Code42 announced it is offering security analysts a new automated workflow that speeds alert triage and “right-sizes” an appropriate response based on the severity of Insider Risk events. The workflow is available through an integration between Code42’s Incydr data risk detection and response product and Slack collaboration software, and is recommended for non-malicious Insider Risk events, the most common cause of insider security events today. Now, security teams from collaborative work environments can effectively manage Insider Risk while staying within a commonly used productivity and communication platform. View a video demo and blog about the Slack automated workflow.
Using the automation, Incydr sends low severity and/or time sensitive alerts to a private Slack channel for security analyst review. Alerts include detailed context about the event, such as user information, exfiltration vector detail, and the name and total count of all files transferred. The alert in Slack allows security analysts to automatically generate a direct message, which can be sent to the user to inquire about the Insider Risk event. This speeds the time it takes to respond to a user’s activity and ensures security professionals are able to address concerning behaviors in a collaborative way. Through a direct message in Slack, security teams are able to understand intent, request remediation, and educate on the appropriate action that should be taken in the future – all within minutes. This ultimately creates a more cohesive, trusting relationship between the security team and the rest of the organization.
“There is no one-size-fits-all response to Insider Risk. Security teams must prioritize risk and take action depending on employee intent, past behavior and incident impact, but they need an automated way to do it,” said Joe Payne, president and CEO for Code42. “This automated workflow using Slack delivers a streamlined experience for security teams and improves how they engage with their organizations to build more security-aware cultures. It really helps to shift the perception of security from police to partner while automating alert response.”
Workflow automation is one of the four primary technical requirements or tactics – along with case management, playbooks and security awareness training – recommended for automating risk remediation in the Code42 Insider Risk Management (IRM) framework to data protection. By taking an IRM approach, organizations can protect their data from leaks caused by insiders while ensuring compliance with data use policy, creating a more risk-aware culture and accelerating security’s time to value.
Code42 Incydr is the purpose-built product for Insider Risk Management. Incydr surfaces the top indicators of Insider Risk and accelerates an organization’s ability to detect and respond to data exposure and exfiltration events. Incydr is cloud-native and built to directly address the gaps in conventional data security solutions. Organizations looking for detailed security intelligence about on- and off-network file movements can use Incydr to help identify and act on the greatest risks to their data.