Watchlist functionality simplifies focus on data risk for distinct user groups and helps security teams promote security-aware cultures

Minneapolis, MN — June 8, 2022 — / / — Code42 Software, Inc., the Insider Risk Management leader, today announced it expanded the data risk detection capabilities in the Code42® Incydr™ product to give security teams visibility and context to situational Insider Risk events. Through its watchlist functionality, Incydr simplifies security teams’ ability to focus on data risk tied to distinct user groups that are most likely to put data at risk, such as departing employees, contractors, privileged users and new hires. Teams can also create custom watch lists for specific projects or departments or for users with common attributes.

“Since the launch of Incydr, we’ve been giving security teams visibility to insider risk events tied to departing employees, which continues to be a primary trigger for data exfiltration. We’ve learned that other clusters of employees, such as new hires, employees that have repeatedly neglected security protocols, or teams working on confidential projects, exhibit similar patterns of risky data movement – whether unintentional or malicious. Security teams can now closely monitor the data movement and exposure of these groups to apply tailored responses that will reduce data risk,” said Dave Capuano, senior vice president of product management at Code42. “The context provided through watchlists helps security teams respond more quickly and accurately to insider risk events and drive targeted training to improve collaboration habits that decrease future data risk.”

An Insider Risk Management (IRM) technology, Incydr helps security teams understand their company’s data exposure, prioritize events that matter, and respond with confidence. With Incydr’s watchlist functionality, security analysts can create user groups with common attributes from data that Incydr ingests, and automate investigation and response management workflows.

Security teams using Incydr watchlists can programmatically:

  • Focus and streamline management workflows – Drive more efficient prioritization and investigation workflows by providing administrators with focused dashboard visualizations and alerts.
  • Closely monitor high-risk users – Organize users of similar risk level into watchlist groups based on their employment milestones, attributes and other risk factors.
  • Automate processes and reduce error – Automatically enhance monitoring by adding users to Incydr’s watchlists based on triggers from integrations with IAM, PAM or HRIS systems.
  • Easily customize alert criteria – Create alert rules that are unique to user groups on specific watchlists. Send prioritized alerts to preferred systems, such as SIEM, ITSM or Slack.

As part of Incydr, Code42 offers a variety of pre-configured as well as custom watchlists to better manage insider risk events stemming from high-value and high-risk users. Security teams can group users by:

  • Custom watchlist – Tailor a group by custom parameters, such as by department or project, like confidential organizational or financial transactions or product development initiatives. Security teams can automatically populate or exclude users to a watchlist based on their directory groups.
  • New hire watchlist – Segment file activity when employees first join an organization and may unintentionally put data at risk, and respond in a way that educates employees about their new work environment and promotes a more security-aware culture long term.
  • Departing watchlist – Gain visibility into one of the biggest sources of data loss in an organization – one in three organizations lose IP when employees depart. Integrations with IAM, PAM or HRIS systems automate workflows to make it easier and more efficient to stop data loss, leak and theft.
  • Contractors watchlist – Segment independent contractors, vendor partners and consultants with authorized access to company data that may be using personal devices and apps, are not bought into an organization’s security culture and are likely to take subsequent jobs with competitors.
  • Privileged users watchlist – Assign users with elevated system, app and network access to a common group for focused visibility to their file movements.

The watchlist functionality is currently available through a Code42 Incydr subscription. Organizations attending RSA Conference 2022 and Gartner Security & Risk Management Summit 2022 can see watchlists in action during live Incydr demos at the Code42 booths.

Learn More About Code42 Incydr
The Code42 Incydr product allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Incydr is purpose-built to help security teams effectively manage the dynamic nature of Insider Risk – that includes prioritizing and responding appropriately to the risks that matter the most. Incydr surfaces the top indicators of Insider Risk and gathers detailed security intelligence about on- and off-network file movements.

Additional Code42 Resources

  • Learn how to manage your highest risk user groups with watchlists —
  • Read the blog, “Using Incydr™ to Stop Data Leak Caused by New Employees” —
  • Take a spin through a free video demo of Incydr —

About Code42
Code42 is the Insider Risk Management leader. Native to the cloud, the Code42 Incydr solution rapidly detects data loss, leak and theft as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. The Code42 Instructor solution helps enterprises drive secure work habits by incorporating timely, hyper-relevant Insider Risk awareness training videos to reduce risk events due to accidental and negligent end-user behaviors.

With Code42, security professionals can protect corporate data and reduce insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, the Code42 Incydr solution is FedRAMP authorized and can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

Innovative organizations, including the fastest-growing security companies, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and is backed by Accel Partners, JMI Equity, NewView Capital and Split Rock Partners. Code42 was recognized by Inc. magazine as one of America’s best workplaces in 2020 and 2021. For more information, visit or join the conversation on our blog, LinkedIn, Twitter and YouTube.

Company Contact:
Kristin McKenzie
Public Relations Principal, Code42

Source: Code42



Tags: , ,