Translated by
2019/07/19 10:09:28

Overview of TAdviser: Security of information systems 2019

Russian information security market

The Russian market of information security systems shows positive dynamics. According to estimates of analytical center TAdviser, the size of the market of cybersecurity in Russia at the end of 2018 reached 79.5 billion rubles. Growth in relation to 2017 was 10%.

Revenue of the Russian companies on information security market in 2017-2018

|6||align="left"|ГК ICL|| 4 193 || 3 008 ||39,4
' №' Company Revenue from the cybersecurity projects for 2018, million rubles, with the VAT Revenue from the cybersecurity projects for 2017, million rubles, with the VAT Dynamics, %
1Kaspersky (earlier Kaspersky Lab) *45,52640,73011.8
5Jet Infosystems4,4003,90012.8
-1 XLIFFService: Sequence contains no elements Complete rating
Interview with experts
Alexander Bondarenko, the CEO of R-Vision, in an interview of TAdviser told about market situation of information security in Russia and also key solutions and competences of the company.
In Russia cyberinvestigation as business, began to form in 2012. The Group-IB company became the first service provider of cyberinvestigation in Russia. It the first was included into the report of Gartner, and then was recognized by one of the best world suppliers of TI services in the version of IDC and Forrester. Dmitry Volkov was the head of the direction of cyberinvestigation from the moment of foundation of the company. Now he is CTO Group-IB, however still directs a team of cyberintelligence agents with which everything began. We talked to Dmitry about what problems are solved by cyberinvestigation for business and who uses it service in Russia and in international markets.
Daniil Chernov, the head Solar appScreener of Rostelecom-Solar company, tells about why it is important to be able "well to find vulnerabilities" what technologies successfully cope with this task and as they were already estimated in foreign markets.
the Russian information security market increases from year to year, steadily advancing IT market growth indicators in general. About threats most of which often disturb domestic customers, and the relevant solutions capable to protect them, in an interview of TAdviser Andrey Yankin, the director of Information Security Center of Jet Infosystems company told.
Priorities of state customers in the field of information security

The projects connected with observance of requirements of the legislation are for representatives of public sector in traditional demand. The become effective Federal law "About Security of Critical Information Infrastructure of the Russian Federation" (187-FZ) is more than serious incentive for development of the industry of cybersecurity in a public sector. A classical trend is import substitution policy. And there is a speech not only about substitution "western" on "Russian", but also and on "Israeli", and now and "east". Besides, a number of experts notice need of state customers for receiving complex IT solution with already solved tasks of information security. In more detail here.

Priorities of business customers in the field of information security

The companies of the SMB-segment reach in clouds, for a service consumption pattern of services in the MSSP model. Large business places emphasis on fulfillment of requirements of regulators and internal standards, trying to create evenly protected infrastructure.

The analysis of behavior as the new direction in the field of the systems of security

What is represented by solutions of the class UBA what main directions of their use and what products are presented at the market? We answer these questions in the material prepared by independent experts for TAdviser.

Information security in banks

In April, 2019 the analytical center TAdviser issued the "Information Technologies in Bank" card on which it reflected structure of key processes of banking business and noted the IT companies developing products and rendering services for digitalization of these processes. The card covered 270 players of the market – 230 suppliers of the IT products applied to digitalization of basic processes of banking activity and 40 developers of solutions for information security support [1] (more detailed).

World market of information security

In 2018 sales of the equipment, the software and services intended for the information security (IS) reached $37 billion, having increased by 9% concerning an indicator of year prescription ($34 billion). Such data published on March 28, 2019 analysts of Canalys.

IB-largest producers of products, data of Canalys

  Anti-virus software solutions

Antivirus — the software package which is specially developed for protection, interception and removal of computer viruses and other malware. A modern anti-virus software is capable to detect effectively harmful objects in files of programs and documents. In certain cases the antivirus can delete a body of a harmful object from the infected file, having recovered the file. In most cases the antivirus is capable to delete a harmful software object not only from the program file, but also from the file of office document, without having broken its integrity. Use of an anti-virus software does not require high qualification and is available practically to any user of the computer.

