Garda DLP

White Paper: DLP - Data Loss/Leak Prevention

DLP garda - a Data Leak Prevention class system for monitoring and analyzing the company's information flows, protecting and preventing leaks of confidential information, allows you to see a complete picture of communications in the organization at any time and automate the detection of suspicious incidents. Registered in the Unified Register of Domestic Software (entry No. 417 of 18.04.2016).

2025

R-Vision SIEM compatibility

Development companies have confirmed the compatibility data protection of the Garda system leaks and DLP INFORMATION SECURITY the event management system. R-Vision SIEM This integration allows you to expand the functionality of solutions. Events captured by DLP are combined with events SIEM in and create a visual picture, cyber attacks as well as increase the degree of integration of the product into the company's infrastructure. The company was informed about this on September 17, 2025.

"Garda DLP" acts as the first line of protection for confidential data and prevents its unauthorized dissemination and leakage. DLP protects critical information from internal and external threats through information flow control and analysis mechanisms.

SIEM, in turn, collects events from various sources: servers, workstations, network equipment and security applications. The key advantage of the DLP and SIEM tandem is the ability not only to prevent data leakage, but also to identify the root causes of the incident. The DLP solution blocks unauthorized activity, and SIEM provides in-depth event analysis. When a violation is identified, integrated solutions help trace the full chain of events: who tried to access the data, how and through which channels the transfer took place. A bundle of systems allows information security professionals to quickly identify the causes of incidents and prevent more serious consequences, for example, blocking compromised accounts and restricting access of attackers to a more critical part of the infrastructure.

Events from "Garda DLP" are transmitted to R-Vision SIEM, where they undergo a normalization and processing process using pre-prepared correlation rules included in standard platform expertise packages. These rules are developed by the R-Vision team when a new event source is connected: specialists analyze the data structure, identify key parameters for monitoring and form a set of correlations. Once developed, the rules are regularly updated and kept up-to-date, ensuring that they are effective even as IT infrastructure changes or potential threats behave.

Integration opens up opportunities for customers to build a comprehensive information security system. This is especially true in the face of growing cyber threats and tougher regulatory requirements, allowing Russian companies to confidently switch to domestic technologies without losing the quality of protection and compliance with industry standards.

We see in the compatibility of our solutions not only the technological result, but also the practical value for the information security market. Integration gives customers confidence that they can build a single protection ecosystem based on Russian products. The joint work of DLP and SIEM provides the opportunity to receive detailed information about incidents, quickly detect threats, while receiving a tangible reduction in the burden on SOC personnel, ‒ said Leona Druzhinina, head of technology partnerships at the Garda group of companies.

{{quote 'Compatibility between Garda DLP and R-Vision SIEM ‒ is not only a technical integration, but also a new level of maturity of the security approach. When data breach events become part of a single information security incident context, the company is able to see not fragments, but a complete picture of the attack and react proactively, preventing repeated incidents. This approach is especially important in the context of the growing complexity of attacks and the need to switch to domestic technologies, ‒ said Vladimir Oralov, head of the department of technological partnership and client experience at R Vision. }}

The compatibility of Garda DLP and R-Vision SIEM is confirmed by an official certificate.

Add GRPC and mTLS mechanisms

The group of companies Gardaí"" released an update to the Garda system. DLP This release allows you to respond faster to possible failures, more precisely record user actions and quickly identify incidents that could lead to financial reputational losses. This was announced Gardaí by "" on June 19, 2025.

The updated system introduces additional mechanisms for interaction over the GRPC protocol and using mTLS encryption, which increases stability and reduces the risk of data loss. Key component dashboards have been added to monitor health.

The updated version of Garda DLP reduces the risk of confidential information leaking through web channels, including instant messengers and cloud services. Advanced capabilities for tracking file downloads to the Internet allow you to more accurately record the actions of employees on the network and timely identify incidents that could lead to financial and reputational losses. The new version implements the interception of investments transmitted through browsers, including through popular web messengers and cloud storage. This helps organizations identify unauthorized transfers of confidential information in a timely manner.

The Temporary Workstation Lock feature helps control access for elevated employees and prevent potential incidents involving unauthorized use of corporate ones data. The DLP system now allows you to lock an employee's screen during non-business hours. This measure is especially relevant for employees with increased access to critical information. Added the ability to limit access to the workstation by time on workstations under management, in Windows addition to the existing option on computers under. Linux

We consistently develop the system, increasing control over critical leakage channels and increasing the stability of work on all operating systems families. Further plans ‒ to develop analytical and automated functions, update the time and attendance module, implement pre-installed security policies and develop voice analysis tools, ‒ said Aren Torosyan, head of the Garda DLP product.

