Risk Monitor Enhanced with Network Folder Write Blocking
02.09.2025

SearchInform next gen DLP system, Risk Monitor, has expanded its toolkit for proactive data leak prevention. A new feature enables organizations to restrict transmission of critical documents to corporate shared storages or creation of files in such storages, ensuring that sensitive data does not accidentally fall into the hands of employees for whom it is not intended. This significantly reduces the risk of accidental leaks.

The core of this enhancement is a new type of blocking rules: Network Folders by Content. Restrictions are configured for documents containing critical content. Administrators can define the content that cannot be written to network folders, specify restricted network folders, as well as particular users or computers. Because the system will control the write operation itself, it will prevent copying, moving and creating files with critical content in network folders.

For example, companies can prohibit the creation of documents containing personal data or trade secrets in shared folders. Alternatively, they can block the transfer of files with Confidential label of FileAuditor. In this case, Risk Monitor leverages the DCAP label instead of allocating resources to analyze the file content, making the process more efficient.

“The proper configuration of security policies for network folders determines the effectiveness of internal information security, as they define who has access to certain information. Risk Monitor now addresses this issue from two angles. The new restriction is used to monitor attempts to write critical documents to corporate file-sharing systems that operate via SMB/NFS protocols. At the same time, the system allows administrators to manage overall access rights to network folders, or block specific user operations such as reading, renaming, or deleting files,” said Sergio Bertoni, SearchInform Lead Analyst.

For restrictions in network folders, the functions of audit and shadow copy creation are available. Audit makes it possible to see which employees attempted to place confidential files in shared access folders, or tried to create a new document in a folder and then copy and paste text into it when moving the original file failed. The shadow copy feature allows creating copies of files that employees attempted to move into restricted network folders. This way, the data security officer can view the original file, which the user tried to write, for further investigation.


ABOUT SEARCHINFORM

SearchInform is an information security and risk management product vendor as well as an MSS provider. The company's clients are more than 4000 companies in 20+ countries. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems: FileAuditor (the DCAP class solution); DLP system with extended functionality; Risk Monitor (advanced platform for internal threat mitigation); SIEM system, Information security outsourcing service.


Letter Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.