Until recently, the Ministry of Economic Development of the Russian Federation gave encouraging forecasts of positive changes in the state of the Russian economy in 2016, but the realities of the coming year indicate the opposite. Experts predict a long period of low oil prices, and already at the Gaidar Forum, Dmitry Medvedev called for preparing for negative developments if prices continue to fall. Ahead is a 10% reduction in the state budget for unprotected items. Thus, there is no reason yet to count on a general market recovery.
It is quite obvious that in such a situation, the trend towards reducing IT budgets of Russian companies will most likely continue this year. However, they still have unresolved IT tasks that cannot always be postponed. And in addition, new ones are emerging, driven by the need to protect and generally improve business efficiency, reduce capital and operating expenses. Among the most important tasks on the general list are still issues of ensuring information security companies and organizations, as well as meeting regulatory requirements in this area.
What information security tasks were the main ones for the country’s information security industry last year, which ones will customers have to solve first of all in the coming year, and what growth points can be expected in connection with this in various segments of the Russian information security market? We intend to discuss all this in this review with the participation of experts.
The main changes in the field of information security in 2015
Economics and information security.“The current political and economic conditions, on the one hand, have led to stagnation of the information security market, and on the other hand, they are helping to improve it. As a result, consumers receive benefits, since increasing competition among suppliers promises them information security products with improved functionality and at lower prices,” said Deputy General Director of Aladdin R.D. Alexey Sabanov described the current situation in the information security sector.
The crisis, in his opinion, contributes to the fact that the most high-tech and promising solutions will remain on the information security market, for the development of which the scientific and production foundations were created in time. Among these, he singles out support for legal significance electronic documents, including, in the M2M segment, the creation of trusted platforms and solutions based on them, comprehensive security management.
At the same time, according to Grigory Vasiliev, product manager at the Research Institute SOKB, “... in a difficult economic situation, as always, users pay more attention not to purchasing new products, but to increasing the efficiency of using previously implemented ones, as well as external information security services.” At the same time, he notes a noticeable shift in the information security market towards services, which, in his opinion, is due both to general technological trends in IT and information security, and to the tactical desire of customers to reduce costs by postponing the purchase of software and hardware until better times.
Some other experts speak in the same vein. Stating that the need of Russian users for information security services did not decrease last year, Alexey Grishin, director of the Information Security Center of Jet Infosystems, notes, in particular, the growing interest of the banking business in services for providing information security on the Internet, protecting Internet banking and RBS, to counter DDoS attacks, organize firewalling at the application level and combat transaction fraud.
The technical director of the Informzashchita company, Ivan Melekhin, also speaks of a sharp increase in demand for information security services and services for supporting information security systems with a simultaneous increase in the variety of demanded information security services, which, in his opinion, is due to the increasing level of maturity of Russian customers.
Among the services that are in growing demand, Andrey Perkunov, head of the information security department at Step Logic, notes information security consulting services aimed at practical solution data protection issues, identifying and eliminating incidents that have occurred: penetration tests, incident investigation, ensuring successful completion of regulatory checks, bringing IT and information security infrastructure into compliance with regulatory requirements.
As for such a topic as security outsourcing, the prospects of which were discussed a lot earlier, according to Andrey Golov, CEO of the Security Code company, this trend has not yet gained the expected popularity: “In my opinion, this approach is not for our country . Due to the specifics of Russian business, no one is ready to outsource its security. To do this, you either have to be extremely imprudent, or the size of the business must be completely insignificant for its owner.”
Import substitution. The course towards import substitution is forcing Russian customers to abandon foreign products in favor of domestic ones, which, according to Mr. Vasiliev, has become a serious shake-up for Russian information security vendors: “It turned out that not everyone is ready to completely replace foreign analogues, and some foreign products are simply not have Russian alternatives. Nevertheless, this is a useful shock, which forces us to more actively develop domestic solutions, bring them to fruition and mass industrial application.”
“Against the backdrop of tightening regulation based on the “tightening the screws” model, it seems paradoxical to see a reduction in purchases of certified software. On the one hand, in the context of the policy towards import substitution, a number of domestic manufacturers demonstrate an unwillingness to reduce prices in order to increase sales volumes, and on the other hand, due to the late [calendar] formation of budgets, some purchasing competitions are apparently late. Nevertheless, I will suggest that the information security market will be replenished with new aggressive players capable of dumping, and in the next year or two prices on it may become market prices,” comments Mr. Sabanov on the impact of import substitution on the Russian information security market.
For his part, Roman Kobtsev, director of business development at Perspective Monitoring, notes an increase in the activity of Russian information security developers last year: “Domestic manufacturers, first of all, tried to fill the capacious segment of information security monitoring tools traditionally held by international leaders.”
In addition, according to the observations of Vyacheslav Medvedev, leading analyst of the development department of Doctor Web, import substitution has prompted many Russian companies that previously used foreign software to transfer their infrastructures to domestic analogues. At the same time, the expert believes, the trend of creating domestic software that could replace imported software that is superior in functionality or has no analogues has not developed.
Alexey Sabanov also draws attention to the following costs of the import substitution policy: “Despite the fact that a significant part of government databases still remains insufficiently protected, sales in the data protection segment have decreased.” He explains this by the reluctance of customers to spend money on protecting what they will soon need to transfer to other platforms.
Information security as a mirror of IT. The information security market depends on the information and telecommunications technology market, our experts are sure: everything that happens in ICT is reflected in the information security market.
Thus, the development of the Internet services market has caused, according to Mr. Medvedev, an increase in business interest in protecting websites. The 3D printing market that has formed, as he believes, over the past year requires the creation of 3D models and systems for monitoring their quality in terms of information security.
In the future, Mr. Golov believes, the area of defense will actively develop mobile solutions and clouds: “The need to protect tablets, smartphones and similar devices will grow. But for Russia, the emergence of a need for such solutions is, rather, not tomorrow, but the day after tomorrow. We, as developers, are convinced that such a product should be made as widespread as possible - the better this is done, the more money the manufacturer earns.”
Opposing him, Mr. Vasiliev notes: “There are already Russian cryptographic protection tools for various [mobile] platforms, domestic MDM systems for managing information security policies on mobile devices ah, solutions that provide office tools for safe work. These are all mature products, tested in real projects individually and in combination. Serious efforts are being made today to create a trusted mobile OS and a domestic mobile hardware platform. Thus, the Tizen mobile OS has been successfully certified by FSTEC, and Yota company Devices announced the transfer of YotaPhone2 production to Russia.”
Opinion of the chief engineer of the Citrix representative office in Russia and the CIS countries Sergei Khalyapin regarding the development of information security technologies for mobile access in our country also does not coincide with Mr. Golov’s reasoning. In his opinion, technologies for protecting mobile devices and mobile applications last year developed actively, which is clearly related to the deep penetration of mobile devices into the corporate environment, the use personal devices for work purposes and storing corporate documents on them. “The ability for employees to work mobile and remotely with corporate information is attracting customers’ attention to solutions to protect the relevant data transmission channels,” he says.
