Andrey Yankin, Jet Infosystems: The relevance of the DevSecOps and Big Data Security direction strongly grew
The Russian information security market increases from year to year, steadily advancing IT market growth indicators in general. About threats most of which often disturb domestic customers, and the relevant solutions capable to protect them, in an interview of TAdviser Andrey Yankin, the director of Information Security Center of Jet Infosystems company told.
How do you estimate a current status of the Russian information security market? What tasks, in your opinion, are most relevant for this sphere now?
Andrey Yankin: If to speak about cybersecurity as about the market, then we observe its permanent growth at least the last years 10, and rates of this growth steadily advance IT market growth indicators. The market of cybersecurity grows after growth of informatization, cashless payment, Internet commerce and in general increases in dependence of business on IT, but there is always something that in addition untwists it. As a rule, this toughening of requirements of regulators, mass loud cracking or computer epidemics.
The market, of course, from year to year becomes more mature and, one may say, prosy. In the large companies providing Information Security became a routine and usual task. Addresses in the spirit of "we never did anything, cracked us, and now we need to purchase everything on cybersecurity" almost did not remain, and about 5-7 years ago it was a routine case. The competition grows, the marginality of deliverable contracts decreases, the share of consulting and outsourcing increases – the market of cybersecurity goes exactly in the same way, as the classical market of IT infrastructure, but with some delay.
What threats in the field of cybersecurity most often disturb the Russian companies?
Andrey Yankin: If to speak about the most often implemented threats of cybersecurity, but not about the most destructive then everything is quite ordinary: these are the virus attacks (most of all troubles the last few years are brought by encoders) and network attacks to websites and perimeter of network. In most cases it is about the mass threats which are not directed against the specific organization, however and they bring a set of trouble. Only lately we were twice involved in analysis of an incident of cybersecurity within which because of accidental infection of the APCS managing stations with encoders there was production. The internal violations connected with plunder of confidential information, also rather ordinary thing, especially in the large organizations.
How strongly priorities in the direction of information security of business and a public sector differ?
Andrey Yankin: In Russia many business companies slightly differ from a public sector in terms of approaches to cybersecurity: the main objective – to hold on the organization to the level of mandatory requirements to undergo all necessary testing. In general it is not as terrible as can seem. Normativka is also created to tighten the organizations with the low level of a maturity for cybersecurity to some minimum acceptable level. That was at least on "three", though not really effectively. However in process of growth of investments into cybersecurity business even more often is not content with explanations in the spirit of "so it is required" and "it is the best practice". Bezopasnikam of an old school it is necessary to be rebuilt and look for arguments why selected such approach why did not consider outsourcing why do not implement by own efforts why such testing methodology as a new solution reduces risks of cybersecurity, etc. We work mainly with the commercial sector and the last 5 years we observe the same picture: projects become noticeably more difficult from year to year. As it was universal earlier, nobody is limited to application of standard solutions. To projects on cybersecurity the whole national teams even more often are attracted: engineers, analysts, lawyers, consultants from the different companies. In my opinion, this trend cannot but please.
How, according to your data, do the domestic organizations fulfill the requirements of the legislation on security of the critical information infrastructure (CII)? What difficulties face in this direction?
Andrey Yankin: Standard difficulties for the organizations at fulfillment of requirements of 187-FZ and his sublegalists are ambiguity of many formulations and lack of their official interpretation and also lack of the acquired practice both at the organizations, and at regulators. Already owing to these problems there are difficulties with determination of a skoup, criticality of OKII, understanding of terms of execution of works and with the correct sequence of actions. Of course, there are organizations which threw all forces not on fulfilling the requirements, and on attempts to prove lack of such need. To us cases when it even joined in KPI of bezopasnik met.
However, such situation is absolutely typical for any normativka on cybersecurity in the Russian Federation. The situation with 187-FZ now very much reminds times of acceptance 152-FZ "Of personal data" unless develops slightly quicker.
What products and services of your company connected with information security are in the greatest demand now?
Andrey Yankin: The last 2-3 years against the background of large-scale losses of business from the hacker attacks and virus epidemics steady growth of demand for means of protecting from the directed attacks (first of all "sandboxes") and solutions on management of vulnerabilities (vulnerability management) remains. With the advent of 187-FZ the upward tendency of interest of the companies to solutions on protection of an APCS was outlined, in particular I mean specialized industrial intrusion detection systems (IDS). In addition, also the number of projects on implementing solutions for protection of workstations and servers — Endpoint Detection and Response increased lately.
