SearchInform Risk Monitor Enhances Email Protection Beyond IT Infrastructure
10.03.2025

Risk Monitor, SearchInform’s next gen DLP system, has expanded its functions of email quarantine.

From now on, the system can block e-mails with attached files if they were labeled by SearchInform DCAP system – FileAuditor. Emails are checked at the level of mail server. The update will allow preventing leakage of sensitive files even if the mail client is used on a non-corporate device without installed DLP or DCAP agents.

Now the systems need much less time to detect a violation: Risk Monitor no longer needs to analyse attachments for content restricted to be transmitted – the information about it is already embedded in the DCAP label. Quarantine gets the hash sum of the attached file and sends it to FileAuditor. In its turn, the DCAP system quickly compares the received hash sum against the database records to find the required label. This task will be accomplished even if the attached file does not contain a label, but the same document was previously classified (labeled) in any corporate storage.

As a result, when an employee sends an email with a confidential file, it will be isolated in quarantine and the Information Security Officer will be notified of the incident.

“53% of all information leaks occur through the mail. That's why we need a special approach to its control. We need to quickly detect incidents in a large flow of emails and respond to them in a way that does not slow down business processes,” said Sergio Bertoni, the Leading Analyst at SearchInform.

“That's why we moved the quarantine service to the mail server: this way Information Security experts can control emails sent from any device. Using FileAuditor labels, quarantine can more quickly identify emails with sensitive attachments to prevent their transmission. The update helps reduce the load on DLP and DCAP, as both systems use hash sums of file attachments,  added Bertoni. 


ABOUT SEARCHINFORM

SearchInform is an information security and risk management product vendor as well as an MSS provider. The company's clients are more than 4000 companies in 20+ countries. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems: FileAuditor (the DCAP class solution); DLP system with extended functionality; Risk Monitor (advanced platform for internal threat mitigation); SIEM system, IS outsourcing service.


Letter Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.