Code42 Expedites Insider Risk Response Using Automated Slack Workflows

Security teams can now receive Incydr alerts and generate outreach templates directly through Slack, accelerating triage and response to Insider Risk Indicators

MINNEAPOLIS — Apr. 2, 2021 –  Code42, the Insider Risk Management leader, today announced it is offering security analysts a new automated workflow that speeds alert triage and “right-sizes” an appropriate response based on the severity of Insider Risk events. The workflow is available through an integration between Code42’s IncydrTM data risk detection and response product and Slack® collaboration software, and is recommended for non-malicious Insider Risk events, the most common cause of insider security events today. Now, security teams from collaborative work environments can effectively manage Insider Risk while staying within a commonly used productivity and communication platform. View a video demo and blog about the Slack automated workflow.
Using the automation, Incydr sends low severity and/or time sensitive alerts to a private Slack channel for security analyst review. Alerts include detailed context about the event, such as user information, exfiltration vector detail, and the name and total count of all files transferred. The alert in Slack allows security analysts to automatically generate a direct message, which can be sent to the user to inquire about the Insider Risk event. This speeds the time it takes to respond to a user’s activity and ensures security professionals are able to address concerning behaviors in a collaborative way. Through a direct message in Slack, security teams are able to understand intent, request remediation, and educate on the appropriate action that should be taken in the future – all within minutes. This ultimately creates a more cohesive, trusting relationship between the security team and the rest of the organization.

“There is no one-size-fits-all response to Insider Risk. Security teams must prioritize risk and take action depending on employee intent, past behavior and incident impact, but they need an automated way to do it,” said Joe Payne, president and CEO for Code42. “This automated workflow using Slack delivers a streamlined experience for security teams and improves how they engage with their organizations to build more security-aware cultures. It really helps to shift the perception of security from police to partner while automating alert response.”

Workflow automation is one of the four primary technical requirements or tactics – along with case management, playbooks and security awareness training – recommended for automating risk remediation in the Code42 Insider Risk Management (IRM) framework to data protection. By taking an IRM approach, organizations can protect their data from leaks caused by insiders while ensuring compliance with data use policy, creating a more risk-aware culture and accelerating security’s time to value.

Code42 Incydr is the purpose-built product for Insider Risk Management. Incydr surfaces the top indicators of Insider Risk and accelerates an organization’s ability to detect and respond to data exposure and exfiltration events. Incydr is cloud-native and built to directly address the gaps in conventional data security solutions. Organizations looking for detailed security intelligence about on- and off-network file movements can use Incydr to help identify and act on the greatest risks to their data.

Additional Code42 Resources

About Code42
Code42 is the Insider Risk Management leader. Native to the cloud, the Code42 Incydr solution rapidly detects data loss, leak and theft as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data and reduce insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s Insider Risk solution is FedRAMP authorized and can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

More than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and is backed by Accel Partners, JMI Equity, NewView Capital and Split Rock Partners. Code42 was recognized by Inc. magazine as one of America’s best workplaces in 2020. For more information, visit

©  2021 Code42 Software, Inc. All rights reserved. Code42, the Code42 logo and Incydr are registered trademarks or trademarks of Code42 Software, Inc. in the United States and/or other countries. All other marks are properties of their respective owners.