home Questions Russian information security market - forecasts and prospects. Information security services market The most notable players in this segment

Russian information security market - forecasts and prospects. Information security services market The most notable players in this segment

Until recently, the Ministry of Economic Development of the Russian Federation gave encouraging forecasts of positive changes in the state of the Russian economy in 2016, but the realities of the coming year indicate otherwise. Experts predict a long period of low oil prices, and already at the Gaidar Forum, Dmitry Medvedev urged to prepare for negative developments if prices continue to fall. Ahead is a 10% reduction in the state budget for unprotected items. Thus, there are no grounds to count on the general revival of the market yet.

It is quite obvious that in such a situation, the trend towards reducing the IT budgets of Russian companies is likely to continue this year. However, they still have unresolved IT tasks, which are not always acceptable to postpone. And besides, there are new ones, due to the need to protect and improve overall business efficiency, reduce capital and operating costs. Among the most important in the general list of tasks are still issues of ensuring the information security of companies and organizations, as well as meeting regulatory requirements in this area.

What information security tasks were the main ones for the information security industry of the country last year, which ones will customers have to solve in the first place in the coming year, what growth points can be expected in this regard in various segments of the Russian information security market? We intend to discuss all this in this review with the participation of experts.

The main changes in the field of information security in 2015

Economics and IB.“The current political and economic conditions, on the one hand, have led to the stagnation of the information security market, and on the other hand, help to improve it. As a result, consumers benefit, as increasing competition among suppliers promises them information security products with improved functionality and at a higher price. low prices”, - so the deputy general director of the company “Aladdin R.D.” Alexey Sabanov described the current situation in the cybersecurity area.

The crisis, in his opinion, contributes to the fact that the most high-tech and promising solutions will remain on the information security market, for the development of which scientific and production groundwork was created in time. Among these, he singles out support for the legal significance of electronic documents, including in the M2M segment, the creation of trusted platforms and solutions based on them, and integrated security management.

At the same time, according to Grigory Vasiliev, product manager of the Research Institute SOKB, "... in a difficult economic situation, as always, users pay more attention not to purchasing new products, but to increasing the efficiency of using previously implemented ones, as well as external information security services." At the same time, he notes a noticeable shift in the information security market towards services, which, in his opinion, is due both to general technological trends in IT and information security, and the tactical desire of customers to reduce costs by postponing the purchase of software and hardware until better times.

Some other experts speak in the same vein. Stating that the need of Russian users for information security services did not decrease last year, Alexei Grishin, director of the Information Security Center at Jet Infosystems, notes, in particular, the growing interest of the banking business in services to provide information security on the web, to protect Internet banking and RBS, to counter DDoS attacks, organize firewalls at the application level and combat transactional fraud.

Ivan Melekhin, technical director of Informzashchita, also speaks about a sharp increase in demand for information security services and services for maintaining information security systems, while increasing the variety of demanded information security services, which, in his opinion, is due to an increase in the level of maturity of Russian customers.

Among the services that are in growing demand, Andrey Perkunov, head of the information security department at Step Logic, notes the consulting information security services aimed at practical solution of data protection issues, identification and elimination of incidents: penetration tests, incident investigation, ensuring the successful completion of checks with regulators, bringing IT and information security infrastructure in line with regulatory requirements.

As for such a topic as security outsourcing, the prospects of which were discussed a lot earlier, then, according to Andrey Golov, General Director of Security Code, this trend has not yet gained the expected popularity: “In my opinion, this approach is not for our country . Due to the specifics of Russian business, no one is ready to outsource its security. To do this, either one must be extremely imprudent, or the size of the business must be completely insignificant for its owner.

Import substitution. The course towards import substitution makes Russian customers abandon foreign products in favor of domestic ones, which, according to Mr. Vasiliev, became a serious shake-up for Russian information security vendors: “It turned out that not everyone is ready to completely replace foreign counterparts, and some foreign products simply do not have Russian alternatives. Nevertheless, this is a useful shock that forces us to actively develop domestic solutions, bring them to mind and to mass industrial application.

“Against the background of tightening regulation on the model of “tightening the screws”, it seems paradoxical to reduce the purchase of certified software. On the one hand, in the context of the import substitution course, a number of domestic producers are demonstrating their unwillingness to reduce prices in order to increase sales volumes, and on the other hand, due to the late [calendar] formation of budgets, some procurement tenders seem to be late. Nevertheless, I will suggest that the information security market will be replenished with new aggressive players capable of dumping, and in the next year or two, prices on it may become market ones,” Mr. Sabanov comments on the impact of import substitution on the Russian information security market.

For his part, Roman Kobtsev, business development director at Perspective Monitoring, notes the increased activity of Russian information security developers last year: “Domestic manufacturers first of all tried to fill the capacious segment of information security monitoring tools traditionally held by international leaders.”

In addition, according to the observations of Vyacheslav Medvedev, a leading analyst in the development department of Doctor Web, import substitution has inspired many Russian companies, who previously used foreign software, to transfer their infrastructures to domestic counterparts. At the same time, the expert believes, the tendency to create such domestic software that could replace imported software that surpasses domestic software in functionality or has no analogues at all has not been developed.

Aleksey Sabanov also draws attention to the following costs of the import substitution policy: “Despite the fact that a significant part of government databases still remain insufficiently protected, sales in the data protection segment have decreased.” He explains this by the reluctance of customers to spend money on protecting what they will soon need to transfer to other platforms.

IS as a mirror of IT. The cybersecurity market depends on the market of infotelecommunication technologies, our experts are sure: everything that happens in ICT is reflected in the cybersecurity market.

Thus, the development of the Internet services market has caused, according to Mr. Medvedev, an increase in business interest in protecting websites. Formed, as he believes, over the past year, the 3D printing market requires the creation of 3D models and systems for controlling their quality in terms of information security.

In the future, Mr. Golov believes, the direction of protecting mobile solutions and clouds will actively develop: “The need to protect tablets, smartphones and similar devices will grow. But for Russia, the emergence of a need for such solutions is, rather, not tomorrow, but the day after tomorrow. We, as developers, are convinced that such a product should be made as mass-produced as possible - the better this is done, the more money the manufacturer earns.

Opposing him, Mr. Vasiliev notes: “There are already Russian cryptographic protection tools for various [mobile] platforms, domestic MDM systems for managing information security policies on mobile devices, solutions that provide office tools for secure work. These are all mature products tested in real projects individually and in combination. Serious efforts are being made today for the emergence of a trusted mobile OS and a domestic mobile hardware platform. Thus, the Tizen mobile OS was successfully certified by the FSTEC, and Yota Devices announced the transfer of YotaPhone2 production to Russia.”

The opinion of Sergey Khalyapin, Chief Engineer of the Citrix Representative Office in Russia and the CIS countries, regarding the development of information security technologies for mobile access in our country also does not coincide with the reasoning of Mr. Head. In his opinion, technologies for protecting mobile devices and mobile applications developed actively last year, which is clearly associated with the deep penetration of mobile devices into the corporate environment, the use of personal devices for work purposes and the storage of corporate documents on them. “The ability for employees to work mobile and remotely with corporate information draws the attention of customers to solutions to protect the relevant data transmission channels,” he says.

The IT industry, as noted by Andrey Perkunov, is now significantly influenced by software-defined networking, virtualization and cloud solutions. “In the next three to five years, a significant transformation of IT should be expected, to which information security solutions and technologies will have to be adapted. Already, leading information security solution providers are reviewing their product portfolios in order to improve the integration of information security products with virtual environments, service orchestration platforms, and cloud systems", - he considers.

Special attention, according to Mr. Grishin, deserves the trends associated with the industrial and energy complex actively using automated process control systems and characterized by “mothballed” demand, which is formed under the influence of the expected change in the status of regulatory documents for this area from recommendatory to mandatory (presumably, he estimates that this will happen in 2016). “Practically all Russian industrial enterprises are actively studying this issue and are potentially ready to initiate relevant projects if these standards are approved as mandatory,” he said.

“There is a transition to real, and not “paper” information security, - states Mr. Melekhin. - Customers are increasingly analyzing the security of their ICT infrastructures and data. Increasingly, the topic of providing information security in technological processes is being proposed for discussion. These issues are relevant to a number of sectors of the economy, and there are already solutions that help prevent the threats associated with process automation.”

Impact of the threat landscape. Experts draw attention to the transformation of cybercrime into a high-tech criminal business built according to modern economic schemes. Cybercriminals promptly respond to all changes taking place in the ICT sphere, an example here is the rapid response of cybercriminals to the shift to the Internet of retail sales, banking and other types of business.

