We’re thrilled to introduce Block by Source, an exciting new capability in Incydr’s browser extension that brings real-time, origin-based protection to your sensitive data. Incydr offers a range of adaptive controls, from blocking to education and everything in between to deliver the right protection to the right users at the right time.
Block by Source allows you to protect high-value data from exfiltration – see what it looks like from a user perspective in this short demo
A New Dimension of Data Protection
Incydr provides unmatched visibility into how data is moving, no policy setup required.
A lot of data loss prevention focuses on who is moving files and where they are going. But in today’s environment, it’s often just as important to know what is being moved and where it came from. Maybe it’s a downloaded file from your HR software, sensitive IP from a code repository, or a file from the CEO’s drive—these high-value sources represent your organization’s crown jewels.
Block by Source puts you in control by letting you define preventative policies based on the origin of the data. If a user tries to upload, share, or even paste data from a source you’ve marked as sensitive to an untrusted destination, Incydr automatically blocks the action in real time.
How Does Block by Source Work?
At the heart of Block by Source is intelligent source tracking. Files are automatically tagged with their origin. You decide which sources are most sensitive, and then set policies in the Incydr console to block those files from reaching destinations that you haven’t explicitly trusted.
Files are automatically tagged with their source, allowing administrators to track files originating from high-value sources like source code repositories, HR systems, executive folders, and more.
The browser extension does the heavy lifting by monitoring uploads, drag-and-drop, and even copy/paste actions across browsers on Windows and macOS endpoints. The moment someone tries to move a protected file to a personal webmail, unsanctioned AI tool, or other untrusted location Incydr springs into action—analyzing the file’s lineage and your policy in real time, and blocking or allowing the action almost instantly.
If a block occurs, users receive a clear browser notification that explains why their action was stopped and provides helpful educational guidance. And, depending on your organization’s preferences, you can even enable an override via Temporary Allow: Users submit a business justification which is logged for your review and compliance needs. Every action—whether blocked or allowed—is fully audited, giving you a searchable, filterable record for compliance and investigation.
Seamless Integration, Maximum Flexibility
Block by Source fits right into your existing Incydr environment. It leverages your current trust settings and PRISM (Proactive Risk Identification and Severity Model) scoring to help teams prioritize smarter, context-aware decisions. Block by Source works alongside your other controls—like watchlists and tenant-wide policies. The most restrictive rule always wins, ensuring that your most sensitive data stays protected.
Watchlists in Incydr let you add preventative controls like Block by Source to at-risk users defined by an administrator — ensuring that as your risk profile changes the right controls are applied to those users.
Deployment is straightforward: all you need is the Incydr agent, the browser extension, and some quick policy configuration in your console. There’s no extra SKU to buy—Block by Source is included as part of our platform for all customers.
What Makes Block by Source Different?
Unlike legacy DLP approaches that rely on scanning file contents (and often generate frustrating false positives), Block by Source uses data lineage to prevent leaks based on where the file originated. This significantly reduces the risk of blocking harmless files, while ensuring you maintain tight control over your organization’s most valuable information.
Uploads from defined sources can be blocked entirely, or administrators can let users “Temporarily Allow”, shown above, which has users self-select why with a full audit trail
Administrators can choose whether to quietly monitor, temporarily allow, or actively block risky actions, depending on your risk appetite, business needs, and compliance requirements. The unique combination of source-based and destination-based controls means you can protect your critical assets without creating unnecessary friction for everyday collaboration.
Practical Considerations
For security-conscious customers wondering about the browser extension: it’s enterprise-managed, policy-controlled, and designed specifically to oversee the browser—the number one path for data exfiltration today. The feature supports both Windows and macOS endpoints , and enforcement happens even if the endpoint temporarily can’t reach Incydr cloud services.
You can configure protection for a wide range of sources, from customer databases and financial systems to custom internal systems you define. And when it comes to complex transfers—like ZIP archives or folders—every file inside is evaluated before the action is allowed, so nothing slips through the cracks.
Ready to take control of your data’s journey?
An Incydr Proof-of-Value is a structured, 30-day program to get insights into your data protection posture and actionable recommendations on how to prevent future insider incidents
Log into your Incydr console to try Block by Source, or reach out to your account team to learn more. Not an Incydr customer? Request a 30-day Proof of Value (POV) to learn about your data protection posture and top insider threats.