The IT industry, as Andrey Perkunov notes, is now significantly influenced by the technologies of software-defined networks, virtualization and cloud solutions. “In the next three to five years, we should expect a significant transformation of IT, to which information security solutions and technologies will have to be adapted. Already, leading providers of information security solutions are reviewing their product portfolios in order to improve the integration of information security products with virtual environments, service orchestration platforms and cloud systems", he believes.
According to Mr. Grishin, special attention should be paid to the trends associated with the industrial and energy complex actively using automated process control systems and characterized by “canned” demand, which is formed under the influence of the expected change in the status of regulatory documents for this area from advisory to mandatory (presumably he estimates this will happen in 2016). “Almost all Russian industrial enterprises are actively studying this issue and are potentially ready to initiate relevant projects if these standards are approved as mandatory,” he said.
“There is a transition to real, not “paper” information security support,” states Mr. Melekhin. - Customers are increasingly analyzing the security of their ICT infrastructures and data. The topic of providing information security in technological processes. These issues are relevant to a number of economic sectors, and there are already solutions that help prevent the threats associated with process automation.”
Impact of the threat landscape. Experts draw attention to the transformation of cybercrime into a high-tech criminal business built according to modern economic schemes. Cybercriminals quickly respond to all changes occurring in the ICT sphere; an example here is the rapid response of cybercriminals to the shift of retail sales, banking and other types of business to the Internet.
Here is the data Mr. Grishin provided: “According to expert estimates of our company, in the credit and financial industry the volume of losses from fraudulent activities in 2015, compared to 2014, increased by an average of 26.8%, in the telecommunications sector - by 6.8%, in retail - up to 16%, depending on the segment. Therefore, projects to develop both Internet services and loyalty programs must be accompanied by the introduction of means and measures to protect payment transactions and user accounts, as well as to prevent external and internal fraud. We can confidently expect an increase in the number of such projects in 2016.”
Since about last fall, Mr. Golov has noted an increase in attention in Russia to targeted attacks: “They have always existed, but today the number of professionals who know how to implement these attacks has increased, and in such a way that the damage from them has become noticeable.”
The desire to reduce damage from targeted attacks is driving demand for means of information security data consolidation, monitoring and centralized information security management. As a result, the need for security operations center (SOC) services is growing. “Specialists began to think about what, in principle, is happening with corporate information security, how to measure its level, detect and correlate information security events,” notes Mr. Golov.
Alexey Grishin notes a sharp increase in cross-channel fraud and attacks on organizational clients using social engineering. In the field of classic corporate information security, the focus, in his opinion, has shifted towards the modernization of infrastructure information security and the use of highly intelligent security tools. The main emphasis is on what and how can be done with the data coming from existing information security tools - IdM, DLP, SOC, etc. - that is, on building processes around these systems that, with small (relatively) investments will bring a new intellectual quality to information security.
According to Mr. Grishin, the relevance of specialized analytical systems (both domestic and foreign) that appeared on the Russian market a couple of years ago, allowing certain logs in IT systems (such as ERP, CRM, etc.) has increased significantly. .) identify cases of fraud, deception, theft in retail chains.
Some Russian information security vendors see new opportunities for themselves in the segment of Anti-APT class solutions (protection against targeted attacks). The number of such companies, as reported by Sergey Zemkov, managing director of Kaspersky Lab in Russia, the countries of Transcaucasia and Central Asia, includes the one he represents.
According to Mr. Medvedev's observations, an important trend of the past year has been the growing interest of attackers in systems based on the Linux OS, in solutions for managing technological automated control systems - everything that was previously either not protected at all or was protected extremely weakly. The number of hacks of such systems was small last year, but, according to his forecasts, it will increase, including as smart devices connect to the Internet.
Although the Internet of Things has not yet become relevant for Russia, our experts consider it necessary to prepare for its challenges now, working out scenarios for protecting its infrastructure. Vyacheslav Medvedev states that the market for wearable and embedded electronics, “smart” devices, equipment and complexes is being formed right before our eyes and already requires protection, since attackers have appreciated its potential.
“Modern society is on the verge of transitioning to a state that was previously considered science fiction,” he argues. “Very soon we will be surrounded by devices that control our every action at any given time, and not all of them will be created and used for the benefit of those they control.”
Since it is man who is weak link in any information security system, important and in demand, according to Mr. Zemkov, were the services for training specialists and programs to increase staff awareness in information security issues, offered to customers by the company he represented.
Forecasts for 2016
Vyacheslav Medvedev notes with regret that, according to his observations, many experts in our country consider the task of protection from intruders and malware long ago decided. This, however, is not confirmed by practice: systems antivirus protection, for example, in the vast majority of Russian companies, they leave much to be desired and do not protect against modern threats. As a rule, this is a consequence of the fact that company managers do not pay due attention to organizing protection in this area. “Information security risks are assessed by Russian business as negligible. This is largely due to the “regime of silence” regarding information security incidents in our country, which gives the impression that the number of incidents is small and the amount of monetary losses from them is small. Meanwhile, the expertise accumulated by our company in the field of analysis of such incidents indicates the opposite,” he says.
The influence of the political and economic situation. According to Mr. Melekhin, the uncertainty of the economic situation this year does not allow us to correctly make any forecasts about changes in the state of the country’s information security market. Nevertheless, our experts spoke about some of the most obvious, in their opinion, trends in the field of information security.
Customers, in conditions of budget sequestration and staff reductions, warns Mr. Sabanov, will be more demanding of the functionality and cost of purchased (alas, in ever smaller volumes) information security products and especially of the performers of information security projects. “They will demand a single supplier of products and services for the entire range of information security tasks they have formulated, with increased responsibility for the integrator life cycle Information security systems. This will lead to increased competition among integrators, to the stratification of service providers and another redistribution of the information security market. At the same time, in addition to the largest integrators, the winners will be the developers who have foreseen the specific directions of its development,” he believes.
According to Mr. Golov, information security budgets will be formed only on the basis of the situational response of customers, and the current economic situation is worse than it was during the 2008 crisis, since the current crisis is of a political and economic nature. “Many negative factors have accumulated. Economic ties have been destroyed, sanctions have been introduced, stock exchange prices are falling, and the national currency is falling. Since the state does not have clear stress scenarios, it is difficult to make forecasts,” he agrees, expressing, however, confidence that areas related to the country’s defense capability will develop and state defense orders will grow.
Since saving on information security is fraught with great risks, it is possible to ignore the information security challenges facing companies and organizations only to a certain extent. Ivan Melekhin believes that stability or even growth can be shown in those areas that will optimize costs, increase the profitability of the core business, and protect critical assets. “We can expect an increase in demand for the service-cloud model of IT and information security, which allows you to receive only the resources necessary to provide information security, and at the right time,” he suggests.
