Incydr
Data loss prevention (DLP) software
Insider threat management (ITM) software
User and entity behavior analytics (UEBA) software
Data security software
User threat prevention software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Incydr and its alternatives fit your requirements.
Contact the product provider
Free Trial
Free version unavailable
Small
Medium
Large
- Healthcare and life sciences
- Information technology and software
- Real estate and property management
What is Incydr
Incydr is an insider risk and data exfiltration monitoring product that helps security teams detect and investigate risky user activity involving sensitive data. It focuses on tracking file movement and data transfers to endpoints and common destinations such as cloud storage, email, browsers, and removable media. Typical use cases include employee offboarding, protection of intellectual property, and investigation of anomalous data access or sharing. The product emphasizes rapid visibility into “who moved what data, where, and when” with workflows oriented to security operations and incident response.
Strong endpoint exfiltration visibility
Incydr captures detailed telemetry around file activity on endpoints, including copying, moving, renaming, and transfers to common exfiltration channels. This supports investigations that require file-level context rather than only policy violations. It is well-suited to scenarios where sensitive data leaves managed devices. The focus aligns with insider-risk programs that need evidence-grade activity trails.
Insider-risk focused workflows
The product is designed around insider threat use cases such as employee departure monitoring, suspicious data hoarding, and unusual sharing behavior. It provides investigation-oriented views that help analysts pivot from a user to the specific files and destinations involved. This can reduce time spent correlating endpoint events across multiple tools. The approach is more operationally aligned to insider investigations than broad, compliance-only DLP deployments.
Behavior and anomaly detection
Incydr applies behavioral analytics to highlight unusual patterns such as spikes in file activity or atypical destinations. This helps teams prioritize review beyond static rules and keyword matching. It can complement traditional DLP by surfacing risk that does not match predefined policies. The UEBA-style signals are particularly useful for early warning during offboarding or role changes.
Not a full-suite DLP
Organizations seeking comprehensive enterprise DLP across network, email gateways, and broad SaaS coverage may need additional tools. Incydr’s strength is endpoint-centric monitoring and insider-risk investigation rather than end-to-end policy enforcement everywhere data flows. Some compliance programs require centralized classification, extensive content inspection, and multi-channel blocking controls. Buyers should validate coverage for their specific data paths and control requirements.
Requires tuning and baselining
Behavior-based detections typically need time to establish normal activity patterns and to tune thresholds for different roles. Without tuning, teams may see noisy alerts for high-volume users such as developers, designers, or data analysts. Effective use often depends on clear insider-risk playbooks and stakeholder alignment with HR/legal. This can increase initial deployment and operational effort.
Endpoint deployment dependency
Value depends on deploying and maintaining endpoint coverage across the workforce, including remote and BYOD constraints. Gaps in agent deployment, device management, or OS support can reduce visibility into file movement. Organizations with significant unmanaged device usage may need compensating controls. Buyers should confirm supported platforms and operational requirements for endpoint rollout.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Incydr Professional | Contact Sales (no public pricing listed) | Monitors endpoints; 1 Exfiltration Detector for SaaS/cloud apps included; Exfiltration detection; Trusted Activity; Historical activity retention: 30 days; Forensic search; Exact match file access; Cases; Content Inspection (add-on); Incydr Flows (paid add-on); API (Base Access). |
| Incydr Enterprise | Custom pricing (Contact Sales) | Includes Professional capabilities plus extended event data retention and cases archival; Historical activity retention: 90 days; Enhanced API integrations and full API access; Content Inspection (add-on); Incydr Flows (paid add-on). |
| Incydr Gov | Custom options (Contact Sales) | FedRAMP-authorized SaaS for government use; Monitors endpoints; 1 Exfiltration Detector for SaaS/cloud apps included; Historical activity retention: 30 days; Content Inspection (add-on); Incydr Flows (not available for Gov per page). |
Seller details
Code42 Software, Inc.
Minneapolis, Minnesota, United States
2001
Private
https://www.code42.com/
https://x.com/code42
https://www.linkedin.com/company/code42/
