SearchInform DLP:

Protecting business from data leakages


The system operates at several levels – it analyzes data in corporate storages, data transmitted over network equipment and proxy servers, corporate mail servers and local hosts.

The system supports corporate communication means (Exchange, Lync, Skype, corporate telephony, file servers, SharePoint, Office365, Cisco Messenger, etc.) and personal means (Telegram, Viber, web mail, cloud storages, social networks, blogs, forums, etc.). Such an integrated approach allows implementing the secure use of network channels without blocking them and obstructing business processes.

The SearchInform DLP modules run on two platforms:

SearchInform NetworkSecurity SearchInform EndpointSecurity
Controls network user activity Controls endpoint user activity.
Mirrors traffic at the level of the corporate network Logs employee actions by means of software agents installed on the computers
The mirrored traffic is directed to the server for analysis The agents send captured data to the server for analysis:


  • Immediately, if the computer is on the corporate network
  • As soon as the computer connects to the Internet, if the employee is out of the office, on a business trip or working from home


analyzeAlertCenter is the thinktank of SearchInform DLP, regularly queries all the software components using over 10 search algorithms. If specific words, phrases, text, or files have been detected, the system immediately notifies a designated information security officer.

The queries run with a specified frequency and according to information security policies, set up to find specific type of data. SearchInform DLP provides two types of policies:

Universal Security Policies Unique Security Policies
Relevant for every organization Tailored to the specifics of each industry
  • Control kickbacks and bribery
  • Detect negativity and conspiracy among staff
  • Identify risk groups engaged in alcohol and drug abuse, large debt, and others
  • Detect bank card data leaks (financial activity/banks)
  • Detect pilferage of transported goods (transport and supply chain)
  • Monitor tender purchases (commerce), and more

SearchInform DLP includes over 250 predefined security policies which you can use immediately upon SearchInform DLP system installation. New policies are constantly being developed.



The following checking features are available in SearchInform DLP:

  • Analysis of metadata: use of attributes (transmission channel, file type, receiver, sender, time, bcc, and many other attributes)
  • Content analysis: digital fingerprints, regular expressions, dictionaries, morphology, misprints, transliteration, OCR and other standard technologies.
  • Smart analysis: unique smart technologies that improve the DLP system performance. For example, search for images with falsifications, search for texts similar in meaning or content to the original, search for documents with corporate seals, search for visually similar images (for example, images similar to passports, credit cards, health insurances, etc.), search for scanned documents without OCR, text search within an audio recording, etc.

More details about each search type here.


  1. Automate routine tasks

    Let the SearchInform DLP-system regularly scan captured data and alert you about suspicious activity and policy violations.

  2. Perform ad hoc queries and investigate incidents

    As soon as the system detects a problem and alerts about it, designated information security officers can start an investigation. The SearchInform DLP analytical capabilities allow them to reconstruct details and prevent data leaks.

If the system operation has been set up correctly, one information security officer is able to control activity of 1000-1500 employees.


Our deployment engineers are skilled experts who quickly solve any problem as well as:

  • Provide training on how to work with the product client applications
  • Help you configure your own security policies
  • Suggest an optimal solution for your problem
  • Consult you on how to analyze captured data
  • Explain the capabilities of new product versions