Staffcop Adds File Scanner and MAX Data Interception Capabilities
As insider threats and shadow IT expand, Russian cybersecurity vendors are moving quickly to secure emerging communication channels and tighten control over unstructured data. Staffcop, part of the Kontur.Egida ecosystem, has released a February update to its internal security incident investigation platform. The update introduces a file scanner for inventorying and classifying data across workstations and local storage, along with a module that intercepts messages and attachments in the MAX messenger on Windows. The new features respond to the growing risk of insider threats, shadow IT usage, and employees relying on unofficial communication channels.
The release marks a notable development in Russia’s corporate cybersecurity market. Vendors are not only replacing foreign DLP and UEBA solutions but also adapting quickly to new communication channels such as MAX. As businesses migrate to domestic platforms, this case highlights the rapid evolution of local cybersecurity infrastructure.
The update reflects three key trends: increased focus on insider threats, rising demand for managing unstructured data, and the emergence of tools tailored to Russian digital services. The Verizon Data Breach Investigations Report (DBIR) continues to show that human error remains the leading cause of incidents.
The new capabilities strengthen protection of commercial information and personal data within organizations. For the industry, this marks another step toward maturity in the domestic cybersecurity stack and reduced reliance on foreign solutions.
The Start of a New Product Segment
Demand for such tools is likely to grow among mid-sized and large enterprises in Russia. Organizations operating in hybrid work environments need visibility into data that moves through messengers and resides on local devices. As a result, sectors such as banking, retail, manufacturing, telecom, and system integration are likely to show interest.
The MAX messenger is expanding into the enterprise segment, and security teams are seeking ways to monitor it. Integration with MAX opens the door to a fully fledged product segment. Next steps could include support for additional domestic communication channels, stronger analytics, and integration with MFA, PAM, VPN, and SOC systems.
At the same time, competition with global vendors remains challenging. The product’s strongest potential lies in the domestic market and in nearby jurisdictions. Expansion into CIS countries and other markets that prioritize import-independent security solutions is possible.
Cybersecurity Market Trends
In 2024, Axoft began distributing Staffcop Enterprise, an import-independent solution for DLP and internal incident investigations. That same year, Staffcop Enterprise confirmed compatibility with RED OS, enabling organizations to build secure environments based on domestic technologies. Against this backdrop, the current update represents the next stage in the product’s commercial development.
In 2025, Atom Bezopasnost, part of SKB Kontur Group, released version 5.7 of Staffcop Enterprise. The update included audio recognition, message interception in Yandex Messenger, a new email capture tool, and an enhanced remote agent deployment utility. The addition of MAX support follows this trajectory, with the vendor steadily expanding monitoring capabilities for Russian communication platforms.
Between 2025 and 2026, insider leaks and employee errors remain among the most significant threats to Russian businesses. According to SearchInform, 51% of companies have experienced personal data leaks, and in 66% of cases incidents were caused by employee mistakes and insufficient cyber hygiene. In this context, the Staffcop update aligns with growing demand for tools that manage internal risks and protect sensitive data.
Globally, similar approaches can be seen among vendors such as Teramind and Forcepoint. Forcepoint, for example, uses advanced content inspection and risk-adaptive protection to prevent risky data transfers. In this context, the Russian case reflects a broader industry shift toward tighter control of the “human perimeter,” rather than a purely local development.
Toward Platform-Specific Protection
The domestic insider security market is moving away from generic DLP scenarios toward targeted protection of specific platforms, communication channels, and shadow data repositories. This goes beyond monitoring USB devices and email to maintaining visibility over corporate data in modern digital work environments.
Over the next one to two years, demand for DCAP, DLP, and insider risk tools is expected to grow, along with expanded monitoring of domestic messengers and collaboration services. Companies are increasingly likely to adopt ecosystem-based solutions, driven by the shift to Russian platforms and stricter accountability for data leaks.
