The Firefox browser is now supported for Incydr’s monitoring and available adaptive controls like Block by Source and Block by Destination.
Every browser your employees use is a potential exfiltration path. An engineer drags proprietary source code into an unsanctioned AI tool. A finance analyst pastes customer records into a personal cloud account. A departing employee uploads confidential designs to a webmail service. These actions happen in seconds, and they happen in whichever browser is open.
Incydr's browser extension now supports Firefox, extending the full suite of adaptive controls like Block by Source, Block by Destination, and real-time monitoring across Chrome, Edge, and Firefox. Here's what that means for protecting your most critical data.
Block Sensitive Data at the Source — Before It Leaves
Administrators can block exfiltration of files originating from high-value sources like source code repositories, HR systems, executive folders, and more.
Not all data carries the same risk. A marketing brief uploaded to a collaboration platform is very different from source code pulled from an engineering repository and pasted into ChatGPT. Block by Source recognizes that difference.
Incydr tracks where files originate. When a file comes from a high-value source like an engineering repository, financial system, customer database, or confidential SharePoint site, administrators can enforce policies that prevent that file from being uploaded or pasted to untrusted destinations. Files from lower-risk sources continue to move freely, keeping collaboration intact.
This is a fundamentally different approach from traditional content-scanning DLP, which attempts to classify data by inspecting file contents and generates false positives in the process. Block by Source uses inherent data origin as the control signal, which means enforcement is precise, fast, and doesn't require content classification rules that break down at scale.
With the Firefox extension, these source-based controls now apply regardless of which browser a user is working in — a critical requirement for organizations enforcing controls at the tenant level rather than just for individual watchlists.
Stop Exfiltration to Shadow AI and High-Risk Destinations
GenAI use is on the rise in corporate environments. Monitoring capabilities and destination blocking can track and prevent exfiltration of data to unsanctioned AI tools.
The rise of unsanctioned AI tools has created a new category of data protection challenge. Employees adopt AI assistants, code generators, and productivity tools faster than security teams can evaluate them. The result is shadow AI — tools that ingest company data with no visibility, no audit trail, and no way to get that data back.
Block by Destination gives administrators a targeted way to address this. Rather than blocking all untrusted destinations which hurts productivity, Block by Destination lets you define exactly which domains should never receive company data. This includes unsanctioned AI tools, known exfiltration sites, personal cloud storage services, and any other high-risk destinations specific to your organization.
When a user attempts to upload a file or paste content to a blocked destination through any supported browser, the action is stopped in real time. The user receives a clear notification explaining why, with educational guidance that drives behavior change. If configured, users can request a temporary override with a business justification that's logged for administrative review.
This targeted approach means organizations can enforce strict controls against shadow AI and other high-risk destinations without disrupting the thousands of legitimate third-party sites employees use every day.
Real-Time Enforcement with Full Visibility
“Temporarily allow”, an option for blocking, is a great way to enforce policy while ensuring collaboration in lower-risk scenarios
Both Block by Source and Block by Destination operate in real time through the browser extension. Enforcement happens in milliseconds even when the endpoint is offline, covering file uploads, drag-and-drop, and clipboard paste actions.
Every enforcement action generates a detailed security event: what was blocked, why, the source of the data, the intended destination, and whether the user requested an override. These events are fully searchable in the Incydr console and accessible through native SOAR/SIEM integrations or via API, giving security teams the audit trail they need for compliance reporting and investigations.
Getting Started is Easy
Firefox extension support is available now for all Incydr customers on Windows, macOS, and Linux at no additional cost. Deployment follows the same model as Chrome and Edge — force-installed via MDM, group policy, or manually. Your existing Block by Source and Block by Destination policies apply automatically once the extension is deployed. No reconfiguration needed. For setup instructions, see the knowledgebase article.
Not an Incydr customer? Request a 30-day Proof of Value (POV) to learn about your data protection posture and top insider threats.