If we evaluate the information security market in terms of indicators not tied to the ruble exchange rate (for example, by the total number of projects or person-days), then, according to Mr. Grishin, the Russian information security market will grow in 2016, and the outsourcing segment will even grow times. He expects an increase in information security budgets in the fuel and energy complex: here, as a rule, information security projects are associated with the transfer of previously created information security subsystems to Russian products or with the creation of high-tech subsystems from scratch.
Import substitution and information security. The negative impact on information security budgets of a significant depreciation of the ruble (since prices for imported solutions are calculated in foreign currency) plays into the hands of domestic suppliers, and the topic of import substitution in 2016, according to our experts, will be especially relevant.
According to Mr. Vasiliev, import substitution is supported by the distrust of Russian customers in foreign vendors due to the ongoing political processes, as well as the decrease in their activity in our country for both political and economic reasons. “For Russian information security developers and service providers,” he says, “there are unique, almost “greenhouse” conditions that need to be taken advantage of.”
The cycle of appearance of new domestic information security products today has significantly shortened, states Mr. Grishin, as customers began to buy and implement promising solutions and invest in their development, forcing developers to supplement their solutions and products with the necessary properties and bring them to the level required by customers. At the same time, customers and integrators assume the risks associated with the implementation of immature solutions.
Regulation and information security. Regulation, according to some experts, remains one of the most important drivers of the Russian information security market.
“The community of specialists and users,” says Mr. Kobtsev, “is still waiting for the law regulating the information security of critical information infrastructures, since specialists need an understanding of the development processes of both the GosSOPKA system and industrial automated control systems protection systems. Perhaps the standard for the safe development of information protection systems expected this year, which is promoted by the FSTEC of Russia, will have some impact on the market. Of course, it won’t become a locomotive, but at least it will bring a fresh spirit to the discussions and, perhaps, in a few years it will be transformed into some kind of more binding document...”
Great prospects, according to Mr. Vasiliev, are opening up for Russian vendors due to the requirements of regulators to collect and clarify personal data in the country.
Technological and marketing locomotives of information security. The dynamics of information security costs, according to Mr. Grishin, in the coming year will vary significantly in different sectors of the economy. Banks, for example, are reducing their information security budgets - the safety margin accumulated thanks to earlier investments allows them to do this. But those areas of information security that are most critical in the world are being invested. this moment. The priority, in his opinion, is ensuring information security on the Internet.
Some activity is observed, according to Mr. Kobtsev’s observations, in the traditionally “Russian” segments of the information security market, which is associated with the transition of players from the development of individual products to the creation of complex infrastructures for customers. Domestic manufacturers, the expert expects, in 2016 will continue to intensively increase the functionality of their network security tools in the direction of NGFW and full-fledged information security products for protecting endpoints, linked (subsequently) with expert (usually cloud) support. “Some Russian developers almost completed this process already in 2015, others have just started it. But in any case, the coming year will be indicative in the competition in this area, because market shares released as a result of import substitution and other market events (mergers, acquisitions, changes in the development strategy of some vendors) are quickly filled,” he believes.
Another interesting trend, according to Mr. Kobtsev, will be an increase in the number of Russian information security companies trying to enter international markets, which is largely due to the stagnation of the Russian market: “I think the strategies for such an entry and the results will be different for everyone. But in any case, it will be interesting to watch.”
Global market for information security outsourcing services
If we analyze Western markets, we can see that this business model is a logical continuation of the evolutionary development of the professional services market. System support has been replaced by outsourcing, supplemented by financial services (usually leasing schemes). It allowed the implementation of information security functions to be transferred entirely to operational costs. Managed security services brought together infrastructure, financial services and support services into a single whole on the side of the service provider (Managed Security Services Provider, MSSP). Qualitative leap in cloud technologies defined the emergence of security as a service, allowing the client to quickly receive and manage the necessary services from the cloud.
Market drivers/constraining factors
Let's take a closer look at the industry discussed in this article. Gartner defines a Managed Security Services Provider as a service provider that can remotely monitor, manage, and augment your organization's security functions without having its staff located on the customer's site.
These services can be provided separately or integrated with your current security infrastructure. At the same time, organizations can hire MSSPs either to manage individual information security initiatives or to outsource the entire security program. Such approaches are used by those who have limited IT or information security resources in their company, there is a lack of expertise, or there is a need for quick (and rather, better) implementation of the information security function, compared to internal implementation.
The conditions in which businesses operate are constantly changing. The activity of cybercriminals and the number of attacks are increasing, and the methods and methods used by fraudsters are constantly changing. The state and various regulators are introducing new requirements for information protection. At the same time, it is necessary to keep up with technological progress, the emergence of new devices, their use by employees, the need to use the BYOD approach, and IoT technologies. All of these factors increase the need for the superior expertise and latest information security practices that MSSPs possess.
On the other hand, customers should carefully consider the choice of an MSS provider, since they will have to entrust the protection of valuable business information into their hands, because its loss or leakage is very sensitive for the company. It is doubt about the provider or lack of adequate choice that leads customers to refuse to use MSSP services.
Engaging MSSP helps customers take advantage of the latest solutions and best practices in the field of information security. By auditing the customer’s information security infrastructure, MSSP consultants help clients in 3 areas:
- Identification and elimination of “blind spots” and gaps in information security management.
- Application of best practices.
- Assistance in meeting regulatory requirements.
At the same time, MSSP helps reduce the capital costs associated with building your own security infrastructure and associated operational costs such as hiring and training personnel, etc.
Services
The list of services can be very extensive, but in most cases the MSS provider has the following set of services offered:
- Threat Management- threat management
- Distributed Denial of Service (DDOS) - distributed denial of service attack
- Managed Email Security - email security management
- Managed Anti-Malware - management of malware protection
- Managed Firewall - firewall management
- Managed Security Gateway - managing security gateways
- Managed Intrusion Detection Services and Intrusion Prevention Services - management of intrusion detection and prevention
- Compliance Management- checking compliance with regulatory requirements
- Vulnerability Management/Scanning- checking/scanning for vulnerabilities
- Security Operations Center (SOC)- security center
- Log Management - managing log records
- Incident Management - incident management
- Endpoint Security- security of end devices
- And many other different services, the most popular of them:
- Identity and Access Management - identity and access management
- Awareness Management (Anti-Phishing, Social Engineering) - increasing awareness (fighting phishing, social engineering)
- Virtual Data Rooms (VDR) - virtual rooms
- Security Health Check - system health check
The information security outsourcing market is divided into two components according to the service delivery model:
- With installation of equipment or software at the customer. This also includes the CPE (Customer Premises Equipment) approach: in this case, the customer has equipment with basic settings, the logic of operation, a set of software for providing various services is downloaded from the supplier and may change depending on the needs of the customer.
- Providing from the cloud, without installing hardware and/or software. This method is called SECurity As A Service.
At the moment, the bulk of cybersecurity outsourcing services are provided on the basis of customer-installed equipment, but most studies indicate that this trend will change, and in the 2017-2024 horizon, services will be provided from the cloud.