Here are the data provided by Mr. Grishin: “According to the expert estimates of our company, in the credit and financial industry, the volume of losses from fraudulent activities in 2015 compared to 2014 increased by an average of 26.8%, in the telecommunications sector - by 6.8%, in retail - up to 16% depending on the segment. Therefore, projects for the development of both Internet services and loyalty programs should be accompanied by the introduction of tools and measures to protect payment transactions and user accounts, as well as to prevent external and internal fraud. We can confidently expect an increase in the number of such projects in 2016.”

Since about last fall, Mr. Golov notes the growing attention in Russia to targeted attacks: “They have always existed, but today the number of professionals who know how to implement these attacks has increased, and in such a way that the damage from them has become noticeable.”

The desire to reduce the damage from targeted attacks stimulates the demand for means of consolidating information security data, monitoring and centralized management of information security. As a result, there is a growing demand for Security Control Center (SOC) services. “Specialists began to think about what, in principle, happens to corporate information security, how to measure its level, detect and correlate information security events,” Mr. Golov notes.

Alexey Grishin notes a sharp increase in cross-channel fraud, attacks on clients of organizations using social engineering. In the field of classical corporate information security, the focus, in his opinion, has shifted towards the modernization of infrastructure information security and the use of highly intelligent security tools. The main focus is on what and how can be done with the data coming from the available information security tools - IdM, DLP, SOC, etc. - i.e. on building processes around these systems that, with small (relatively) investments will bring a new intellectual quality to information security.

Significantly increased, according to Mr. Grishin, the relevance of specialized analytical systems (both domestic and foreign) that appeared on the Russian market a couple of years ago, allowing for certain logs in IT systems (such as ERP, CRM, etc.) .) detect cases of fraud, deceit, theft in retail chains.

Some of the Russian information security vendors see new opportunities for themselves in the segment of Anti-APT class solutions (protection against targeted attacks). Among such companies, as Sergey Zemkov, the managing director of Kaspersky Lab in Russia, the countries of Transcaucasia and Central Asia, the one which he represents also concerns.

According to Mr. Medvedev's observations, an important trend of the past year was the growing interest of attackers in systems based on the Linux operating system, in solutions for managing technological automated control systems - everything that was previously either not protected at all, or was protected very weakly. The number of hacks of such systems last year was small, but, according to his forecasts, it will grow, including as smart devices connect to the Internet.

Although the Internet of Things has not yet become relevant for Russia, our experts consider it necessary to prepare for its challenges right now, working out scenarios for protecting its infrastructure. Vyacheslav Medvedev states that the market for wearable and embedded electronics, "smart" devices, equipment and complexes is being formed right before our eyes and already requires protection, as attackers have assessed its potential.

“Modern society is on the verge of a transition to a state that was previously considered science fiction,” he says. “Very soon, we will be surrounded by devices that control our every action at any given time, and not all of them will be created and used for the benefit of those whom they control.”

Since it is a person who is the weak link in any information security system, according to Mr. Zemkov, services for training specialists and programs to increase personnel awareness in information security issues offered to customers by the company he represents turned out to be important and in demand, according to Mr. Zemkov.

Forecasts for 2016

Vyacheslav Medvedev notes with regret that, according to his observations, many specialists in our country consider the task of protecting against intruders and malware resolved long ago. This, however, is not confirmed by practice: anti-virus protection systems, for example, in the vast majority of Russian companies leave much to be desired and do not protect against modern threats. As a rule, this is a consequence of the fact that the heads of companies do not pay due attention to the organization of protection in this area. “IB risks are assessed by Russian business as negligible. This is largely due to the "silence mode" in relation to information security incidents in our country, which gives the impression that the number of incidents is small, and the amount of monetary losses from them is small. Meanwhile, the expertise accumulated by our company in the field of analysis of such incidents indicates the opposite,” he says.

Influence of the political and economic situation. According to Mr. Melekhin, the uncertainty of the economic situation this year does not allow one to correctly make any forecasts of changes in the state of the country's information security market. Nevertheless, our experts spoke about some of the most obvious, in their opinion, trends in the field of information security.

Customers in the context of sequestering budgets and downsizing, warns Mr. Sabanov, will be more demanding on the functionality and cost of purchased (alas, in ever smaller volumes) information security products, and especially to the executors of information security projects. “They will demand a single supplier of products and services across the entire spectrum of the information security tasks they have formulated, with increased responsibility of the integrator for the life cycle of information security systems. This will lead to increased competition among integrators, to the stratification of service providers and the next redistribution of the information security market. At the same time, in addition to the largest integrators, the developers who foresaw the specific directions of its development will also benefit,” he believes.

According to Mr. Golov, information security budgets will be formed only on the basis of the situational response of customers, and the current economic situation is worse than it was in the 2008 crisis, since the current crisis is political and economic in nature. “A lot of negative factors have accumulated. Economic ties have collapsed, sanctions have been introduced, stock prices are falling, the national currency is falling. Since the state does not have clear stress scenarios, it is difficult to make forecasts,” he agrees, expressing, however, confidence that the areas related to the country's defense capability will develop and the state defense order will grow.

Since saving on information security is fraught with great risks, it is possible to ignore the information security challenges facing companies and organizations only up to a certain limit. Ivan Melekhin believes that stability or even growth can show those directions that will optimize costs, increase the profitability of the core business, and protect critical assets. “We can expect an increase in the demand for a cloud-based IT and information security model, which allows you to receive only the resources necessary to provide information security, and at the right time,” he suggests.

If we evaluate the information security market in terms not tied to the ruble exchange rate (for example, by the total number of projects or man-days), then, according to Mr. Grishin, the Russian information security market will grow in 2016, and the outsourcing segment will even times. He expects an increase in cybersecurity budgets in the fuel and energy complex: here, as a rule, cybersecurity projects are associated with the transfer of previously created cybersecurity subsystems to Russian products or with the creation of high-tech subsystems from scratch.

Import substitution and information security. The negative impact on the cybersecurity budgets of a significant depreciation of the ruble (since the prices for imported solutions are calculated in foreign currency) plays into the hands of domestic suppliers, and the topic of import substitution in 2016, according to our experts, will be especially relevant.

According to Mr. Vasiliev, Russian customers' distrust of foreign vendors in connection with the ongoing political processes, as well as a decrease in their activity in our country, both for political and economic reasons, is in favor of import substitution. “For Russian information security developers and service providers,” he says, “there are unique, almost “hothouse” conditions that need to be used.”

The cycle of appearance of new domestic information security products today has been significantly reduced, Mr. Grishin states, as customers began to buy and implement promising solutions and invest in their development, forcing developers to supplement their solutions and products with the necessary properties and bring them to the level required by customers. At the same time, customers and integrators assume the risks associated with the implementation of immature solutions.

Regulation and information security. Regulation, according to some experts, remains one of the most important drivers of the Russian information security market.

“The community of specialists and users, - says Mr. Kobtsev, - is still waiting for the law regulating the information security of critical information infrastructures, since specialists need an understanding of the development processes of both the GosSOPKA system and industrial automated control systems protection systems. It is possible that the standard for the safe development of information security tools expected this year, which is being promoted by the FSTEC of Russia, will have some impact on the market. Of course, it will not become a locomotive, but at least it will bring a fresh stream to the discussions and, perhaps, in a few years it will be transformed into some more binding document ... "

Great prospects, according to Mr. Vasiliev, are opening up for Russian vendors in connection with the requirements of regulators to collect and clarify personal data on the territory of the country.

Technological and marketing locomotives of information security. The dynamics of spending on information security, according to Mr. Grishin, in the coming year will vary significantly in different sectors of the economy. Banks, for example, are cutting their cybersecurity budgets - a margin of safety accumulated thanks to investments made earlier allows them to do so. But those areas of information security that are most critical at the moment are invested. The priority, in his opinion, is the provision of information security on the web.

Certain activity is noted, according to Mr. Kobtsev's observations, in the traditionally "Russian" segments of the information security market, which is associated with the transition of players from the development of individual products to the creation of complex customer infrastructures. Domestic manufacturers, the expert expects, in 2016 will continue to intensively increase the functionality of their network security tools in the direction of NGFW and full-fledged information security products for protecting endpoints, linked (later) with expert (often cloud) support. “Some Russian developers almost completed this process already in 2015, others have just started it. But in any case, the coming year will be indicative in the competitive struggle in this area, because the market shares released as a result of import substitution and other market events (mergers, acquisitions, changes in the development strategy of some vendors) are quickly filled,” he believes.

Another interesting trend, according to Mr. Kobtsev, will be an increase in the number of Russian information security companies trying to enter international markets, which is largely due to the stagnation of the Russian market: “I think that the strategies for such an exit and the results will be different for everyone. But it will be interesting to watch it anyway."

This summer, the director of the FSB of Russia, Alexander Bortnikov, during a government hour in the State Duma, raised the issue of the need for “more active work to create a Russian software» and intensifying import substitution in the field of information security.