If to speak about services, then here an important role for us is played by the Center of monitoring and response to Jet CSIRT cybersecurity incidents. It works since August of last year and integrates in itself(himself) services of traditional commercial SOC in monitoring and detecting of incidents and also advanced services of reaction, operation of means of protecting, testing for penetration and many other things. The essence of complex service is in closing issues of processing of incidents and operation numerous the information security facility at customers in "turnkey" mode 24х7.
Andrey Yankin: ML and AI in solutions on cybersecurity, of course, can be used and are already used, but often it is rather marketing slogans, than real life application something it is more difficult, than simple statistical techniques and detection of simple anomalies. These mechanisms are used in cybersecurity long ago, but earlier it such loud names was not given. ML and AI are most perspective where there are many data and it is heavy to formulate unambiguous rules of their processing. For example, in SOC in general and in SIEM in particular.
We apply machine learning technologies in our solution on detecting and blocking of fraudulent transactions – Jet Detective. This area is simply ideal for ML though the lion share of detekt all also generate simple expert rules. Nevertheless, here machine learning technologies, and the truth, often reveal something about what nobody even suspected before: the unexpected scheme of fraud or, for example, not monitored failure in business process.
Tell about the most interesting and important cybersecurity projects executed by Jet Infosystems company in recent years.
Andrey Yankin: Interesting projects there was a set. For example, summer of the 2018th year we needed only 3 months to book detailed complex audit on cybersecurity of the company of federal scale. At the same time on the project worked our 40 specialists and 3 large foreign vendors at the contract. As a result it was succeeded to complete successfully the project and that is very important, not to allow other projects to sink (we have in their work always more than one hundred in parallel). In addition, in the 2018th the first service contracts of our Jet CSIRT were very important and interesting to us.
In the last 2 years we had many projects on comprehensive examination and creation of the development strategy cybersecurity and the road map for several years. As customers of works the management or owners of the companies often acts. It is interesting to execute such projects and protect their results always: it is possible to plunge into life of the specific organization, the industry deeply. And here always it turns out that the most critical risks of cybersecurity not so standard and the specifics are extremely important. If the company also international, with platforms in several countries, then I also occasionally begin to envy our consultants because I have any more no opportunity to be directly involved in inspections.
Since January 1, 2019 in Jet Infosystems company there began work the Center of applied security systems. For what this center and what expectations from its work was created?
Andrey Yankin: For the last 3 years the direction of information security in our company grew several times. It concerns both revenue, and number of our command. So large-scale growth became for us an impulse to selection of the directions on counteraction to fraud and access control in a separate command. Why they? Projects on integration an antifraud systems and IdM-platforms differ from classical implementations of cybersecurity products and cybersecurity consulting. As a rule, they are connected with a large number of changes of business processes in the companies that requires deeper immersion and the increased control from integrator. Besides, on such projects it is necessary to connect developers to tasks much more often. We expect that creation of the Center of applied security systems which integrated these directions will help to increase examination on them and will affect both qualitative, and quantitative indices, certainly, to the best. I think that at the end of this year it will be possible to speak about the first results.
In general what plans and perspectives of development of the cybersecurity direction in your company. What will the attention in the short term be focused on?
Andrey Yankin: We do a big rate on integration of our Jet CSIRT into the State detection system, warnings and mitigations of consequences of the computer attacks – State system of detection, prevention and elimination of consequences of computer attacks. These works are with might and main conducted and will be complete in the nearest future. Here it is interesting to us to close first of all the need for high-quality monitoring and response to cybersecurity incidents for the organizations which first of all "real security", but not formal fulfillment of requirements of regulators concerns.
In addition, to the forefront this year we had directions DevSecOps and Big Data Security. The large companies actively invest in DevOps and Big Data, tie on them critical business processes, but at the same time solutions on cybersecurity, as a rule, or are not put in the created systems, or they are not just in the market. Therefore the relevance of these directions for us strongly grew.
And, certainly, we continue to invest in the direction of protection of technology segments and an APCS. Competences in this direction in the market are not enough, and for us it looks perspective.
It is possible to apply for the additional information to specialists of the company Jet Infosystems.