Financial indicators
Researchers agree that the cybersecurity outsourcing industry (Managed Security Services) will grow. The only difference is the growth rate estimates. But even here the spread of values is not great; the compound annual growth rate (CAGR) of the information security outsourcing market volume ranges from 12% to 17%.
These growth rates are higher than those for the cybersecurity market as a whole, which are projected at 8-12%.
The volume of the information security outsourcing market in the world is estimated at $18 billion in 2016 and $41 billion by 2022, while the volume of the entire cybersecurity market is estimated at $82 and $170 billion, respectively. This means that the share of outsourcing services among cybersecurity services will increase from 21% to 27% by 2022.
Main players
The most notable players in this segment:
- Verizon
- Orange Business Services
- CenturyLink
- Dell Secure Works
- Symantec
- TrustWave
- Wipro
- BAE Systems
- NTT Security
Companies providing services according to this business model (service providers) can be divided into three categories: telecom providers / data center operators, solution manufacturers, independent solution providers from various manufacturers.
It is obvious that customers are more inclined towards telecom and DC operators, since connecting to their services requires less effort. Equipment in the case of DC- or traffic in the case of a telecom operator is already on the provider’s side.
An analysis of the portfolios of the world's major players shows that the greatest variety of services is demonstrated by companies that produce solutions. While telecom operators focus on Anti-DDoS, MDM, Email Security, Managed Firewall, Managed Gateway services, solution manufacturers provide more complex services that require deeper expertise.
The most common service provided is SOC using various SIEM solutions. Very often the IRS will provide this service along with it. Next in the ranking are Vulnerability Scanning and other services.
The target audience
According to experts, in the near future the main consumer of MSS services will continue to be large businesses. But the small and medium-sized business segment will show the highest growth rates. Looking at the forecast in terms of business sectors and the largest MSS consumption forecasts, the Banking, Financial Services and Insurance (BFSI) sector is leading the way.
The environment in which banks, financial institutions and insurance companies operate is changing greatly in terms of new technologies and business processes. The technological revolution that took place in the banking sector and financial institutions has changed the form of ATM, the type of basic banking processes, and new forms of customer service have emerged - through web platforms and mobile devices. The BFSI sector is under unprecedented pressure due to increased cyber attacks on the one hand and stricter regulatory requirements on the other. Such pressure is one of the driving factors for promoting MSS, which allows you to quickly get the desired result.
The general business trend - movement towards the provision of digital services - implies moving further beyond the perimeter of infrastructure for the provision of services. And if it is necessary to extend the perimeter into the territory of telecom and data center providers, then there are fewer and fewer barriers and doubts about using the outsourcing model of business support and SECaaS as its special case.
Western experts argue that increased demand from small and medium-sized businesses is a key factor in the growth of the MSS market in the medium term (3-5 years). This is due to the fact that for companies of this size, aspects of business have recently changed significantly. As a result, these companies are forced to reconsider business models and change infrastructure. MSS help support growth, optimize business processes and increase their operational efficiency. Since MSSP offer reliable protection For confidential information, demand from SMBs will grow during the forecast period. The growth rate is estimated at 17.5% CAGR from 2016 to 2024.
Russian market for information security outsourcing services
The Russian information security market is not distinguished by its publicity, and there is no noteworthy analytics on the MSS market. At the same time, a growing interest in this area is obvious for market players. All categories of service providers (telecom providers and data center operators, solution manufacturers, independent suppliers) are already present on the market with their offers. It is worth noting that there are no clearly defined leaders. In certain segments, for example in the field of protection against DDoS attacks, there is already a sufficient number of companies competing for clients. In general, the market is quite sparse; many services available on the global market are absent in our local market; competition in most segments is low. To be fair, it should be noted that Russian customers have access to services from global players that are not popular for a number of reasons: low level trust in them from clients, legislative and technical restrictions (for many clients, the fact of Russian-language support and support for the Russian language can also be very significant, both at the connection stage and at the service operation stage). The situation could be changed by the local presence of these players and investments in the Russian market, but they are in no hurry due to its financial unattractiveness compared to the USA and Western Europe.
Considering analysts' forecasts for the global market, I would like to dwell in more detail on the most promising area - services provided under the SECaaS model. In this article, we will limit ourselves to considering services that have the following characteristics: available for purchase in Russia, located in the Russian Federation (having at least one point of presence, since most services are geo-distributed), providing Russian-language support or having partners providing this service.
Services
List of services that are available to consumers:
- Anti-DDoS
- Secure Web Gateway
- Mail Security
- Treat Intelligence
- Code Analysis
- Managed Firewall*
- Managed Security Gateway*
- Managed Intrusion Detection Services and Intrusion Prevention Services*
* Services are provided on the basis of a telecom operator or data center.
Main players
In accordance with the previously defined categories, we will divide providers into the following types: telecom providers and data center operators, solution manufacturers, independent solution providers from various manufacturers. All of these categories are already active players in this market: telecom providers (Rostelecom, MegaFon, MTS), solution manufacturers (Qrator, Wallarm, ZScaler, Appercut, DDoS-GUARD), independent service providers (Solar Security, " Informzashita", ProtoSecurity).
Drivers and restraining factors for the SECaaS market in Russia
“There are two views on the future. One with apprehension, the other with anticipation." Jim Rohn
What advantages does it have? this model for service providers? What makes new players enter this market, besides the obvious desire of any business to make money? It is possible to identify drivers common to all categories of service providers in this model:
- Control over infrastructure, on the basis of which the service is provided. This allows you to significantly reduce maintenance costs and clearly draw the line between the customer’s infrastructure and the service infrastructure.
- Shorter deal cycle. Typically, a SECaaS offering is aimed at satisfying an existing customer need. There is no need for lengthy pilots to demonstrate PoV and generate customer demand.
- Better control over costs (transparent resource model). The service provider is able to more accurately predict its costs for creating and maintaining the service.
- Expansion of sales geography.
The main limiting factor is the limited sales market.
Benefits and limitations vary for various types SECaaS service providers.
Table 1. Advantages and limitations of different types of providersSECaaS
| Provider | Advantages | Restrictions |
| Increasing revenue from the client, entering a new market. Acceptable investments in infrastructure (the main investments have been made) | Link to your main product | |
| Lower costs to support the solution | Investments in infrastructure. Competition with own products | |
| Entering a new market | Investments in the implementation of services. Difficulty of implementation. The need to develop new sales channels |
For clients, using SECaaS has very obvious advantages: quick connection to the service, easy scaling and a flexible payment system, and payment for exactly the volume in which the client is currently interested.
As with outsourcing, the main limitation remains a lack of trust in service providers. Another significant factor is the limited supply on the market. In our opinion, when deciding to choose a SECaaS solution provider, customers will highlight the following factors:
Table 2. Provider selection criteriaSECaaS solutions
| Provider | Benefits for the customer | Restrictions for the customer |
| IT service providers (Telco, Data Centers) | Synergy with the provider's main product (communication channels, IaaS, PaaS) | Lack of access to the service when changing telecom provider/data center |
| Service producers, solution producers | Proven Solution | Lack of choice of solution that is most acceptable to the customer |
| Independent Service Providers | Possibility of choosing technology and service to suit your needs. Possibility of a “synergistic” effect when using several services | Low competition. Lack of platforms for service management |
ANGARA's view
“...a cloudless sky full of heartless stars,” Isaac Marion.
