to gain visibility into this activity, with more than half (56%) of security leaders saying it is a moderate or top priority to determine whether employees may be exfiltrating data this way.

With the adoption of single-sign-on and cloud applications, employees are often able to sign into their corporate accounts from any device – including their personal laptops and phones. This means they have access to all types of valuable company data from their personal devices. Incydr provides visibility into these increasingly common exfiltration events.

“Trust is critical when it comes to managing risk. When insiders move company data to untrusted locations like their mobile device or their Google Drive account, they create risk for their organization,” said Joe Payne, Code42’s president and CEO. “Incydr gives security leaders the visibility to see that risk and take action to mitigate it.”

Incydr Trust Model

There are two core pillars of the Code42 Incydr Trust Model: Defined Trust and Inferred Trust.

  • Defined Trust: To define the corporate environment, security teams provide Incydr with a list of “trusted” domains and Slack workspaces. This ensures file movement to these trusted destinations is viewed as sanctioned corporate activity and will not generate alerts.
  • Inferred Trust: Incydr compares the activity it monitors on the endpoint with the activity it monitors inside corporate cloud systems. This innovative technology detects when files leave the boundary of trusted (monitored) locations and associates risk if a file upload or download does not reach a corporate device or cloud system. This automated comparison infers when a file has gone to an untrusted destination, such as a personal endpoint device, laptop or cloud account.

“We have taken a truly unique technology approach to solve the problem of trust,” said Rob Juncker, chief technology officer with Code42. “By correlating our visibility on trusted endpoints through our security agent and our visibility into cloud applications through our extensive API connections, we can determine when a file leaves one trusted location and does not land in another trusted location. No other vendor in security has the comprehensive view of data movement that Incydr affords.”


The Incydr Trust Model is currently available to all Incydr customers. Incydr’s ability to detect file downloads to unmonitored devices requires licensed data connectors for corporate systems and will be available beginning November.

Analysts see trust as a new frontier for cybersecurity

“The risks associated with authorized users simply doing their jobs has been around for as long as we have needed to share valuable information with colleagues, clients and collaborators. The difference now is that both the scale and scope of this kind of enterprise data movement makes the risk too big to simply ignore,” said Derek Brink, vice president and research fellow, Aberdeen Strategy & Research. “Defining and extending the trusted network, while also providing visibility into potentially risky data movements to unmonitored devices and locations, are key capabilities going forward for managing Insider Risk to an acceptable level.”

Don't miss