At the legislative level, much effort has been made on this front. But what happens in terms of implementation, says Alexander Atamanov, CEO of TSS LLC, which develops information security tools.

Own instead of someone else's: how the Russian information security market is formed

Alexander Atamanov

Helpful Security

In 2017, spending on cyber defense worldwide will grow by 8.2% compared to last year and reach $81.7 billion. By 2020, the information security market will exceed $100 billion, according to a fresh report from the analytical company IDC.

For comparison: in Russia from 2013 to 2014 the information security market grew by 13% and amounted to only 59 billion rubles, that is, slightly less than $1 billion, according to TAdviser data. The indicator is 13% higher than the general nominal growth rate of the IT market (10%). At the same time, in the total volume of the Russian IT market, the market for information security tools and services occupies about 7%.

However, the figures vary depending on the method of analysis. Thus, Cisco security business consultant Alexey Lukatsky estimated the volume of the Russian information security market in 2016 at 1% of the world, or about $700 million (40.2 billion rubles). At the same time, he stated: this is a very approximate indicator, since it is not entirely clear what is considered an IS object.

According to J'son & Partners Consulting, the share of information security services in Russia by 2018 will grow by more than 4 times compared to 2014, taking up to 40% of the market. The main trend will be the growth in demand for intelligent information security services provided under the Security as a Service model.

In the spirit of the law

The formation of the information security market in Russia went hand in hand with legislative initiatives. Perhaps the most important milestones in its formation were:

laws "On Information, Informatization and Information Protection" (1995), Doctrine of Information Security of the Russian Federation (2000),
Law on Personal Data (2006),
orders of the State Technical Commission (now FSTEC), which put into effect many of the governing documents, and the FSB of the Russian Federation.

The adoption of these documents contributed to the formation, growth and sustainable development of many areas of information security tools (IPS).

As a result, by 2014, when the currency crisis broke out, the information security market in Russia was formed. And as in common expression, currency fluctuations played into the hands of domestic companies. Foreign developments have grown significantly in price, and many companies had to switch to domestic counterparts. This created a demand.

Due to the fact that the development cycle of information security solutions takes on average from 1.5 to 3 years, the peak of the appearance of the best domestic solutions should be expected just between 2016 and 2018.

However, even without this, many domestic products were adopted by companies operating in Russia. An online survey conducted in 2014 by PC Week Review involving companies of various sizes confirmed that the import substitution strategy is being implemented on an ongoing basis.

According to the results of the study:

38% of companies used predominantly foreign products and services to organize corporate information security;
the share of firms in which domestic developments prevail is 11%;
another 35% parity combined products of Russian and foreign origin.

At the same time, it turned out that Russian developments clearly dominated in some segments: anti-virus protection (68%), electronic signature (60%), data encryption during storage and transmission (32%). The manufacturer of anti-virus protection Kaspersky Lab and CryptoPro, which produces electronic signature tools, have been on the market for more than a decade, so they managed to gain a foothold in their niches.

In other segments, as the PC Week survey showed, there was serious competition. For clarity, here is a table:

In addition, developers of specialized accounting, accounting and reporting systems, design and geolocation systems, and security scanners traditionally look confident.

The introduction of mutual sanctions also affected the information security market

Due to the current legal requirements, Western developers have difficulty in certifying the information security system for high protection classes, because companies are required to provide source codes to testing laboratories.

Western developers do not use domestic encryption algorithms. If a company wants to sell cryptographic protection means, it needs a license and certificates of conformity when using IPS in critical information systems.

All this encourages foreign corporations to partner with domestic companies. developing equipment that has passed certification, as is the case with the Russian TCC and the American corporation Citrix Systems.

Already two TCC products - the Diamond ACS access control and delimitation system and the TCC Diamond VPN / FW Client software product - have become members of the Citrix Ready partner program and are now presented in the showcase of verified Citrix Ready Marketplace products.

Hybrid response to hybrid attacks

Another reason stimulating information security developers was the import substitution policy initiated at the highest level. In their study "Import Substitution and Russia's Economic Sovereignty", Chatham House analysts Richard Connolly and Philip Hanson noted that Russia's economic policy is gradually subordinated to security considerations in order to isolate the country from internal and external threats.

The import substitution campaign is one of the key elements in this program, and legislative measures were initiated even before the imposition of Western sectoral sanctions. Import substitution mechanisms are institutional in nature and imply a strategic course, not short-term solutions.

This could reduce Russia's dependence on the oil and gas sector. But experts emphasize: real diversification of the economy will be possible only if new industries are export-oriented, as is the case with IT, one of the most competitive areas of the domestic economy.

The policy of import substitution, in particular, was facilitated by the order of the Ministry of Communications of Russia dated 01.04.2015 No. 96 “On approval of the software import substitution plan”, where the theses on the replacement of information security software were clearly spelled out and fixed, and the law signed by President Vladimir Putin in June 2015 and providing for the creation of a register of domestic programs and the possibility of restricting the use of foreign software in the presence of a corresponding domestic analogue.

As of February 2017, there were more than 2,860 software products on the registry. At the same time, the Ministry of Telecom and Mass Communications is constantly tightening the requirements for register participants.

However, the key moment of recent years was the approval of the new Information Security Doctrine in December 2016. updated version is aimed at a preventive response to hybrid wars, which are carried out not only at the physical, but also at the economic, political and informational levels. Over the past 16 years, not only the methods, but also the scale of information security threats have changed.

The adopted document for the first time clearly fixes the problem of insufficient development of the information technology industry, strong dependence on foreign products and developments.

Comparing the two versions of the doctrine from 2000 and 2016, one can notice:

First document emphasized the provision of free access for any citizen to information resources and communication technologies.
A new version focuses on ensuring the security of people's interaction with the information space and protection against technical threats.

The doctrine provides for the need to ensure information security not only of technical components (hardware and software parts), but also “subjects whose activities are related to the formation and processing of information, the development and use of these technologies, information security”, that is, it implies the training and retraining of employees.

Playing on a collision course

However, the doctrine of "information security" is implemented not only in Russia, but also in other countries, and when it comes to politics, market rules fade into the background. It suffices to recall a few illustrative examples from the practice of Washington and Beijing.

USA: Until 2013, Research in Motion's (RIM) BlackBerry was the main supplier of smartphones to government agencies. The entire FBI staff of 35 thousand employees had gadgets only from this company, since the operating system used by BlackBerry was considered the best on the market in terms of security. But then the FBI started supply talks with Samsung. It is curious that in May 2013 the Pentagon carried out a reverse "operation": the Ministry of Defense abandoned Samsung smartphones and purchased devices from BlackBerry - again, "for security reasons."

China: In August 2014, the Chinese authorities removed Symantec from the list of permitted providers of computer security software and left only local companies on it: Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising.

In 2015, the developments of the largest American IT companies, in particular, Apple, Intel, McAfee, Citrix, and Cisco, were removed from the "accredited list" of products allowed for purchase. The requirement resulted in a two-fold decrease in the amount of foreign software in China.

In June 2014, several Chinese companies "due to security concerns" announced that they wanted to switch from IBM servers to Inspur's "Tiansuo K1" platform. The Chinese firm initiated an advertising campaign with the slogan I2I, which explained the possibility of replacing IBM products with its servers.

The result was the conclusion of a collaboration between IBM and Inspur: The US company has agreed that Tiansuo K1 servers will use IBM-developed database programs and the Websphere corporate software package. Besides, Inspur is going to use Power8 microprocessors from IBM in K1.

Inspur servers will run their own operating system based on technologies from the OpenPower Foundation, which release open source software. source code for servers with IBM Power line microprocessors.

Summing up, we can conclude that Russia is in the trend. The role and importance of information security tools is growing, along with changing and transforming the technological and military methods of confrontation. It is not surprising that the leading world powers are paying more and more attention to their own cybersecurity, which is impossible without import substitution.

The global market for information security outsourcing services

If we analyze Western markets, we can see that this business model is a logical continuation of the evolutionary development of the professional services market. System support has been replaced by outsourcing, supplemented by financial services (usually leasing schemes). It made it possible to completely shift the implementation of information security functions into operating costs. Managed security services brought together infrastructure, financial services and support services into a single entity on the side of the service provider (Managed Security Services Provider, MSSP). Qualitative leap in cloud technologies defined the emergence of security as a service, allowing the client to quickly receive and manage the necessary services from the cloud.

Market Drivers/Constraints

Let's take a closer look at the industry discussed in this article. Gartner defines a Managed Security Services Provider as a service provider that can remotely monitor, manage, and augment the security functions of your organization, but whose staff is not located on the customer site.

These services can be provided stand-alone or integrated with your current security infrastructure. At the same time, organizations can hire MSSPs both to manage individual information security initiatives and to outsource the entire security program as a whole. Such approaches are used by those who have limited IT or information security resources in the company, there is a lack of expertise, or there is a need for a quick (or rather, better) implementation of the information security function, compared to internal implementation.