{{#Informer diagramm years: Cybersecurity - Antiviruses||3}}

  Antispam software solutions

Antispam — a method, partially or entirely, (SPAM) preventing hit of undesirable information in an outlook of the user or a user group of the PC. Action of a method is performed by a software setup both on client side, and on server side which can serve as an intermediary at Internet access (a technology antispam). According to Kaspersky Lab in 2016 spam share in global mail traffic made 58.3% - it is on 3 percent points more, than in 2015. Last time increase in a share of spam in mail traffic was recorded in 2009 then it steadily went down.

{{#Informer diagramm years: The cybersecurity is the Antispam||2}}



The firewall or the network screen — the complex of equipment rooms or software tools exercising control and filtering of the network packets passing through it at the different levels of the OSI model according to the set rules. The main objective of the network screen is protection of computer networks or separate nodes against unauthorized access. Also network screens are often called filters as their main objective — to do not pass (to filter) the packets which are not suitable under the criteria defined in a configuration. Some network screens also allow to perform broadcast of the addresses — dynamic replacement of the intra network (gray) addresses or ports by external, used outside a LAN.

{{#Informer diagramm years: Firewall||2}}



| Identity and Access Management
Management of identification and access
Authentication systems

Illegal access for employees to information systems is fraught for the company with distortion and losses of important data which can develop into losses financial and reputation. Understanding it, more and more Russian companies implement solutions for management of identification data. IDM systems allow to manage identification granted and access rights of users in information systems of the organization. In the world market they appeared for a long time, and since then significantly evolved. In Russia such solutions are presented more than 10 years.

{{#Informer diagramm years: The cybersecurity is Authentication||2}}

  Biometric identification

Biometric authentication — process of the proof and authentication through presentation by the user of the biometric image and by conversion of this image according to the predeterminated authentication protocol. Biometric authentication systems are the authentication systems using their biometric data for the identity certificate of people.

{{#Informer diagramm years: Cybersecurity - Biometric identification||2}}

  Means of enciphering

Cryptography (from Greek  — hidden and  — to write) – the most ancient science about methods of confidential data protection from undesirable third-party reading. Cryptoanalysis – the science studying methods of violation of confidentiality of information. Cryptananalysis and cryptography together make science the cryptology studying methods of enciphering and decoding.

Advanced developments

The quantum cryptography by right is considered a new round in evolution of information protection. She allows to create almost absolute protection of the encoded data against cracking.

{{#Informer diagramm years: Means of enciphering||2}} are cybersecurity



Data Loss Prevention
Technologies of privileged information loss prevention from an information system outside

Based on a research of leaks of confidential information from the organizations in Russia in 2016 by the Analytical center InfoWatch recorded 213 cases of information leaks from the Russian companies and state bodies that is 80% more than in 2015. In nine of ten cases in Russia personal data (PDN) and payment information, and total amount of the data compromised in a year flowed away increased more than by 100 times to 128 million records, but did not exceed 4% of the world volume of information leaks.

{{#Informer diagramm years: Information loss preventions||1}} are cybersecurity


  Backup and data storage

Backup system — set program and the hardware, carrying out a task of creation of the copy of data on the carrier intended for recovery of information in the original place of their arrangement in case of their damage or destruction. Backup systems provide the continuity of business processes and data protection from natural and technogenic catastrophes, actions of malefactors. These technologies are actively used in IT infrastructures of the organizations of the most different industries and scales.

{{#Informer diagramm years: The cybersecurity is Backup and data storage||2}}



Security Information and Event Management
Information management and events in a security system

SIEM (Security information and event management) is consolidation of two terms designating a software scope: SIM (Security information management) — information security management and SEM (Security event management) — security event management. The SIEM technology provides the analysis in real time of events (alarms) of security proceeding from network devices and applications.



|Distributed Denial of Service
Flow of false requests

Distributed Denial of Service - DDoS attack - a flow of false requests which tries to block the selected resource or by an attack on a communication channel which "is chucked in" with the huge mass of useless data, or the attack directly the server servicing this resource. Such actions are used for the purpose of competitive struggle, direct blackmail of the companies and also for derivation of attention of system administrators from other illegal acts.