2024

Compatibility of Garda DLP 6.0 with Alt 8 SP

The updated version of Garda DLP will help customers move towards technological sovereignty, improve workplace control, and increase transparency in the movement of sensitive data. The product is compatible with the Alt 8 SP operating system. Garda Technology reported this on December 5, 2024.

Garda DLP 6.0 strengthens the technological independence of customers and increases the effectiveness of preventing sensitive data leaks through integration with the Alt 8 SP operating system. The Russian OS provides a high level of information protection and meets the requirements of state standards, it supports many domestic applications and solutions, which simplifies integration with various information systems.

Increasing the level of control over employees, and, as a result, speeding up internal investigations, allows the ability to photograph activity by all webcams connected to workplaces. In the case of suspicious actions on the data, the pictures allow you to identify the users involved.

The new version of Garda DLP allows you to better control the movement of sensitive information. The system monitors attempts to copy and move it unauthorized by improving the clipboard monitoring option. "Garda DLP 6.0" not only detects text and images in it, but also intercepts files with confidential information. Thus, security officers get a complete understanding of the movement of data within the company.

The transition to Alt 8 JV ‒ not only a step towards sustainable development, but also an important contribution to the security and independence of technologies, ‒ said Aren Torosyan, head of the Garda DLP product.

In the near future, work is planned to improve the product in terms of improving the user experience.

Compatible with Astra Linux Special Edition 1.7

Garda Group and Astra Group will protect data at the workstation level. As evidenced by the test results confirming the correct operation of the Garda DLP agent in the environment of the Astra Linux operating system. Astra Group announced this on May 15, 2024.

Garda DLP increases the efficiency of security services and allows you to track employee activity - the system monitors and analyzes all information flows in the company.

The workplace agent supports the Astra Linux Special Edition 1.7 operating system. Users can now strengthen control over employees' workplaces, prevent, information leaks and optimize incident investigation. These capabilities provide the functionality of the Garda DLP system: httphttps control/traffic, monitoring processes and applications, printing and keyboard input, reading from external media and writing information to peripherals. Among other things, the leak prevention system allows you to create screenshots and videos of the desktop, conduct audio recordings and analyze messages messengers in, etc.

The popularity of Astra Linux for DSS and AWS opens up wide horizons for cooperation and demonstrates its unconditional potential, "said Aren Torosyan, head of the Garda DLP product of the Garda group of companies. - The expertise of Astra Group in * nix systems allowed us to quickly check the joint work of solutions. Product synergy through deep integration will ensure a high level of customer data security.

Built-in Astra Linux and patented information protection meet the highest security requirements of the IT infrastructure, as evidenced by the most stringent certificates. This feature of our OS has become the main argument for Garda when choosing a platform in whose environment it was necessary to deploy the functionality of Garda DLP. Of all the information leakage prevention systems, it was among the few that can analyze traffic from devices on Astra Linux with the most secure kernel type - hardened. The software stack will be appreciated by companies working with information of increased secrecy, the protection of which is regulated by the state, - said Kirill Sinkov, director of the department for work with technological partners of Astra Group.

2023: Search availability for printed documents

The group of companies Gardaí"" on December 6, 2023 presented an update to the Garda prevention system information leaks. In DLP this version, the search for printed documents is available, the blocking of data transfer by is improved, Bluetooth the transfer via files FTP/FTPS (FTP + SSL) protocols is monitored, control policies are improved, export is improved. HTML

Printed documents often contain sensitive information. The DLP Garda system detects such documents, which means that now you can take control of their leakage.

The DLP 5.8.0 garda allows you to control the transfer of files to the server using FTP/FTPS protocols on a Windows agent, which makes the process even more secure. Faster download of the export file - the developers have reduced its size. In general, the export of objects and violations to HTML began to work more stably.

The updated version of Garda DLP has improved the option of blocking data transfer via Bluetooth. If earlier it was possible to block only all Bluetooth devices at once, now, for example, phones or tablets can be blocked separately, leaving mice, headphones, keyboards and other devices in working order.

With the update, you can create employee lists in the Lists section to use in control policies. In addition, it has become more convenient to fine-tune a group of employees using the Exceptions column. Any policy templates can now be applied to a specific employee temporarily. It is enough to specify the date when the template should be changed automatically.

The developers have accelerated the work of the "Roles" section, which is especially noticeable when choosing domain groups.

The updated version of Garda DLP has enhanced visualization capabilities. Now, similar to phrases and PDs, thanks to color selection, you can understand by which word from the dictionary an object or violation was found.