CDSA

Code42 Incydr Now Detects Risky Data Movement to Unmonitored Devices – Like Personal Phones, Laptops

By identifying when a file moves to an unmonitored device, Incydr alerts security teams to blindspots, with the critical context – what type of information is being exposed, from where and similar historical events – necessary to take fast action. This new detection capability uses the Incydr Trust Model, which intelligently differentiates between sanctioned and unsanctioned activity.

Today, 91% of information security leaders are likely to exfiltrate data from corporate systems via mobile phones. Urgency is growing to gain visibility into this activity, with more than half (56%) of security leaders saying it is a moderate or top priority to determine whether employees may be exfiltrating data this way. With the adoption of single-sign-on and cloud applications, employees are often able to sign into their corporate accounts from any device – including their personal laptops and phones. This means they have access to all types of valuable company data from their personal devices. Incydr provides visibility into these increasingly common exfiltration events.

“Trust is critical when it comes to managing risk. When insiders move company data to untrusted locations like their mobile device or their Google Drive account, they create risk for their organization,” said Joe Payne, Code42’s president and CEO. “Incydr gives security leaders the visibility to see that risk and take action to mitigate it.”

There are two core pillars of the Code42 Incydr Trust Model: Defined Trust and Inferred Trust.

–Defined Trust: To define the corporate environment, security teams provide Incydr with a list of “trusted” domains and Slack workspaces. This ensures file movement to these trusted destinations is viewed as sanctioned corporate activity and will not generate alerts.
–Inferred Trust: Incydr compares the activity it monitors on the endpoint with the activity it monitors inside corporate cloud systems. This innovative technology detects when files leave the boundary of trusted (monitored) locations and associates risk if a file upload or download does not reach a corporate device or cloud system. This automated comparison infers when a file has gone to an untrusted destination, such as a personal endpoint device, laptop or cloud account.

“We have taken a truly unique technology approach to solve the problem of trust,” said Rob Juncker, chief technology officer with Code42. “By correlating our visibility on trusted endpoints through our security agent and our visibility into cloud applications through our extensive API connections, we can determine when a file leaves one trusted location and does not land in another trusted location. No other vendor in security has the comprehensive view of data movement that Incydr affords.”