The environment in which businesses operate is constantly changing. The activity of cybercriminals is increasing, the number of attacks is increasing, the methods and ways used by fraudsters are constantly changing. The state and various regulators introduce new requirements for information protection. At the same time, it is necessary to keep pace with technological progress, the emergence of new devices, their use by employees, the need to apply the BYOD approach, IoT technologies. All of these factors increase the need for the high-end expertise and cutting-edge information security practices that MSSPs possess.

On the other hand, customers should carefully consider their choice of MSS provider, as they will have to put in their hands the protection of valuable business information, because its loss or leakage is very sensitive for the company. It is the doubt about the provider or the lack of adequate choice that leads customers to refuse to use MSSP services.

Involvement of MSSP helps customers take advantage of fresh solutions and best practices in the field of information security. By auditing the customer's information security infrastructure, MSSP consultants help clients in 3 areas:

Identification and elimination of "blind zones" and gaps in information security management.
Application of best practices.
Assistance in compliance with the requirements of regulators.

At the same time, MSSP helps to reduce the capital costs associated with building your own security infrastructure and related operational costs, such as hiring and training personnel, etc.

Services

The list of services can be very extensive, but in most cases, the MSS provider has the following set of services offered:

Threat Management- threat management

Distributed Denial of Service (DDOS) - distributed denial of service attack
Managed Email Security - email security management
Managed Anti-Malware - malware protection management
Managed Firewall - management firewalls
Managed Security Gateway - management of security gateways
Managed Intrusion Detection Services and Intrusion Prevention Services - management of intrusion detection and prevention

Compliance Management- verification of compliance with the requirements of regulators
Vulnerability Management/Scanning- checking/scanning for vulnerabilities
Security Operations Center (SOC)- security center

Log Management - log records management
Incident Management - incident management

Endpoint Security- security of end devices
And many other different services, the most popular of them:

Identity and Access Management - identity and access management
Awareness Management (Anti-Phishing, Social Engineering) - awareness raising (fight against phishing, social engineering)
Virtual Data Rooms (VDR) - virtual rooms
Security Health Check - system health check

The information security outsourcing market is divided into two components according to the service provision model:

With the installation of equipment or software at the customer's site. This also includes the CPE (Customer Premises Equipment) approach: in this case, the customer has equipment with basic settings, operation logic, a set of software for providing various services is downloaded from the supplier and may vary depending on the needs of the customer.
Provision from the cloud, without installing hardware and/or software. This method is called SECurity As A Service.

At the moment, the bulk of cybersecurity outsourcing services are provided based on the equipment installed at the customer's site, but most studies say that this trend will change, and services will be provided from the cloud in the 2017-2024 horizon.

Financial indicators

Researchers agree that the cybersecurity outsourcing industry (Managed Security Services) will grow. Only estimates differ in the rate of growth. But even in this case, the range of values is not large, the indicator of the cumulative average annual growth rate (CAGR) of the size of the information security outsourcing market is from 12% to 17%.

These growth rates are higher than those for the cybersecurity market as a whole, which are projected at 8-12%.

The volume of the cybersecurity outsourcing market in the world is estimated at $18 billion in 2016 and $41 billion by 2022, while the volume of the entire cybersecurity market is estimated at $82 and $170 billion, respectively. This means that the share of outsourcing services among cybersecurity services will increase from 21% to 27% by 2022.

Major Players

The most notable players in this segment:

Verizon
Orange Business Services
CenturyLink
Dell Secure Works
Symantec
TrustWave
Wipro
BAE Systems
NTT Security

Companies providing services under this business model (service providers) can be divided into three categories: telecom providers / data center operators, solution manufacturers, independent solution providers from various manufacturers.

Obviously, customers are more disposed towards telecom and DC operators, since less effort is spent when connecting to their services. The equipment in the case of DC- or traffic in the case of a telecom operator is already on the side of the provider.

An analysis of the portfolio of the world's main players shows that the greatest variety of services is demonstrated by companies producing solutions. While telcos focus on Anti-DDoS, MDM, Email Security, Managed Firewall, Managed Gateway services, solution makers provide more sophisticated services that require more in-depth expertise.

The most common service provided is SOC using various SIEM solutions. Very often, the IRS is provided with this service. Next in the ranking is Vulnerability Scanning and other services.

The target audience

According to experts, in the near future the main consumer of MSS services will continue to be big business. But the segment of small and medium-sized businesses will show the highest growth rates. Looking at the forecast in terms of business sectors and forecasts for the largest consumption of MSS, the banking, financial and insurance services (BFSI) sector leads here.

The environment in which banks, financial institutions and insurance companies operate is changing dramatically in terms of new technologies and business processes. The technological revolution that has taken place in the banking sector and financial institutions has changed the form of ATM, the type of basic banking processes, new forms of customer service have appeared - through web platforms and mobile devices. The BFSI sector is under unprecedented pressure due to increased cyber attacks on the one hand and tightened regulatory requirements on the other. This kind of pressure is one of the driving factors behind the MSS promotion, which allows you to quickly get the desired result.

The general trend of business is to move towards providing digital services- involves moving further beyond the perimeter of the infrastructure to provide services. And if it is necessary to stretch the perimeter to the territory of telecom and data center providers, then there are fewer and fewer barriers and fewer doubts about using the outsourcing business support model and SECaaS as its particular case.

Western experts argue that increased demand from small and medium-sized businesses is a key factor in the growth of the MSS market in the medium term (3-5 years). This is due to the fact that for companies of this size, aspects of the business have recently changed dramatically. As a result, these companies are forced to revise business models and change infrastructure. MSS help support growth, optimize business processes and increase their operational efficiency. Since MSSPs offer strong protection for confidential information, demand from SMB will grow in the forecast period. The growth rate is estimated at 17.5% CAGR between 2016 and 2024.

Russian market of information security outsourcing services

The Russian information security market is not distinguished by its publicity, and there is no worthy analytics on the MSS market. At the same time, the growing interest in this direction is obvious for market players. All categories of service providers (telecom providers and data center operators, solution manufacturers, independent vendors) are already on the market with their own offerings. It should be noted that there are no clearly defined leaders. In certain segments, for example, in the field of protection against DDoS attacks, there is already a sufficient number of companies competing for a client. In general, the market is quite thin, many services available on the global market are not available on our local market, and competition in most segments is low. In fairness, it should be noted that Russian customers have access to services from global players that are not popular for a number of reasons: a low level of customer confidence in them, legislative and technical restrictions (for many customers, the fact of Russian-language support and Russian language support can also be very significant, both at the stage of connection and at the stage of operation of the service). The situation could be changed by the local presence of these players and investments in the Russian market, but they are in no hurry because of its financial unattractiveness compared to the US and Western Europe.

Taking into account analysts' forecasts for the global market, I would like to dwell in more detail on the most promising direction - services provided under the SECaaS model. In this article, we will limit ourselves to considering services that have the following characteristics: available for purchase in Russia, located in the Russian Federation (having at least one point of presence, since most services are geo-distributed), providing Russian-language support or having partners providing this service.

Services

List of services that are available to consumers:

Anti-DDoS
Secure Web Gateway
mail security
Treat Intelligence
Code Analysys
Managed Firewall*
Managed Security Gateway*
Managed Intrusion Detection Services and Intrusion Prevention Services*

* Services are provided on the basis of a telecom operator or data center.

Major Players

In accordance with the previously defined categories, we will divide providers into the following types: telecom providers and data center operators, solution manufacturers, independent solution providers from various manufacturers. All these categories are already active players in this market: telecom providers (Rostelecom, MegaFon, MTS), solution manufacturers (Qrator, Wallarm, ZScaler, Appercut, DDoS-GUARD), independent service providers (Solar Security, " Informzaschita, ProtoSecurity).

Drivers and constraints for the SECaaS market in Russia

“There are two views on the future. One with apprehension, the other with anticipation." Jim Rohn

What are the benefits of this model for service providers? What makes new players enter this market, besides the obvious desire of any business to make money? It is possible to identify drivers common to all categories of service providers for this model:

Infrastructure control on which the service is provided. This allows you to significantly reduce maintenance costs and clearly draw a line between the infrastructure of the customer and the infrastructure of the service.
Shorter transaction cycle. As a rule, a proposal under the SECaaS model is aimed at satisfying an already existing need of the customer. There is no need for lengthy pilots to demonstrate PoV and create a need with the customer.
Better control over costs (transparent resource model). The service provider gets the opportunity to more accurately predict their costs for creating and maintaining the service.
Expansion of sales geography.

The main limiting factor is the limited sales market.

The benefits and limitations differ for different types of SECaaS service providers.