“We believe the SECaaS market will experience rapid growth over the next few years.
When implementing projects, we often pursue the achievement of local goals of our customers, solve their specific problems, within the framework of this cooperation we dive into their problems, industry specifics, enrich our experience and obtain valuable information to improve our value proposition. However, we are focused on providing offerings that meet business needs and recognize that even companies with limited budgets are not willing to compromise when it comes to the availability and security of their business processes.
We plan to significantly increase our SECaaS offering in the near future. Our strategic task is to create a leading company in this market, which will act as a broker, providing customers with a service that best suits their needs and budget. Also, in the near future, our company is ready to provide its own services (under the Angara Professional Assistance brand), bringing to the market services using the SECaaS model, which are currently available only as on-premise solutions in the Russian Federation. A key element of this company’s technological foundation will be a universal platform for managing these services.”
Alexander Trikoz
J’son & Partners Consulting presents brief results of a study of the Russian information security market based on the results of 2014 and a forecast for its development until 2018.
Estimates of the volume of the Russian information security market and trends
According to J'son & Partners Consulting, in 2014, the volume of the Russian market for information security tools and services (hereinafter referred to as IS) grew in nominal ruble terms by 13% to 51 billion rubles, which is slightly higher than the overall nominal growth rate of IT market in Russia, which, according to Rosstat, amounted to about 10%. Thus, in the total volume of the Russian IT market, the market for information security tools and services occupies about 7%. As with the IT market as a whole, the positive dynamics of the Russian information security market in 2014 were largely determined by the devaluation of the ruble and the resulting increase in prices for imported information security products, which became especially noticeable in the 4th quarter of 2014. This is the first time this situation has occurred since 2009.
In comparable ruble prices, the information security market in Russia showed close to zero growth in 2014, while the main effect of the rise in price of imported information security products caused by the devaluation of the national currency will be noticeable in 2015, which will cause a fall in the Russian information security market in comparable prices.
One way or another, against the background of stagnation in the development of the information security market, there is a significant increase in information security threats with their transition to a qualitatively different level, which is confirmed by data from key market players.
“We note the transition of cybercrime to a qualitatively new level, which consists in turning the shadow market of cybercrime into a well-functioning industry that completely follows the laws of the ordinary world. Our own development, our own support, refunds in case of dissatisfaction with the purchased product, rental of technology and equipment, intermediary services, untraceable payment systems, affiliate programs, cash withdrawals and much more. It is no coincidence that the term Crime-as-a-Service appears, meaning the transformation of the cybercrime market into a well-oiled machine operating with a minus sign,” notes Cisco information security expert Alexey Lukatsky.
Structure of the Russian information security market
If we talk about the structure of the information security market, then in 2014 it did not undergo significant changes. As before, the main segments of the Russian information security market were the segments of network security tools and anti-virus protection tools, together occupying more than 70% of the market. However, despite the absence of fundamental changes in both the dynamics and structure of the Russian information security market, the likelihood of such changes in the period until 2018 is assessed as high. At the same time, the predicted stable negative macroeconomic background will become one of the main drivers of structural changes in the IT market in general, and the market for information security tools and services in particular.
According to J’son & Partners Consulting forecasts, the share of information security services will increase by more than 4 times by 2018 compared to 2014, occupying up to 40% of the market, and the total market volume at comparable prices will decrease by 15%. At the same time, a significant share in the structure of services will be occupied by intelligent information security services provided under the Security as a Service (SECaaS) model.
The client structure of the market will undergo fundamental changes. From the current predominance of large clients from the government, financial and energy sectors, the structure of demand for information security products will shift towards small and medium-sized trade and service enterprises, as well as private consumers. The sales model for information security products will also change: service providers will become their main consumers.
Drivers of the Russian information security market
Among the technological factors of fundamental changes in the information security market, it is worth noting the change in the structure of Internet traffic in favor of smart subscriber mobile devices, the share of traffic of which will increase in 2018 by more than 10 times to 40% compared to 2014. At the same time, the share of landline traffic personal computers and laptops will decrease from 90% in 2014 to 50% in 2018. To a large extent, it will be generated by virtual PCs using “zero” and “thin” client set-top boxes connected to monitors and SmartTVs, the share of traffic of which will be about 10%.
At the same time, by the end of the forecast period, J’son & Partners Consulting analysts expect that the convergence of fixed and mobile networks communications and their transformation into deeply programmable information and communication environments. In them, network security functions will be fully implemented programmatically in the form of the corresponding functionality of virtual network controllers and the implementation of the principles of “network as a sensor”.
Alexey Lukatsky talks about the meaning of the term “network as a sensor”: “Whatever nodes, operating systems, applications or users communicate with each other; are we talking about corporate networks, home applications or the Internet of things - they are all united by a single concept - NETWORK. It is through the network that all data and requests are transmitted from tens of billions of devices, which, according to our estimates, will “inhabit” the Internet of Things in just 4-5 years. That is why network security is so important, forming the basis on which all protection of modern network interaction is built. It is no coincidence that we at Cisco even coined the term “Network as a Sensor”, which means that in the context of such a massive move of different manufacturers into the Internet of Things, the emergence of a huge number of devices that are not equipped with any serious protection, "In the absence of uniform standards for the exchange of information between billions of Internet things, network security is the only link that can improve the security of network interaction in the near future."
Cisco information security expert Alexey Lukatsky
According to J’son & Partners Consulting analysts, this factor is most significant specifically for the network security segment, which accounts for up to half of the Russian information security market in monetary terms. It should be taken into account that today it is represented mainly by hardware-dependent means aimed at protecting the physical perimeter and stationary objects located inside it (PCs, servers, storage systems). Therefore, the widespread emergence of deeply programmable information and communication environments means the possibility of complete transformation of the network security hardware and software segment into corresponding services implemented by operators of physical communication networks.
Information security in the era of the Internet of things
In addition, already in 2017 in Russia we should expect the beginning of the active deployment of systems built on the principles of the Internet of Things, and, as a result, the convergence of the market for information security systems and services and technical systems security, as well as building management systems (Building Management Systems, BMS) with the formation of the market complex systems and infrastructure management services amounting to more than a trillion rubles per year.
“The Internet of Everything is something that is beginning to quietly come into our lives. And we are talking not only about connecting industrial segments of automated process control systems to the Internet, but about the penetration of the Internet of Things into the life of the average person - smart House, starting a car engine in winter by command from mobile phone, home video cameras with Internet access... All this shows that the Internet of Things is already gradually conquering Russians. In a couple of years, we won’t even remember how we lived without the Internet of Everything. And of course, in the context of such a massive dissemination of these technologies, the first priority will be to ensure the confidentiality of my life, the availability of my Internet things and protection from modification of the commands and data that these things will exchange among themselves. The security of the Internet of Things is something that is worth thinking about now,” warns Alexey Lukatsky.
