‘Right-Sized’ Approach Streamlines Incident Response for Scalable Insider Risk Management

Minneapolis, MN — Sep 2, 2021 — /BackupReview.info/ — Code42, the Insider Risk Management leader, today announced Incydr Flows, a series of actions that are automated and triggered by the Code42® Incydr™ product to effectively respond to different types of insider risk events. Incydr Flows are designed to monitor, contain, educate or resolve events and can be tailored by severity, context and priority level for a “right-sized” response to the wide variety of insider risk events organizations face. Fully integrated into the Code42 Incydr product, Flows are automated to accelerate insider risk response and reduce the workloads of often overburdened security teams. At a time when employees average 13 data exposure events per user per day, security teams require scalable solutions that balance reducing insider risk with the business need for collaboration.

Taking a “right-sized” response approach to insider risk, Incydr Flows focus on monitoring, containment, resolution and/or education of employees and can be customized to an organization’s unique risk tolerance levels. This approach is in stark contrast to conventional data protection tools that focus exclusively on blocking employee productivity and collaboration regardless of the context behind the data exposure event.

“When it comes to Insider Risk Management, there is no one-size-fits-all response. The severity of the risk should dictate the type of response or control,” said Matheo Lord-Martinez, security engineer for Okta. “This approach to ‘right-sized response’ is not a widely-used strategy today, but it should be. Incydr Flows is a critical piece of our Zero Trust strategy and we look forward to continuing to work with the Code42 team.”

Automation and clear context about insider risk events can reduce security analysts’ alert fatigue, eliminate manual, repetitive or error-prone tasks, and streamline processes that rely on disparate systems and multiple teams. In addition, by responding to accidental and negligent insider risk events with a focus on education, security teams can begin to cultivate a culture rooted in security and risk awareness.

Respond Accordingly: Implementing Incydr Flows for Improved Insider Risk Management
Incydr Flows – a series of no-code automated actions – trigger a variety of controls that are either native to Incydr or available through third-party integrations to monitor, contain, resolve and use education to mitigate insider risk. The Incydr Flows integrations connect the Code42 Incydr product to Identity Access Management (IAM), Privileged Access Management (PAM), Endpoint Detection and Response (EDR), Human Capital Management (HCM), IT Service Management (ITSM) systems and other platforms.

  • Incydr Context Flows ingest user attributes – such as if an employee is departing, is a contractor, or has access to high-value data – in order to automatically enable enhanced user monitoring and alerts rules.
  • Incydr Response Flows leverage a library of over 60 Insider Risk Indicators (IRIs) to trigger outbound-response controls, and include actions like:
    – Contain: Remove user access to an application via IAM and PAM platforms.
    – Resolve: Open an investigation case in Incydr and generate a ticket in ITSM systems.
    – Educate: Send the user an email or Slack message, with educational content or add them to an Insider Risk lesson plan.

First Privileged Access Management Integration
One of the newest Incydr Flows is with CyberArk, a global leader in Identity Security. The Incydr + CyberArk Flow marks Code42’s first Privileged Access Management (PAM) integration. Through this Incydr Flow, users with privileged access can have their permissions automatically revoked on a temporary basis or their accounts disabled altogether if a critical data exfiltration event is detected.

“Incydr Flows allow security teams to respond appropriately to employees who create Insider Risk events. Just over half of security leaders receive daily or weekly complaints about mistakenly blocking legitimate employee file activity. Overbearing security response actions like this are out of touch with the fast-paced, collaborative and remote way we work today where employees need to be able to freely share and move files to get their jobs done,” said Joe Payne, Code42 president and CEO. “Simply put, Incydr Flows make security analysts’ jobs easier, particularly at large organizations where alert fatigue is truly challenging. Our automation filters out the noise to more effectively contain, control and address response actions to insider risk events needed with larger enterprises today.”

Learn More About Code42 Incydr
The Code42 Incydr product allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Incydr is purpose-built to help security teams effectively manage the dynamic nature of Insider Risk – that includes prioritizing and responding appropriately to the risks that matter the most. It surfaces the top indicators of Insider Risk and gathers detailed security intelligence about on- and off-network file movements.

Additional Resources

  • Take a spin through an interactive demo of Incydr in our free sandbox environment.
  • Gather deeper background information on Incydr Flows.
  • Learn more about insider risk event response in the whitepaper, Incydr Controls for Right-Sized Response.
  • Read our book, Inside Jobs: Why Insider Risk is the Biggest Cyber Threat you can’t Ignore.

About Code42
Code42 is the leader in insider risk detection and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider risk solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

More than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity and Split Rock Partners. Code42 was recognized by Inc. magazine as one of America’s best workplaces in 2020. For more information, visit code42.com

© 2021 Code42 Software, Inc. All rights reserved. Code42, the Code42 logo and Incydr are registered trademarks or trademarks of Code42 Software, Inc. in the United States and/or other countries. All other marks are properties of their respective owners.

Company Contact:
Kristin McKenzie
Public Relations Principal, Code42

Source: Code42




Tags: , ,