Table 1. Advantages and limitations of different types of providersSECaaS

Provider	Advantages	Restrictions
	Increasing customer revenue, entering a new market. Eligible investment in infrastructure (main investment completed)	Link to your main product
	Lower solution maintenance costs	Investments in infrastructure. Competition with own products
	Entering a new market	Investments in the implementation of services. Complexity of implementation. The need to develop new sales channels

For customers, using SECaaS has quite obvious advantages: fast connection services, easy scaling and a flexible payment system, and payment is exactly the volume in which the client is interested at the moment.

As with outsourcing, the main limitation remains the lack of trust in service providers. Another significant factor is the limited supply on the market. In our opinion, when deciding on the choice of a SECaaS solution provider, customers will highlight the following factors:

Table 2. Provider selection criteriaSECaaS solutions

Provider	Benefits for the customer	Customer Restrictions
IT Service Providers (Telco, Data Centers)	Synergy with the provider's main product (communication channels, IaaS, PaaS)	Lack of access to the service when changing telecom provider/data center
Service Producers, Solution Producers	Proven Solution	Lack of choice of the most acceptable solution for the customer
Independent Service Providers	Possibility to choose technology and service according to needs. Possibility of a “synergistic” effect when using several services	Low competition. Lack of service management platforms

ANGARA view

"... a cloudless sky full of heartless stars" by Isaac Marion.

“We believe that the SECaaS service market will experience rapid growth in the next few years.

When implementing projects, we often pursue the achievement of local goals of our customers, solve their particular problems, within the framework of this cooperation, we immerse ourselves in their problems, industry specifics, enrich our experience and receive valuable information to improve our value proposition. At the same time, we are focused on delivering offerings that meet business needs, and we recognize that even companies on a tight budget are not prepared to compromise when it comes to the availability and security of their business processes.

We plan to significantly increase our offer on the SECaaS model in the near future. Our strategic goal is to create a leading company in this market, which will act as a broker, providing customers with the service that best suits their needs and budget. Also, in the near future, our company is ready to provide its own services (under the Angara Professional Assistance brand), bringing services to the market according to the SECaaS model, which are currently available only as on-premise solutions in the Russian Federation. A key element of the technological foundation of this company will be a universal platform for managing these services.”

Alexander Trikoz

Investments in information technology in the sector of medium and small businesses are increasing every year. The presence of a well-built information system is becoming more and more tangible competitive advantage. Information today is a valuable asset for a significant portion of SMB businesses. In this regard, the problem of ensuring information security is becoming more and more acute. The volume of the Russian information technology market is about 14 billion dollars. At the same time, its real growth over the past year was only 5%. This is primarily due to the saturation of large businesses and government agencies with IT solutions. At the same time, the offer for medium and small businesses from IT manufacturers is limited, which hinders the further development of the market. Against this background, the information security (IS) market is growing at a significant pace (on average 25-30% per year), the largest growth (50-60% per year) in the medium term is predicted in the SMB sector.

It is worth saying that the market in question consists of visible and hidden parts. The first is all services related to the protection of information, which are carried out in companies under the item "information security costs". However, in most projects for building IT systems, there is a security component and, accordingly, products and services associated with it. But these costs are not directly reflected as security costs, and therefore constitute a hidden part of the market. The hidden market also includes supplies for the SOHO (Small Office / Home Office) segment and private users, since it is not possible to determine the amount of costs that this type of user spends on security for a number of reasons, among which “piracy” is the main one. According to the Informzashchita company, the volume of the information security market in 2006 amounted to 260 million dollars and grew by 24% compared to last year (according to Leta IT-company - 250 million dollars with a growth of 29%). Thus, the information security market in Russia is 1.8% of the entire IT market, which is significantly less than the global average (4-6%). This only confirms the significant volume of the hidden market. According to experts, from 1 to 5% of the cost of projects for the implementation of CIS or IT infrastructure falls on information security, which is usually not allocated as a separate expense item.

Thus, we can say that in general, including the "gray" zone, the information security market in 2006 occupied about 5% of the entire IT market, which in monetary terms is about 700 million dollars.

The obvious trend in the information security market is the gradual convergence of works from the hidden part to the visible part of the market. So, in 2004, the "gray" part accounted for 67% of the entire information security market, and two years later it decreased by 3% and amounted to 64%. According to the forecasts of Leta IT-company, by 2010 the hidden part will not exceed 55% of the entire information security market.

The information security sector continues to be one of the fastest growing segments in the Russian IT market. Its growth outpaces the growth of the entire IT market, and in the medium term this gap will only increase.

The outstripping growth of the information security market is associated with the following main factors.

1. Changing the structure of consumption

The initial implementation of information security systems at Russian enterprises took place according to the “patchwork quilt” principle, when the security infrastructure was built to solve only technical problems. However, this approach loses relevance over time. Today, when organizing IT systems, customers are guided by their compliance with business processes in organizations. Russian business is coming to understand that added value and capitalization are created by processes that need to be protected.

This is largely due to general changes in the work of Russian organizations, which are increasingly reminiscent of European ones. It is worth saying that the skew in demand towards SMB can lead to a decrease in the share of system integrators in the information security market due to their inertia (working with large businesses and government agencies has generated certain models of behavior in the market, which will be difficult for slow players to get rid of).

2. Complicating the tasks solved by information security

Business enlargement and the emergence of new types of threats require more complex protection, the use of new software and hardware systems. Organizations that have already created an IT infrastructure are implementing more serious tools that protect previously unprotected objects.

3. Introduction of standards

The implementation of standards in Russian companies is largely associated with the need to conduct an IPO and/or enter international markets. For the information security sphere, the most popular certificates are ISO 27001 and SOX. At the end of 2006, only four companies in Russia were certified according to ISO 27001-05. But due to the focus of this standard on the process approach, the number of companies certified according to this standard will grow. According to Ernst&Young, the share of certified companies with a turnover of more than $1 million worldwide is already 34%, and another 30% plan to get certified in the near future. Thus, in Russia we can expect an explosive growth in demand for audit and certification services. By 2010, up to 1,000 companies may be certified.

4. Entering new players

The growing market attracts more and more new players. In addition, representative offices of companies widely known in the West are opening in Russia: McAfee, SafeNet, BitDefender, etc. In the event of a stable economic situation, all the main players in the information security market can come to Russia. This will lead to increased competition, market growth due to the expansion of the product offer and lower prices for information protection.

5. Entry into the private user market

This factor is associated with the increasingly active licensing of information security tools by individuals. This is due to lower prices and a decrease in software piracy in the country. According to US research, the most serious threats to medium and small businesses are coming from the Internet - hacker attacks and viruses. 15.8% of companies are seriously concerned about the physical safety of data, almost the same number are afraid to suffer from the actions of insiders. Accordingly, each problem has a solution in the form of a certain class of products offered by the leading players in this market.

Firewalls

A basic network security tool that first appeared at the end of

80s of the last century - firewalls. Their main purpose is to separate computer networks. Initially, a computer was used for these purposes, separating the protected and open networks. Over time, many software tools have appeared that perform this task. In addition, the competitive environment has made possible the emergence of universal products, which also include intrusion detection tools, antivirus tools, etc.

Today, business firewalls are largely hardware solutions. Compared to software products, they have undeniable advantages: there is no need to purchase a computer and an operating system to deploy a firewall, a hardware solution is more reliable, since it requires fewer calls for maintenance. Identical products are interchangeable, easily form clusters for load balancing, suitable for cold and hot standby.

Antivirus

As in the segment of home users, the main competitive advantage of antiviruses in the corporate market is the speed of updating antivirus databases. Today, some manufacturers declare a 20-30-minute gap between the beginning of the spread of a virus and the appearance of an antivirus in the company's databases. Recently, the development of anti-virus products built on several cores (from different vendors) has become a noticeable trend. In addition, in addition to advanced management capabilities, modern anti-virus solutions offer a set of tools for building in-depth protection: components of their systems not only protect workstations and servers, but also close the most likely ways for viruses to penetrate the network - mail gateways and proxy servers for access to Internet.

Content control systems

Due to spam problems, content control systems have gained immense popularity. However, the main purpose of content controls is to prevent the leakage of confidential information and stop the misuse of the Internet.

One of the priorities in which manufacturers of such tools are working is the creation of a content control system that is invisible to the user. The main problem here is the resource intensity of traffic analysis. Various schemes of distribution of calculations are used - from the arrangement of separate, but centrally managed and implementing a single security policy, servers in the company's divisions to clustering and parallelization of calculations.

Biometric identification

The use of biometric identification systems is expedient, first of all, in those areas of activity for which it is critical to ensure the confidentiality, integrity and availability of information. Obviously, in the case of medium and small businesses, this definition includes all user operations with data important to the company. Another task for which the use of biometrics can be effective is the accounting of working time. Authentication in Web solutions can also be implemented using this technology.