In general, J'son & Partners Consulting analysts are confident that despite the reduction in the volume of the information security market itself in monetary terms, the trends described above create significant business development potential for both traditional players in this market and companies - telecom operators, online and OTT providers services, commercial data center operators and market players engineering systems and technical security systems.
The newsletter was prepared by J"son & Partners Consulting. We make every effort to provide actual and forecast data that fully reflects the situation and is available at the time of publication of the material.
J"son & Partners Consulting reserves the right to revise the data after individual players publish new official information.
____________________________________________________
This summer, the director of the FSB of Russia, Alexander Bortnikov, during the government hour in the State Duma, raised the question of the need for “more active work to create a Russian software"and intensifying import substitution in the field of information security.
At the legislative level, a lot of efforts have been made on this front. But what is happening in terms of implementation is told by Alexander Atamanov, General Director of TSS LLC, which develops information security tools.
Ours instead of someone else’s: how the Russian information security market is being formed
Alexander AtamanovHelpful Security
In 2017, spending on cyber protection worldwide will increase by 8.2% compared to last year and reach $81.7 billion. By 2020, the information security market will exceed $100 billion, according to a new report from the analytical company IDC.
For comparison: in Russia from 2013 to 2014, the information security market grew by 13% and amounted to only 59 billion rubles, that is, slightly less than $1 billion, according to TAdviser data. The figure of 13% is higher than the overall nominal growth rate of the IT market (10%). At the same time, in the total volume of the Russian IT market, the market for information security tools and services occupies about 7%.
However, the numbers vary depending on the analysis method. Thus, Cisco security business consultant Alexey Lukatsky estimated the volume of the Russian information security market in 2016 at 1% of the global market, or about $700 million (40.2 billion rubles). At the same time, he made a reservation: This is a very approximate indicator, since it is not entirely clear what is considered an information security object.
According to J’son & Partners Consulting estimates, the share of information security services in Russia by 2018 will grow more than 4 times compared to 2014, occupying up to 40% of the market. The main trend will be an increase in demand for intelligent information security services provided under the Security as a Service model.
In the spirit of the law
The development of the information security market in Russia went hand in hand with legislative initiatives. Perhaps the most important milestones in its formation were:
- Laws “On Information, Informatization and Information Protection” (1995), Doctrine of Information Security of the Russian Federation (2000),
- Law “On Personal Data” (2006),
- orders of the State Technical Commission (now FSTEC), which put into effect many of the governing documents, and the FSB of the Russian Federation.
The adoption of these documents contributed to the formation, growth and sustainable development of many areas of information security tools (IPS).
As a result, by 2014, when the currency crisis struck, the information security market in Russia had formed. And as in popular expression, currency fluctuations played into the hands of domestic companies. Foreign developments have increased significantly in price, and many companies have had to switch to domestic analogues. This created demand.
Due to the fact that the development cycle of information security solutions takes on average from 1.5 to 3 years, The peak of appearance of the best domestic solutions can be expected in the period from 2016 to 2018.
However, even without this, many domestic products were adopted by companies operating in Russia. An online survey conducted by PC Week Review in 2014 with the participation of companies of various sizes confirmed that the import substitution strategy is being implemented on an ongoing basis.
According to the results of the study:
- 38% of companies used mainly foreign products and services to organize corporate information security;
- the share of firms with predominant domestic developments accounts for 11%;
- another 35% combined products of Russian and foreign origin equally.
At the same time, it turned out that Russian developments clearly predominated in some segments: anti-virus protection (68%), electronic signature (60%), data encryption during storage and transmission (32%). Manufacturer of anti-virus protection products "Kaspersky Lab" and "CryptoPro", which produces products electronic signature, have been on the market for decades, so they managed to gain a foothold in their niches.
In other segments, as a PC Week survey showed, there was serious competition. For clarity, I present the table:
In addition, developers of specialized accounting, accounting and reporting systems, design and geolocation systems, and security scanners traditionally look confident.
The introduction of mutual sanctions also affected the information security market
Due to current legal requirements, Western developers have difficulty certifying information security systems to high security classes, because companies are required to provide source code to testing laboratories.
Western developers do not use domestic encryption algorithms. If a company wants to sell cryptographic protection products, it needs a license and certificates of conformity when using information security systems in critical areas. information systems Oh.
All this encourages foreign corporations to partner with domestic companies, developing equipment that has passed certification, as is the case with the Russian TCC and the American corporation Citrix Systems.
Already two TCC products - the Diamond ACS access control and access control system and the TCC Diamond VPN/FW Client software product - have become participants affiliate program Citrix Ready and are now featured in the proven Citrix Ready Marketplace.
Hybrid response to hybrid attacks
Another reason stimulating information security developers was the import substitution policy initiated at the highest level. In their study “Import Substitution and Russian Economic Sovereignty,” Chatham House analysts Richard Connolly and Philip Hanson noted that Russian economic policy is gradually being subordinated to security considerations in order to isolate the country from internal and external threats.
The import substitution campaign is one of the key elements in this program, and legislative measures were initiated even before the introduction of Western sectoral sanctions. Import substitution mechanisms are institutional in nature and imply a strategic course rather than short-term solutions.
This could reduce Russia's dependence on the oil and gas sector. But experts emphasize: real diversification of the economy will be possible only if new industries are export-oriented, as is the case with IT, one of the most competitive areas of the domestic economy.
The policy of import substitution, in particular, was facilitated by the order of the Ministry of Telecom and Mass Communications of Russia dated 04/01/2015 No. 96 “On approval of the plan for import substitution of software”, where theses on the replacement of information security software were clearly stated and recorded, and the law signed by President Vladimir Putin in June 2015 and providing for the creation of a register of domestic programs and the possibility of restrictions on the use of foreign software if there is a corresponding domestic analogue.
As of February 2017, there were more than 2860 in the register software products. At the same time, the Ministry of Telecom and Mass Communications is constantly tightening the requirements for register participants.
However, the key moment in recent years was the approval of the new Information Security Doctrine in December 2016. The updated version is aimed at a preventive response to hybrid wars, which are carried out not only at the physical, but also at the economic, political and information levels. Over the past 16 years, not only the methods, but also the scale of information security threats have changed.
The adopted document clearly identifies the problem of insufficient development of the industry for the first time information technologies, heavy dependence on foreign products and developments.
Comparing the two versions of the doctrine from 2000 and 2016, one can notice:
- First document placed emphasis on ensuring free access of any citizen to information resources and communication technologies.
- A new version focuses on ensuring the security of people's interaction with the information space and protection from technical threats.
The doctrine provides for the need to ensure information security not only of technical components (hardware and software), but also of “entities whose activities are related to the formation and processing of information, the development and use of these technologies, and ensuring information security,” that is, it implies the training and retraining of employees.
