Mimecast Logo
M365 Threat Scan Get a Quote
    Cyber Resilience Insights
    All Topics
    Email and Collaboration Threat Protection
    Web Security
    Security Awareness Training
    Data Compliance and Governance
    Threat Intelligence
    Insider Risk Management & Data Protection

    How the Incydr PRISM System Prioritizes Data Risk for Maximum Protection

    by Aimee Simpson

    Key Points

    • This blog was originally posted on the Code42 website, but with the acquisition of Code42 by Mimecast, we are ensuring it is also available to visitors to the Mimecast website.

    A total of 79% of cybersecurity leaders feel their teams have a shortage of skilled workers, while insider-driven data incidents have risen by 28% from 2021 to today. 

    Current solutions aren’t helping. Traditional data loss prevention (DLP) relies on predefined policies and alert rules, covering only “known” risks. Events outside these rules become blind spots, forcing teams to react to unanticipated breaches.

    Modern solutions are more likely to focus on context focusing on single-context data, like file source, but can mis prioritize events by weighing a piece of context too heavily This results in non-critical alerts that overwhelming security teams.

    Enter PRISM, Mimecast Incydr’s innovative system designed to prioritize and address both known and unknown risks to data.  It removes unnecessary guesswork, allowing for faster investigation and resolution of critical alerts.

    Incydr’s unique approach to risk prioritization

    Incydr approaches risk to data differently. It detects unknown risks and makes them visible through its Proactive Risk Identification and Severity Model (PRISM). This system uses three-dimensional context to prioritize what’s important, enabling quicker responses to critical activities. Together, Incydr’s alert builder and PRISM system help address both known and unknown risks with confidence.

    How PRISM works

    PRISM prioritizes and remediates data risk using over 250 risk indicators across three dimensions:

    • Data context: Identifies the file’s source and sensitivity
    • User context: Related to the user’s behavior and attributes
    • Destination context: Covers how the file was moved and to what destination

    Events are scored on a scale from 0 to 10 using these indicators. Critical events score 9 or 10. PRISM aims to provide a manageable number of critical alerts with a median average of 1% of all alerts being critical, focusing on what truly matters and reducing the number of events needing deep investigation.

    Conclusion

    PRISM is key to Incydr’s ability to identify both known and unknown risks. Through its proactive, context-based scoring, PRISM enables swift and effective risk detection and remediation. Ready to enhance your data security strategy? Contact us to learn more and get started with Incydr today!

    21BLOG_1.jpg
    Up Next
    Insider Risk Management & Data Protection |
    Does ChatGPT Leak Data?

    Related Articles

    Insider Risk Management & Data Protection
    Prioritize Insider Threat Events by Tracking High Value Source File Information
    Insider Risk Management & Data Protection
    What Is Corporate Espionage? How to Detect and Prevent It
    Insider Risk Management & Data Protection
    What Are Some Potential Insider Threat Indicators?

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top