A complete information security system should include a set of methods and tools that provide protection against the most serious threats, such as theft, modification and destruction of information. The priority tasks that the information security system solves in this case are: protection against unauthorized access to company resources, control of the integrity and authenticity of information, control of all transactions, as well as timely detection of network threats and anti-virus protection. To solve the problems of identification and authorization, mechanisms are used that use the characteristics of users: property, biometric, as well as the principle of information ownership. The simplest and most common method is identification based on information ownership. To access the information system, a user must have one or more name/password bindings. Based on this principle, many protocols have been developed, including IEEE 802.1x, CHAP (Challenge-Handshake Authentication Protocol), Kerberos.

To date, identification methods based on the property characteristics of users, as well as using the principle of user ownership of certain information, are recognized as insufficiently reliable when protecting critical or confidential information.

There are many effective and fairly simple ways to bypass such systems. The most dangerous are man-in-the-middle attacks. They lie in the fact that between the user and the server there is a person who intercepts information from both sides and, ultimately, all the necessary data for successful authorization is not in hand. In addition, social engineering methods are used to obtain identification information. One of the most common ways is to create a fake site that imitates the end portal that recognizes users based on the entered data. The method of guessing the password required to enter the system is still popular: it is based on what many people use simple words and phrases as keys.

Based on the above vulnerabilities in traditional security systems, developers are increasingly paying attention to identification and authorization technologies based on biometric data. They are designed to significantly increase the level of security in information systems. Biometric data refers to relatively stable physical characteristics of a person: fingerprints, iris pattern, face shape, voice.

In the process of developing reliable and secure biometrics, many problems arise and their effective solution is required in order to take full advantage of the benefits of bioelectronic identification methods. The first and most important criterion is the reliability of recognition. If the quality of recognition is low, the protection system may deny access to a legitimate user of certain resources. Among the variety of biometrics, the most reliable is identification by the retina and fingerprint, which has been confirmed by numerous tests.

Fingerprint recognition is one of the simplest, most reliable and long-used technologies, so most of the existing and developed biometric identification systems are based on it. When considering the security of biometric identifiers, it is necessary to take into account all the components of the system as a whole. The use of biometric technologies for identification and authorization can only be useful if standard tools are the weakest link in data protection. “Biometrics alone does not improve security,” emphasizes Bart Kaliski, lead researcher at the RSA Security Lab. For example, retinal identification can be completely meaningless if the information coming from the scanner is processed by a poorly protected operating system. On the other hand, the use of biometrics in Web solutions is potentially more secure than in other areas of information security. A very important criterion for the development of biometrics in the world in general and in a particular country in particular is the standardization of this area. Moreover, this procedure involves the development of several standards in various areas, both for individual areas and for all biometrics as a whole. The most common are the following standards: X9.84, ANSI/MIST ITL 2000, XCBF. They define a single protocol for the provision of biometric data, the algorithms necessary to work with such information, the possibility of interaction with other systems (most often cryptographic systems) and identification technologies. In addition, rules are set for use in various areas of identification, such as digital signature, electronic payments, identification on Web solutions. The development of biometrics standards is carried out by government agencies, international organizations for standardization and certification, independent manufacturers and consortiums.

Biometric technologies will play an important role in personal identification issues in the near future. Used alone or used in conjunction with smart cards, keys and signatures, biometrics will soon be widely used in all spheres of human activity. Already today, a number of solutions are offered on the market that allow organizing personality recognition for various purposes.

Centralized enterprise security management

A modern organization with a well-established IT infrastructure uses many data processing and protection hardware and software tools in its network, each of which can be managed by several people and most often has a separate management console. In this regard, there is a problem of centralizing the management of all subsystems of the IT infrastructure, from antivirus to intrusion detection systems. Systems that automate information security management processes are a very promising area of information security, in which work has been carried out in recent years. The ideology of the solution is that security management is strung on the framework of the company's business processes. The system, having knowledge of the organization's information system, not only translates this information from the language of one unit into the language of another, but also issues instructions for performing specific operations. The ubiquitous agents of the system control the timeliness and correctness of the execution of these instructions. Today, it is obvious that small and medium-sized businesses in Russia, with an increase in the level of IT penetration, are increasingly in need of information security tools, however, unlike public authorities and large businesses, they cannot afford full-featured solutions and services and are forced to use "boxed" solutions that satisfy only part of their requirements. Despite this, already today a significant number of vendors are looking towards SMB, offering low-cost end-to-end solutions. Thus, if there is effective demand from this business segment, the necessary solutions will definitely appear.

The editors of the "IT-Security. Information Security Systems and Means" catalog conducted a survey of consumers of systems / solutions and services in the field of information security, as a result of which it became clear what problems customers worry about today, what questions they would like to ask the largest manufacturers and integrators.

As a result, the editors compiled a list of questions addressed to the largest integrators and vendors of the information security market.

The following companies took part in the project: LANIT group of companies. UNI Corporation, CROC, 000 Microsoft Rus, VSS, SA, Cisco Systems, HELiOS IT-SOLUTIONS, Oracle, Symantec.

What are the main trends in the global information security market that you can note?
What systems and solutions are most in demand by Russian consumers today?
Which consumer sectors do you see as the most promising? What classes of systems/solutions would you recommend consumers to pay attention to?

Vasil Barzakov,
Regional Director of SA for Russia and the CIS

1. Security management is often seen as "keeping out the bad guys", the purpose of security in this case is only to detect viruses, hacker attacks and unauthorized access attempts. However, the general trend of the last few years, which continues to grow, is the transition to integrated security management. One important benefit of integrated security management, especially identity and access management, is to support new and strengthen existing business initiatives. For example, an integrated identity and access management solution has many benefits, including protecting assets and services from unauthorized access and other threats, which increases the efficiency of the IT environment by automating many administrative processes and improving compliance. In addition, the identity and access management solution provides the infrastructure to grow your business by acquiring new customers with the ease of deploying new applications and services, strengthen relationships with existing customers with an improved user experience, and develop new partner ecosystems and more efficient supply chains.

2. Russian users still prioritize "avoiding the bad guys". However, in recent years, the first steps towards building integrated security management systems have been taken, mostly in the form of the beginning of building security information management systems in which security-related information is consolidated and analyzed through automatic correlation. This helps information security professionals deal with the sheer volume of this type of data generated daily in IT environments and make more informed decisions. Professionals in this field have begun to realize that using reliable interactive reports in their daily work is much more efficient than having to call several people each time to prepare reports that can then be discussed. In the coming year, we expect further growth in the distribution of such systems.

3. The government and financial sectors are expected to lead the way in adopting integrated safety management systems. Strengthening control over compliance with national and international regulatory requirements, as well as increasing accountability to customers and partners, will require more stringent information security management. As a result, we expect organizations to move towards more integrated security management. At the same time, the growing number of IPOs, mergers and acquisitions observed in Russia today will create new challenges for CIOs and information security specialists. That is why we recommend companies planning an IPO or merger to start building centralized identity and access management systems. The necessary technologies have been around for quite some time, and they are mature enough to help companies realize the huge benefits in both information security and process efficiency - two critical factors in a stock market entry or takeover. new organization. Identity and access management systems are to this day an area in which very few Russian companies have made their first concrete steps, while the majority still rely on manual and decentralized management. However, we are confident that more and more IT leaders and security professionals, especially from the sectors mentioned above, will start looking for solutions that will help them centralize and take control of user identity and access management with the latest software technologies, which will achieve a higher level of automation.

Alexey Lukatsky,
Cisco Systems Security Business Consultant

1. One of the first trends is integration. The simplest and most common way of integration is to control access both to the premises of the protected company or organization, and to information resources. Indeed, physical access control and computer access control can greatly help each other. For example, the security system captures employee Ivanova's access to a computer in the accounting department. Quite a common event. However, suppose that Ivanova is currently on vacation in Turkey and is physically unable to be at her workplace. There may be several reasons for this situation: Ivanova gave her password to her colleagues or her password was guessed/intercepted by an attacker. In any case, there is an incident that requires investigation. Without the integration of physical and information security tools, it would be impossible to detect such a problem. Integration will also affect the IT market. If earlier the protection system "hung" in the air and had almost nothing to do with the infrastructure it was designed to protect, today point and hinged solutions are gradually losing their positions. Security from an option is increasingly becoming an integral part of some IT solution - it turns into one of the properties of a technology or infrastructure. Just look at the actions of such giants as Cisco, Microsoft, Oracle, IBM, EMC, HP, etc. They buy up traditional players in the information security market and integrate their solutions into their products and technologies. Those who do not have serious financial resources to acquire other companies enter into various OEM agreements with security developers. Russian developers have not yet initiated such agreements, but they are often invited as an OEM partner. The best known in this regard is Kaspersky Lab, whose anti-virus engine is built into many anti-malware products around the world.