Game on a collision course
However, the doctrine of “information security” is implemented not only in Russia, but also in other countries, and when it comes to politics, market rules fade into the background. It is enough to recall several illustrative examples from the practice of Washington and Beijing.
USA: until 2013, the main supplier of smartphones for government agencies was BlackBerry Research in Motion (RIM). The entire FBI staff of 35 thousand employees had gadgets only from this company, since the operating system used by BlackBerry was considered the best on the market in terms of security. But then the FBI began supply negotiations with Samsung. It is curious that in May 2013 the Pentagon carried out a reverse “operation”: the Ministry of Defense refused Samsung smartphones and purchased devices from BlackBerry - again, “for security reasons.”
China: in August 2014, Chinese authorities removed Symantec from the list of approved suppliers computer programs on information security and left only local companies in it: Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising.
In 2015, the developments of the largest American IT companies, in particular Apple, Intel, McAfee, Citrix, and Cisco, were removed from the “accredited list” of products allowed for purchase. The requirement resulted in a two-fold decrease in the amount of foreign software in China.
In June 2014, several Chinese companies, "due to security concerns," announced that they wanted to switch from IBM servers to Inspur's "Tiansuo K1" platform. The Chinese company initiated an advertising campaign with the slogan I2I, in which it explained the possibilities of replacing IBM products with its servers.
The result was the conclusion of cooperation between IBM and Inspur: The American company has agreed that Tiansuo K1 servers will use programs developed by IBM to work with databases and the Websphere enterprise software package. In addition, Inspur plans to use IBM's Power8 microprocessors in the K1.
Inspur servers will run on their own operating system based on technologies from the OpenPower Foundation, an association of developers who produce software with open source code for servers with IBM Power line microprocessors.
To summarize, we can conclude that Russia is in the trend. The role and importance of information security tools is increasing, and technological and military methods of confrontation are changing and transforming along the way. It is not surprising that the world's leading powers are paying more and more attention to their own cybersecurity, which is impossible without import substitution.
Recently the Jet Infosystems company is one of the largest system integrators in the domestic market - celebrated the anniversary of one of its divisions - the company's Information Security Center began operating 20 years ago. In honor of this event, a press conference was held in Moscow, at which the Center’s management spoke not only about the results achieved, but also shared assessments of the development of the information security market in Russia and forecasts for its development. As a result, a fairly complete picture was drawn of what is happening now and what awaits us in the information security market in Russia.
In 2015, the company's turnover in the information security field grew by 13.7% and amounted to 2.5 billion rubles. Despite the difficult economic situation, Jet Infosystems managed to increase the number of customers by 10%. 672 contracts were concluded, about 200 projects were implemented, and more than 150 software products were introduced.
The most significant growth in 2015 was shown by the protection of Web services, including the protection of mobile applications. Turnover in this area has grown more than 5 times due to the great interest of companies in the development of online business and, as a result, the emergence of tasks to ensure protection against computer attacks and fraudsters.
Over the past year, outsourcing turnover increased by 50%. The reasons for the significant growth in the company are associated with the desire of organizations to reduce costs for their own personnel and the growing confidence in the system of information security outsourcing of corporate IT systems.
An increase in the network security direction was also noted - 33%. Its reasons were the trend towards import substitution (replacing information security products included in the “sanctions list” with recommended domestic analogues) and the growing popularity of Next Generation solutions, which have expanded functionality and new capabilities.
Development trends of the Russian information security market
Compliance projects
As Alexey Grishin, director of the Information Security Center at Jet Infosystems, said, five years ago a significant number of projects in the field of information security were related to bringing customer information systems into compliance with the requirements of the Personal Data Law and PCI DSS regulations. “The goal was considered to be “blind” compliance with regulatory requirements and the desire to avoid fines.”
Many were very enthusiastic about this trend back then and had high hopes for it. further development. However, the influence of regulators did not become a driver for market development. “Today we are seeing a completely different picture,” continued Alexey Grishin. - There has been a transition to the area of “real” security, from slogans and big words - to a practical level. Now, in 90% of cases, the justification for projects is the assessment of losses from possible incidents in conjunction with the cost of the implemented security measures. The decision on the need for implementation is most often made by the business itself.”
In the new conditions, Russian business has shown that it is ready to invest in the development of information security, but is ready to do this only when these systems are economically justified, allow real losses to be prevented, and the customer can evaluate the quality of the income received and/or even calculate quantitative indicators in advance.
Targeted attacks
A significant share of the market today is occupied by protection against targeted attacks. More recently, they were aimed primarily at individual, most often only large, companies. Today the situation has changed, and qualitatively. An increasing number of customers are encountering targeted attacks - they either become direct victims of such attacks, or their networks are constantly being probed in order to prepare and conduct targeted attacks in the future.
“The driver of growth in this area was, first of all, the awareness of the real losses that companies receive from this type of fraud. Isolated cases of attacks have grown into targeted, numerous sequential attacks causing significant damage,” Grishin explained. - The last argument that finally convinced businesses of the need to implement information security solutions was the situation with the massive withdrawal of funds from bank correspondent accounts with the Central Bank of the Russian Federation. If in 2014 the Jet Infosystems company had only a few customers in this area, now we can talk about significant increase in requests."
SIEM
SIEM technologies providing real-time analysis of security events originating from network devices and applications, attracted serious attention from customers back in 2014. Even then, they began to actively implement new systems to move from the practice of collecting information about incidents with a delayed response to processing and responding to incidents in real time. In 2015, the focus shifted from discussing technical tools as part of building a SOC to two other components - people and processes. In particular, to determine the requirements for the selection and advanced training of information security employees, building interaction with related departments and external structures (CERT, law enforcement agencies, the media), etc.
Defence fromDDoS
As Alexey Grishin noted, a lot has changed in this segment now. Just a couple of years ago, many people rarely encountered this problem. The attacks were quite rare, “once every six months.” But they were massive in nature and were often ineffective. Nowadays, attackers use small DDoS attacks that probe the victim’s defenses. They stop as quickly as they begin. Companies meet with them almost daily. If attackers discover a weakness in the IT infrastructure, the attack immediately begins in full force.
Fraud Protection
Protection against fraud is considered by Jet Infosystems to be an important component of the information security market. This opinion was formed under the influence of a large number of examples that companies encounter in practice.
Most of the attack schemes encountered are not related to the exploitation of classic vulnerabilities. Attackers mainly look for errors in the logic of corporate systems, trying to infiltrate and make changes to established business processes. The expert even gave an example of such a scheme, when attackers try to penetrate a corporate system and reconfigure the conditions for issuing prizes or bonus purchases. “So, hackers sometimes manage to buy an expensive TV by paying a “prize” of 99 rubles for it.”
