Code42 – The Family Office Stack

Overview

Code42 was acquired by Mimecast and its core product, Incydr, now operates as Mimecast’s insider risk management offering. The platform addresses a specific operational problem: employees, particularly those departing an organization, routinely move sensitive files to personal cloud storage, USB drives, or unsanctioned AI tools, and most security stacks have no reliable way to detect it. Incydr monitors all file movement across work channels without requiring pre-built policies, surfacing risk from day one rather than after weeks of configuration.

For a family office COO or IT lead evaluating whether this belongs in the security stack, the relevant capabilities include:

AI-driven detection that analyzes billions of signals to prioritize exfiltration events involving PII, PCI, and proprietary data
Monitoring of shadow AI tool usage, including detection of files uploaded to unsanctioned generative AI platforms
Adaptive controls that can block actions, deliver targeted user education, or temporarily allow flagged behavior depending on context
Integration with CrowdStrike, Palo Alto Cortex XSOAR, CyberArk, and 30-plus additional tools for coordinated incident response
A Human Risk Command Center that maps incidents across communication channels into a single risk view

The platform claims investigation time for high-risk incidents drops by 50 percent compared to traditional DLP and CASB approaches, and deployment requires less than four hours of weekly admin time once live. That profile suits a lean security function, which is typical of a family office environment. Pricing is not disclosed publicly, and the product is marketed primarily at mid-to-large enterprises rather than small family offices. Firms without a dedicated security function or incident response workflow may find the platform more capable than their operating model requires.

"Incydr stood out for how quickly it could be implemented and see value within the month."

Code42

Product & Capabilities

Main Tasks

Detect and investigate insider data exfiltration across file, email, cloud, and USB channels Monitor and block uploads to unsanctioned AI tools Prioritize high-risk users such as departing employees or those with unusual behavior Automate incident response workflows through integrations with EDR, IAM, and SOAR platforms Deliver targeted security education to at-risk users in real time Provide file-level visibility into PII, PCI, and proprietary data movement

Top Features

AI-driven risk prioritization analyzing billions of behavioral signals Shadow AI monitoring and blocking for unsanctioned generative AI tools 250-plus risk indicators with no policy configuration required CISO-friendly dashboards with cloud storage, source code, and shadow AI insights MIP tag support and AI-powered content inspection for PII and PCI detection Human Risk Command Center for unified risk visibility across communication channels Agentic AI workflows (Mihra) for automated detection and investigation Adaptive controls: blocking, temporary allow, or in-context user education FedRAMP-authorized deployment option Integration with CrowdStrike, CyberArk, and Palo Alto Cortex XSOAR

Technology

SaaS FedRAMP

Integrations

CrowdStrike Falcon Palo Alto Networks Cortex XSOAR CyberArk

Company

Top Markets	Global
Recognition	Gartner Magic Quadrant for Email Security - Leader 2025 Gartner Magic Quadrant for Digital Communications Governance and Archiving Solutions - Leader 2025 Forrester Human Risk Management Solutions Wave - Strong Performer Gartner Market Guide for Data Loss Prevention - Representative Vendor

Clients & Focus

Firm Type	Technology Firm
Client Count	42,000+

Support & Onboarding

Onboarding Deployment achievable in days; less than 4 hours of weekly admin time post-launch; proof of value assessment available over 4 weeks