Authentication was one of the first security technologies to appear, but interest in it does not fade away. Even vice versa. Access to personal data, Internet and mobile banking, the principle of "one window", role-based management - all these services are the personalization of access to certain services and require very clear differentiation, which is impossible without the implementation of authentication mechanisms, and not only on user level, but also at the device level (802.1x).

However, authentication alone does not solve all secure access problems. Once the user and device are authenticated, malicious code or an attacker can infiltrate a secure network or protected information assets. The solution to this problem is Network Access Control (NAC) technology, which will gradually replace or incorporate many other traditional security technologies. For example, security scanners, antiviruses, patch management systems, etc. Indeed, in essence, all these listed technologies are only an intermediate link to the goal - secure access to information assets. NAC technology allows you to combine them all into a single life cycle: first, we determine that the node is infected or vulnerable, and then we fix the detected problem, while preventing the node that does not comply with the security policy from accessing corporate resources.

With security at the network level, most issues have already been resolved, which cannot be said about the application level. But if there are certain difficulties with the effective protection of ERP, CRM, DRP and other business systems that are still waiting for their researchers, then the task of message security is more likely to be solved in the next year or two. In this case, the message is not only SMTP, POP3 or IMAP e-mail, but also Instant Messaging, XML messages between applications, etc.

Automotive, alcohol, pharmaceutical and many other markets have been consolidating for several years now. The same fate threatens the information security market. An interesting trend can already be noted: small and targeted players either leave the market or are absorbed by their larger and more eminent colleagues. In recent years, Cisco has carried out 20 acquisitions of various companies that are leaders in certain segments of the information security market. Microsoft - 9 such acquisitions, EMC - 2, IBM - 3, etc. There are such examples in Russia. I am aware of at least three facts of the transfer of part or all of the information security assets to other hands, and this is not counting the latest transactions between the largest Russian integrator companies. Thus, in the very near future we will see another round of such transactions both on the international arena and on the Russian market.

2. The Russian consumer, for the most part, is not spoiled by a wide range of security solutions. Of all the known information security solutions in the world, we mainly provide solutions for network security, PKI, EDS and IdM (Identity Management). Dozens of other types of protective equipment are not supplied to Russia, despite the great need for them. Examples of such solutions include systems for profiling the behavior of users of Internet banking or strong authentication of transactions Covelight, Corillian, Bharosa, Business Signatures, StrikeForce, VoiceVerified, etc. However, the lack of information about them leads to a lack of demand (but not need).

Of the same solutions that are nevertheless presented on the domestic market, firewalls (especially as part of multifunctional security devices), attack prevention systems, information leakage control, VPN solutions, security scanners, control systems are still in the greatest demand.

3. Any industry has a need for information security solutions. Some are slightly larger (for example, banks or government agencies), others are slightly smaller. It all depends on the over-regulated™ market, since this is the main driver of information security issues today. For example, in the financial sector, in addition to the "standard" laws "On Personal Data", "On Commercial Secrets", etc. there are also industry requirements - the Central Bank standard for information security, Basel II recommendations, etc. Telecom operators will soon have their own requirements. But this does not mean that other verticals are not interested in security. Threats are the same for everyone, the level of maturity is almost the same.

Vladimir Mamykin.
director of information security 000 "Microsoft Rus"

1. First of all, it is the continuation of the fight against criminal gangs working in the field of making a profit based on penetration into informational resources organizations and private citizens. From the point of view of attacks, their goals are shifting from infrastructure elements (operating systems, etc.) to applications, since it is on hacking applications that criminal proceeds are based. From the point of view of protection, end-to-end identification of subjects and objects in heterogeneous environments is becoming increasingly important. Such identification is a complex response to numerous risk factors, including those associated with the problem of insiders.

Attacks on users will typically be carried out through malware that enters users' computers when they visit infected Web pages. Trojans are placed on such pages to organize phishing attacks, and spyware, and spam software. I think that the leaders in the number of sites with infected pages are China and the United States. Although, due to the wide spread of broadband Internet, there will be many such sites in the countries of Southeast Asia.

There is another global trend in the development of information security - the expansion of the use of hardware and software. On the example of authentication, this has been seen for a long time. But the new direction is

using TPM modules on the motherboard to store passwords and digital certificates. It will soon be difficult to find a motherboard without such a module. Unfortunately, at present, it is difficult to import computers with working TPM modules, which prevents users from taking full advantage of modern data protection technologies such as Bitlocker in Windows Vista. However, due to the existing possibility of integrating Russian cryptoalgorithms into the TRM, this problem, I am sure, will be successfully solved soon.

2. Russian consumers are advanced, and they are interested in the whole range of information security solutions. The most popular solutions include solutions for organizing secure workflow, corporate PKI systems, protecting the network perimeter and, of course, anti-virus solutions. A significant market share is occupied by both authentication systems and Russian cryptographic solutions. It is also important that information security solutions be certified by the FSTEC. I must say that certified tools have long formed a certain segment of the information security market. New in recent years in this segment has been the fact that not only information security systems (firewalls, antiviruses), but also general purpose software - operating systems, office application packages, application servers and databases - have been certified. A significant role in this is played by the consistent position of the state, which requires organizations to comply with information protection legislation. At the same time, not only state organizations, but also private companies fall under such requirements. This position of the state is respected.

Z. All industries in our country are interested in information security solutions. And due to the rapid development of the economy, all industries show good growth and are promising in terms of information security. I just want to draw your attention to the fact that in the near future there will be new consumers who previously were not too interested in information security problems. They will need to protect their information resources in accordance with the requirements of the Law on Personal Data that has come into force. These are municipalities, and registry offices, and schools, and medical institutions, and personnel departments in companies, and many other structures, both public and private, both large and very small. All of them will need to protect data in accordance with government requirements.

Vasily Roslavtsev,
Head of Information Security Department HELiOS IT-SOLUTIONS

1. The global information security market today is one of the most dynamically developing, showing a steady annual turnover growth of more than 20%. According to various analytical agencies, its volume in 2007 amounted to about $40 billion. Modern requirements for business principles imply maximum transparency of business processes for shareholders (the more transparent business processes, the easier it is for shareholders to assess the risks of investing funds), protection of critical for business data from compromise, loss or damage.

Recently, there has been a steady increase in the number of incidents related to negligence in relation to the protection of personal data, as well as targeted efforts by attackers to obtain them. In fact, companies must solve two opposing tasks - to ensure the availability of information for consumers inside and outside the company and at the same time close access to it to malefactors (both internal and external). Companies must understand what level of information availability they need to provide, correctly assess the business risks associated with threats, and determine the degree of their criticality for the business. This is followed by issues of organizational and administrative documentation, the implementation of policies, equipment, as well as training of personnel to work according to the new rules. Not all companies can do this on their own. Hence the most noticeable trend is the growth in the share of services in the field of information security, which include:

consulting, including audit, development of regulations and risk assessment;
introduction of workflow and software and hardware;
employee training;
outsourcing and service delivery.

The second trend is the saturation of the market with boxed solutions (both software and hardware) and the transition to an integrated approach, when all processes and equipment are the object and means of providing information security - from data storage systems to secure document management. This, in turn, leads to the fact that major players in the world market, seeing the high profitability of this approach and the potential of this segment, begin to invest in this direction.

Accordingly, the third trend is the consolidation of assets by major players that allow them to work in this segment. As a rule, this involves buying niche players, as well as entering into strategic alliances.

2. The Russian market has some peculiarities compared to the world market. Firstly, this is strict legislation regarding the requirements for information security tools, legal restrictions on the presence of foreign players, and a strict state policy in the field of information confidentiality. It is no secret that in Russia solutions for this segment are most in demand in government agencies, they consume more than 60% of the goods and services on the market, which is also confirmed by the distribution structure of the company's turnover in this market. Secondly, the next group of consumers in terms of turnover are large corporations and holdings of the oil and gas, financial and industrial sectors. It should be noted that with the development of the information security market in Russia, we note an increase in the share of projects implemented in government agencies. In our opinion, this is happening because not only large companies have begun to understand the importance of security issues, but also companies of medium and sometimes even small businesses. Due to the fact that historically our market lags behind the Western market in development, at the moment the greatest demand is still concentrated in the field of boxed solutions and the closure of individual segments of the entire range of measures in the field of information security. A typical case is when a customer asks for a solution to the issues of providing comprehensive anti-virus protection, protecting the network perimeter, creating a set of measures to protect against insiders, etc., but such a policy of "patching holes" is not an alternative to a systematic approach. Accordingly, with the closure of such projects, interaction with the client does not end and, as a rule, continues in line with an integrated approach. As for specific solutions, the greatest demand is in descending order: content security management (protection against viruses, spam), protection of the network perimeter with software and hardware systems, cryptography and document flow protection tools, protection against unauthorized access from within and traffic control. From the point of view of services, the greatest demand is focused on services for the design of information security systems, consulting technical means, as well as on the audit of information security (including with the use of special software and hardware), the introduction of technical means and their further support. To a lesser extent, information risk analysis services, outsourcing and the provision of services in the field of information security are in demand.

