Code42 adds watchlists functionality to its Incydr product to help teams manage insider risk events

At RSA Conference 2022, Code42 announced it expanded the data risk detection capabilities in the Code42 Incydr product to give security teams visibility and context to situational Insider Risk events.

a. Navigation pane / b. Actions / c. List of users

Through its watchlist functionality, Incydr simplifies security teams’ ability to focus on data risk tied to distinct user groups that are most likely to put data at risk, such as departing employees, contractors, privileged users and new hires. Teams can also create custom watch lists for specific projects or departments or for users with common attributes.

“Since the launch of Incydr, we’ve been giving security teams visibility to insider risk events tied to departing employees, which continues to be a primary trigger for data exfiltration. We’ve learned that other clusters of employees, such as new hires, employees that have repeatedly neglected security protocols, or teams working on confidential projects, exhibit similar patterns of risky data movement – whether unintentional or malicious. Security teams can now closely monitor the data movement and exposure of these groups to apply tailored responses that will reduce data risk,” said Dave Capuano, senior vice president of product management at Code42. “The context provided through watchlists helps security teams respond more quickly and accurately to insider risk events and drive targeted training to improve collaboration habits that decrease future data risk.”

An Insider Risk Management (IRM) technology, Incydr helps security teams understand their company’s data exposure, prioritize events that matter, and respond with confidence. With Incydr’s watchlist functionality, security analysts can create user groups with common attributes from data that Incydr ingests, and automate investigation and response management workflows. Security teams using Incydr watchlists can programmatically:

• Focus and streamline management workflows – Drive more efficient prioritization and investigation workflows by providing administrators with focused dashboard visualizations and alerts.
• Closely monitor high-risk users – Organize users of similar risk level into watchlist groups based on their employment milestones, attributes and other risk factors.
• Automate processes and reduce error – Automatically enhance monitoring by adding users to Incydr’s watchlists based on triggers from integrations with IAM, PAM or HRIS systems.
• Easily customize alert criteria – Create alert rules that are unique to user groups on specific watchlists. Send prioritized alerts to preferred systems, such as SIEM, ITSM or Slack.

As part of Incydr, Code42 offers a variety of pre-configured as well as custom watchlists to better manage insider risk events stemming from high-value and high-risk users. Security teams can group users by:

• Custom watchlist – Tailor a group by custom parameters, such as by department or project, like confidential organizational or financial transactions or product development initiatives. Security teams can automatically populate or exclude users to a watchlist based on their directory groups.
• New hire watchlist – Segment file activity when employees first join an organization and may unintentionally put data at risk, and respond in a way that educates employees about their new work environment and promotes a more security-aware culture long term.
• Departing watchlist – Gain visibility into one of the biggest sources of data loss in an organization – one in three organizations lose IP when employees depart. Integrations with IAM, PAM or HRIS systems automate workflows to make it easier and more efficient to stop data loss, leak and theft.
• Contractors watchlist – Segment independent contractors, vendor partners and consultants with authorized access to company data that may be using personal devices and apps, are not bought into an organization’s security culture and are likely to take subsequent jobs with competitors.
• Privileged users watchlist – Assign users with elevated system, app and network access to a common group for focused visibility to their file movements.

The watchlist functionality is currently available through a Code42 Incydr subscription.