Case Study: CrowdStrike accelerates detection and response to insider and external threats with Mimecast Incydr

CrowdStrike and Incydr vs. External Threat and Insider Risk

CrowdStrike, a cloud-based endpoint and workload protection leader, faced the dual challenge of defending against external threats like malware while also detecting and responding to Insider Risk—including employees misusing or exfiltrating company IP. Security teams needed reliable, verifiable context to distinguish malicious activity from benign misuse and to act quickly when employees departed or triggered risky behaviors.

By combining CrowdStrike Falcon’s high-fidelity endpoint alerts with Incydr’s file-level visibility and historical activity, teams get alerts plus proof: Falcon flags suspicious events and Incydr shows the exact files and download history. That workflow—illustrated when a torrent alert was quickly resolved as movie downloads—has sped investigations, reduced false positives, enabled targeted actions (e.g., monitoring departing employees, blocking USBs), and delivered faster, more confident responses to both external and insider threats.

CrowdStrike

Tim Briggs

Director of Incident