3. The list of industries we focus on is wide. These are state (including military), financial, social and commercial structures (banks, insurance companies), large manufacturing companies (including the oil and gas sector), retail chains and service companies. Now there is a rapid growth in all industries, so it would not be entirely correct to single out any one; trends of a more dynamic development of the direction of information security in some specific industries have not yet developed.

As one of the development prospects, I would name state and commercial structures that work with personal data. We are all practically accustomed to the fact that personal data leaks occur regularly, especially from structures and companies that, due to the rapid introduction of information technology, do not have time to ensure their protection.

We recommend our clients (both existing and potential) to take a comprehensive approach to the issue of ensuring information security, not to engage in information security "pieces", but to contact an expert who will provide the whole range of work and, moreover, will take into account the development prospects of the customer, the market and the the technologies themselves.

Oleg Shaburov,
Symantec Technical Specialist in Russia and the CIS

1. First, cybercrime is becoming more and more professional. It continues to pursue the goal of financial enrichment, but now attackers use more and more money for their criminal activities. professional methods attacks, tools and strategies.

On the market there are sets of powerful tools for organizing malicious attacks. An example is MRask, a professionally designed set of tools that is sold on the black market. By purchasing it, an attacker can use it software components to install malware on thousands of computers around the world, and then monitor the success of the operation by different characteristics displayed on the password-protected online control and management console.

In the world of professional and commercial cybercrime, phishing tools are also available, which are a series of ready-made scripts that allow attackers to automatically create phishing websites that mimic legitimate ones.

Second, cybercriminals are increasingly exploiting trusted websites, such as popular financial institutions, social networks, and employment services, to attract victims. Studies show that 61% of all vulnerabilities are related to Web applications. By hacking into a trusted Web site, criminals can use it as a source of malware to hack into individual computers. This attack method allows cybercriminals, instead of actively looking for victims, to wait until they come themselves. Social media websites are particularly attractive to attackers because they provide access to a large number people, many of whom trust the server and consider it safe. In addition, these Web sites may contain a lot of sensitive information that can later be used for "identity theft" attempts, online fraud, or to gain access to other Web sites through which new attacks can be launched.

Thirdly, the intensity of multi-stage attacks continues to grow, consisting of an initial attack not designed for direct malicious activity, followed by the use of its fruits to organize further attacks. One example of a multi-stage attack is the reusable downloader, which allows an attacker to replace a downloaded component with any type of threat that suits his goals.

2. I don't think it's even worth saying that anti-virus solutions are in demand as always. As a major qualitative shift, I would like to note the fact that users have begun to understand the need to use complex solutions. Previously, many, for example, wondered why workstations needed firewalls or intrusion prevention systems. But if you show them the statistics of attacks on servers by source of origin, such a need immediately becomes obvious (43% of attacks are made from laptops of mobile workers).

More and more serious interest is being shown in mail traffic protection systems. If earlier many were content with protecting traffic from malicious software, now no one can do without protecting traffic from spam. As recent studies show, Russia is taking an increasingly significant position in the distribution of spam, while the EMEA region has already overtaken North America in terms of its distribution.

Z. First of all, I would like to recall the decisions on information security management. This area is especially in demand in companies that have reached a certain level of maturity in the field of security. Closing individual security gaps with product sets becomes insufficient. In addition, given the fact that most attacks are built on a multi-stage basis, they are often either impossible or too resource-intensive to trace without using products of this class.

I would also like to remind you that you should not forget about endpoint protection. Often, attention is bypassed by terminal clients working at operating Windows systems XP Embedded and WEPOS. And about PDAs, PDAs and other mobile devices, which are increasingly included in corporate standards, are forgotten even more often. But they are also worth protecting, and there are special means of protection for them.

Dmitry Shepelyavy,
MBA, PMP, CISSP, Head of Technology for Oracle Security Products CIS

1. At the moment, there are several trends.

The first trend is the inclusion of information security solutions in the infrastructure solutions of large IT vendors. Technologies such as firewalls, intrusion detection tools, Identity Management, antiviral agents, are already part of the comprehensive offer of major vendors. It is difficult to name a security technology that is not in the offers of IT vendors.

This situation on the market arose as a result of the second trend - the consolidation of the security market. At the last RSA Security conference in San Francisco, the CEO of RSA predicted the disappearance of IB as a separate market segment. It looks like it's starting to come true. Large IT vendors are actively acquiring the most interesting providers of information security solutions. Niche players, in my opinion, will soon account for customization of large vendor solutions and consulting.

The third trend is the absence of revolutionary breakthroughs in the field of information security. There is a fairly intensive evolutionary development (risk-based authentication, fraud-management). In addition, in my opinion, a small revolution is just around the corner: the transition to SOA - an architecture that fulfills the dream of any security specialist - embedding pre-tuned protection mechanisms (authentication, cryptoprotection, authorization) already at the level of business process design in a graphical interface based on open standards (WS-*, Liberty...).

One of the trends is also the final blurring of the information security perimeter. The number of technologies and formats for information exchange is now so large that closing ports, banning devices and simply analyzing content can no longer provide either an acceptable level of risk or the possibility of using new technologies in business. This trend, in my opinion, leads to a logical conclusion - security tools should be placed as close as possible to the protected information. An example of such a technology is IRM (Information Rights Management), which ensures the protection of documents regardless of their location inside or outside the corporate perimeter.

2. There are several priority areas that we can identify based on our experience in Russia.

When building an information security system, the customer first of all pays attention to the regular security functions of the platforms used. This is quite natural, because integrated protection tools are usually more reliable and less resource-intensive than overlay ones. The only thing that can serve as an obstacle to the use of standard mechanisms is the possible lack of appropriate certificates from authorized bodies in standard information security facilities. Therefore, one of the main tasks for large vendors, in my opinion, is the certification of protection tools as part of their main products.
The next direction is the desire of the customer to provide consistent and universal management of disparate tools and built-in information security functions. In my opinion, customers in Russia have basically completed equipping their IT systems with basic information security tools (firewalls, IPS from NSD, intrusion detection tools, antiviruses, etc.), so the main task now is to link these systems into single system information security management taking into account the roles and business functions of employees. This explains the ever-growing interest in Identity & Access Management systems, which are designed to solve this problem. In addition, interest in security management systems is caused by the ever-growing staff shortage, which forces companies to automate routine security management operations as much as possible, leaving qualified and highly paid employees with the functions of system development, definition and control of security policies.
The third trend is the expected specification of requirements for information security of personal data. In my opinion, the release of regulatory documents in accordance with Decree of the Government of the Russian Federation No. 781 will be the main driver for the development of the information security market in Russia in 2008. When these requirements are implemented, data protection systems in storages and databases, as well as electronic document protection tools, will come to the fore .

3. With regard to industries, along with the traditional set of users of IS solutions (public sector, financial companies and banks, telecom, oil and gas industry, large industry), retail chains, educational institutions and healthcare institutions have begun to fall into the category of those actively interested in IS. The attention of retail chains to information security is associated with their interest in entering the IPO on Russian and foreign sites or in alliances with foreign partners, when the requirements for the availability of an information security system are one of the requirements within the framework of due diligence. The interest of the healthcare and education industry is caused by both the relevant national projects and the requirements for the protection of personal data.

When buying security products, think straight away how to ensure consistent, unified data management. Patchwork security using heterogeneous incompatible security tools only leads to an increase in management costs and to a decrease in the efficiency of the information security system. This implies an important requirement for protection systems - compliance with open international standards;
it is necessary to realize that the closer the protection system is to the protected information, the more reliable this protection is. If the information is located in the DBMS, then hardly anyone can handle the protection of this information better than the mechanisms of the DBMS itself. If the information exists in the form of an electronic document, then IRM (Information Rights Management) class protection tools are the best solution.

Just about the complex. Programs. Iron. Internet. Windows

Russian information security market - forecasts and prospects. Information security services market The most notable players in this segment

The main changes in the field of information security in 2015

Forecasts for 2016

Helpful Security

In the spirit of the law

The introduction of mutual sanctions also affected the information security market

Hybrid response to hybrid attacks

Playing on a collision course

Market Drivers/Constraints

Services

Financial indicators

Major Players

The target audience

Russian market of information security outsourcing services

Services

Major Players

Drivers and constraints for the SECaaS market in Russia

ANGARA view

1. Changing the structure of consumption

2. Complicating the tasks solved by information security

3. Introduction of standards

4. Entering new players

5. Entry into the private user market

Firewalls

Antivirus

Content control systems

Biometric identification

Centralized enterprise security management