As Grishin noted, over the past year the share of expert work carried out by the company in this area has doubled. This includes drawing up descriptions of fraud schemes, developing control procedures, counteraction algorithms, identifying anomalies in the transaction pool, and others. If earlier more attention was paid to the analysis of the remote banking channel, today the emphasis has shifted to transaction analysis individuals and creating cross-channel systems to combat fraud. The development of these systems is especially relevant today for financial institutions and companies using loyalty programs.
Social engineering
Last year saw a rise in attacks using social engineering methods. According to Grishin, now it is especially important to teach company employees not to react to the tricks that hackers “foist” on them.
Targeted attacks are on the rise today, and 90% of them begin with social engineering. So, last year, the most “popular” model of attack on banks was... “letters on behalf of the Central Bank of the Russian Federation.” Upon receiving such a letter, employees, without hesitation, opened them or followed the link provided, thereby providing an opportunity for hackers to install Trojans. The reception turned out to be extremely “effective”.
The emerging market situation forced Jet Infosystems to pay great attention to training its own company colleagues and customer personnel. In their opinion, this kind of attack can only be combated by educating employees and showing them real examples from practice.
Import substitution
According to Alexey Grishin, over the past year a lot has appeared in the information security segment Russian developments. True, it is impossible to say that previously there were no domestic means of protection. However, just recently, many customers showed distrust of domestically produced security equipment, preferring to implement Western equipment and systems that had good marketing support.
Now a lot has changed in the market. Now there are several serious Russian players working here, and there are a number of worthy domestic products that are increasing their popularity, and the frequency of their implementation is growing.
Information security consulting
Compared to 2014, the demand for information security consulting provided by Jet Infosystems has increased by more than 30%. From the theoretical plane, the topic of creating processes around information security, integrating information security systems with the company’s business processes, and developing an information security strategy moved into the practical. This was most reflected in projects for the implementation of SOC, DLP and IdM.
According to Andrey Yankin, head of the consulting department of the Information Security Center at Jet Infosystems: “In 2015, we relied on application consulting, allowing customers to make the most efficient use of the technical tools and human resources they already have. We explain the observed increase in interest in expert audits and development of information security development strategies by the need to build security with a new “level of efficiency”: threats are multiplying, and the ability to “plug all the holes with money” has disappeared even from the wealthiest organizations. The business understanding of information security risks has also changed: now they are considered something integral and everyday when using IT technologies. This creates new challenges for information security services: it is necessary to integrate into business processes and establish interaction with physical and economic security.”
In 2015, the focus shifted from discussing technical means as part of building an SOC to other components - people and processes. In particular, there was a noticeable trend towards the development of approaches to the formation of requirements for the selection and advanced training of information security employees, building interaction with related departments and external structures (CERT, law enforcement agencies, the media), etc.
Outsourcing
Another market trend that was reflected in the change in the turnover of the Information Security Center in 2015 is the gradual overcoming of the fear that companies previously experienced when transferring the functions of providing their own information security to a third party. Although information security outsourcing is still in its infancy, 2015 marked an important stage in development for this market segment. “In the next two years, we expect an increase in the number of projects in this area,” said Alexey Grishin.
Enterprises have been talking about the possibility of switching to information security outsourcing for a long time. However, most companies tried not to discuss this topic. A lot has changed in recent years, especially in 2015. Threats today are becoming much larger and more complex. This forces them to attract specialists with a narrow profile, and most companies do not have such personnel.
The second reason for the growing popularity of outsourcing is high level modern development the information security systems themselves. It turned out that today many customers have difficulty finding personnel on the market capable of ensuring their reliable and correct operation, which is pushing them to switch to outsourcing.
As Alexey Grishin noted, the information security outsourcing market is currently rapidly developing. There is still no standard list of services that customers want to receive; each cybersecurity solution vendor offers something different. Under these conditions, it is still difficult to compare the systems being implemented with each other, and competition between companies providing information security outsourcing services is still low.”
It has become difficult to fight threats alone today. Therefore, according to Alexey Grishin, in the near future we can expect the emergence of new centers that will coordinate information security work. At the moment, FinCERT is already successfully functioning under the auspices of the Central Bank of the Russian Federation, GosSOPKA (CERT for government agencies) is being completed, and commercial CERTs are successfully operating.
Company virtual data center
In 2015, Jet Infosystems launched new service on protecting Web services using WAF (Web Application Firewall) technology. It was implemented on the basis of its own virtual data center (see News in the “ ” section dated February 29, 2016).
This service is intended for organizations that host services critical for their business in a virtual data center, such as online stores, trading platforms, Bank-Client systems, online portals, etc.
The new service provides them with a comprehensive approach to information security tasks, which includes protection against DDoS attacks and specialized protection against attacks at the application level.
Automated process control system security
The impetus for the development of the topic of automated process control system security was given by real incidents that allowed company management to realize the reality of the threat. Today, many industrial companies have stopped waiting for unambiguous instructions from the state, and have begun to build their own automated process control systems to provide real protection measures. Some of these projects are now at the stage of initial IS level audits, others are already at the design stage.
As for the indicators of the Jet Infosystems company, in 2015 the number of requests from customers in this area increased 5 times, and the number of real projects - 2 times.
Future cybersecurity threats: forecast of Jet Infosystems
Internet of Things (IoT)
According to Jet Infosystems experts, the topic of Internet of Things security is somewhat overheated at the moment. First, there must be “non-security of the Internet of things,” that is, massive threats that will affect everyone. The prerequisites for this should be the distribution of “smart” things, the unification of their firmware and clear schemes for monetizing attacks: for example, the use of infected devices to send spam or DDoS attacks.
Protection of personal information
The protection of personal data has been actively pursued in the past. However, the emphasis in this direction will shift. From formal compliance with regulatory requirements, a gradual transition is expected to real protection data. The prerequisites for this will be serious damage to organizations from the loss of customer data (such examples already exist in Russia), gradual changes in legislation and the spread of the practice of judicial protection of the rights of affected personal data subjects.
Other changes will be associated with a shift in the practice of protecting all personal data in a row towards the protection of truly valuable personal information. This is data related to health, personal life and personal finance, etc. The remaining data in the modern information society is de facto publicly available and this should gradually be reflected in the approaches of regulators, according to Jet Infosystems.
Widespread distribution of malicious services
Competition forces companies to look for ways to squeeze competitors out of the market or create conditions that make it difficult for them to operate. Offers of illegal services will actively appear on the Internet, which promise to achieve certain business goals in a dubious way.
This criminal activity will develop according to the laws of traditional business. Cybercriminals will conduct marketing campaigns, attracting buyers with promises of anonymity and reliability, and fight for reputation.
"Black" BigData
Numerous hacks of corporate and government systems lead to massive data leaks today. Having received them, criminals will strive to sell the information via the Internet. This process is only gaining momentum now: data is sold in bulk or in small quantities on pirate sites.
In the future, fraudsters will strive to create convenient centralized platforms for selling and purchasing stolen information. They will try to sell the stolen data, creating sales packages based on customer demand. As Andrey Yankin noted, “We don’t yet know how to deal with this. Wait and see!"
Loading...
