DLP systems market analysis

Apply for SearchInform DLP TRY NOW

The modern Russian market of DLP systems has its own characteristics associated with the fact that the main trend is import substitution. Also, DLP systems, like other data protection tools, are subject to FSTEC requirements. Given these reasons, key Russian players, through the mediation of regulators, are gradually replacing foreign products. Now the consumer chooses from 5-6 programs of domestic production, while the demand is formed by both public procurement and private companies, and both large and small businesses show interest in DLP systems.

Market specifics during the period of import substitution

The trends of recent years in the autarky of the internal software market have almost completely changed the picture in the DLP sector as well. If in 2014 all the lines of the rating were occupied by foreign products, then after several years of work under the conditions of sanctions, Russian products are primarily of interest. The order of the Ministry of Telecom and Mass Communications, issued at the beginning of 2017, completely changed the alignment of forces in the market, on the basis of which state-owned companies and companies with state participation in choosing software products, including DLP systems, should give preference to domestic developments. This solution is implemented in a price offer evaluation mechanism, in which a Russian product purchased at the contract price is considered with a 15% reduction factor.

Today Russia is among the world leaders in the number of DLP systems on the market, which is confirmed by both domestic experts and foreign analytical agencies. This becomes another reason for choosing a product from a domestic developer.

Main software products

Imported developments have not disappeared from the DLP market, but now they occupy a more modest place on it than they did five years ago. Their market shares have declined due to the protectionist measures of the Russian government, as well as significant development of domestic technologies. The user will first of all make a choice from domestic offers and the main market players in the current realities. Symantec, ForcePoint (formerly Websense) and Intel Security (formerly McAffee) products have not disappeared from the market, but their sales have declined significantly.

Considering Russian offers, buyers appreciate both functionality and user-friendliness of the user interface. An essential point is the compatibility of the program with other corporate solutions, for example, CRM systems. An easy-to-install product that does not require pilot testing and refinement is more likely to be purchased by small Russian companies interested in protecting trade secrets or personal data. Government businesses or large corporations prefer more customizable solutions and more often order individual improvements that can be easily integrated into their unique IT infrastructure.

When considering a DLP system, one must take into account whether it is included in the Unified Russian Register of Programs, which is maintained by the Ministry of Communications. The presence of a product on the list is an objective indicator of its quality. FSTEC certification is also a mandatory requirement, since data leakage protection systems store and process personal data of citizens of the Russian Federation.

Symantec Data Loss Prevention

The development of one of the world leaders, Symantec, still finds its buyer in Russia. The vendor has been present on the Russian market for a long time. DLP systems were implemented both in small firms with up to 100 users and in large corporations with tens of thousands of employees. Among the clients whose names are disclosed is one of the world's largest consulting firms - Deloitte.

The functionality of the program includes:

  • tracking the movement of information inside and outside the corporate network;
  • detection of confidential information in the public domain;
  • information protection on laptops operating outside the corporate network;
  • protection of mobile devices and e-mail from leaks of confidential information.

The system integrates well with third-party solutions, provides multi-layered protection of the network infrastructure, and controls mobile devices. The technical documentation comprehensively covers all the capabilities of the system.


The DLP system of the Russian developer is distinguished by a modular architecture; it consists of many components, both client and server. The program works with Windows and Linux operating systems. The quality of information traffic control is very high; it is possible to block and record the main channels of information leakage, changes in the system configuration, and file operations. The violator's actions can be filmed, which will provide evidence in the event of a dispute.

Additional benefits include:

  • extended functionality. The program allows you to audit equipment, block files, encrypt information;
  • good search in archived data;
  • when constructing security policies for protection against leaks, an arbitrarily high level of complexity is acceptable;
  • stability;
  • rich investigation tools;
  • use by the developer of advanced technologies, including innovative and unique ones.

The widest functionality of the system, the ability of the system to solve a wide range of tasks and the most powerful investigation tools that are relevant for use on the Russian market have become generally recognized advantages.


The products of this developer are primarily of interest to large companies and holdings. Such institutions pay attention to the following advantages of the system:

  • the ability to process large amounts of data;
  • serious analytical module;
  • Linux operating system support;
  • adaptation of the system to each client and his corporate IT infrastructure.

But advantages turn into disadvantages. The system implementation period sometimes takes up to six months. And too much need to customize the DLP system leads to the fact that certain solutions work well in one industry and lose in others. The number of monitored channels is less than that of competitors. In addition to Windows, Unix is required.

The product is convenient, first of all, for security services, the interface is intuitively simple, and reports of intercepted information are well structured.


Among Russian developments, Zecurion Zlock is popular. For many companies, this product is the easiest to install, since the DLP system runs on Windows. The product controls local leakage channels. If you need a system solution and control of network channels, you need to install Zecurion Zgate additionally. Components can be installed on one or several servers. Control of interaction with the Internet is divided into several groups, each of which has its own rules.

Information passing through the system can:

  • be logged;
  • block;
  • be archived.

The number of monitored data leakage channels is quite large. Among the advantages of Zecurion information protection tools is a good logic for working with text content of files. Among the shortcomings, users note an increased load on protected computers. The work of collecting and analyzing the evidence base is extremely complicated. It may take 1-2 steps to solve a problem in competing systems, while in a Zecurion DLP system, this sometimes takes 20.


According to users, this system is distinguished from competitors by its intuitive interface and high installation speed. Ease of installation, though, is not completely correlated with ease of administration.

The number of monitored channels is wide enough, including such narrow solutions as recording sound from a microphone, identifying screenshots taken from the screen. Falcongaze supports interception of information from popular instant messengers such as Viber and WhatsApp.

As the advantages of the product, users note the ability to work with the system within five minutes after installation and a good search in the archive. The option to control specific users is well implemented - the program shows security specialists in detail which of the employees, what time and with what files it worked.

Practitioners call the disadvantages of Falcongaze its low power, a long period of data processing and analysis (the search sometimes takes hours) and, which is critical for investigations, an illogical reporting system.

When the buyer chooses

The peculiarity of DLP systems is that it is not only a product, but also a service. In almost every case, the software is being finalized and adjusted according to the technical specifications of a particular customer. The modularity of most systems for protecting information allows you to assemble a product that is clearly tailored to the needs of each customer and takes into account the model of potential threats operating in the organization. Therefore, the quality of the vendor's work, the availability of good technical support and long-term service determines the product's place in the rating in the eyes of the buyer more accurately than the sales figures.

1. When choosing a product, consumers pay attention to the following key points:

2. Compliance of the real capabilities of the DLP system with the functionality declared in the description, the quality and depth of data analysis.

3. Compliance of the results of revision with the most detailed TK. Revealing during testing not only advantages, but also disadvantages of the program, as well as their assessment.

4. Expanding the needs of the buyer due to the capabilities of the system. Often, those functions that were not initially included in the TK solve the user's tasks better than those stated.

5. System security, since the data stored in it is of significant value to the company.

6. Creation during testing of the system of stress loads, allowing to control its stability.

Based on these points, you can choose a DLP system from among those presented on the Russian market. At the first stage, it will be logical to test several pilot projects, choose the one that is most adequate to the capabilities and needs of the customer, and only after that proceed to the full installation of the optimal software solution.