Lev Matveev, SearchInform: Russian cybersecurity technologies a cut above western developments

Lev Matveev:We see that recently people really began to understand that the information security is not mere words. The world strongly changed, and now it is not only about protecting computers from viruses. In Russia there was a corporate culture requiring personal data protection, commercial and valuable information and counteraction to unfair behavior of employees. Probably, it is connected with the fact that every year the number of paper information decreases, and the cost of electronic data continues to grow and is often several orders higher, than all other company assets.

It is pleasant to note that in the same direction also the government moves. The fact that the Russian President V.V. Putin speaks about information security at the state level, demonstrates understanding of depth of problems. Federal law No. 187 "About protection of critical information infrastructure", the new Information security doctrine of the Russian Federation – say that our country began to deal with security issues in a complex.

It is impossible to forget that the person remains the main source of threats. No matter, how many we will make Firewall or DMZ zones. If the administrator transfers information on network topology in out of, all efforts will be nullified. And understanding of this fact is already in most the Russian organizations today.

Lev Matveev: Yes, it is certain so. Today almost all understand that the dollar will not cost 28 rubles any more that it is necessary to move further, to develop business. Budgets for IT and cybersecurity began to be selected again, besides the DLP systems became not a rarity, but the standard tool any more. RoadShow several tens Russian cities spends the 10th year of SearchInform, and interest in modern technologies becomes more and more.

I will note that customers came to understanding that the protective solution will not work as the lock – closed it and be quiet. It is necessary to work with software that it provided the best result. Nobody buys a system for a fantastic sum any more that then not to use them.

Lev Matveev: The main difference – more IT administrators abroad are engaged in information security, in Russia, as a rule, it is natives of bodies. Because of it we receive two different approaches – in the West catch hackers, at us catch thieves.

To what it brought – all notorious incidents – Snowden, scandals with elections in America – work of insiders. And continue to catch hackers. All incidents speak – a problem inside, and the West all the same struggles with hackers.

Our specialists understand how criminals and unfair employees think. They initially thought correctly and solved this problem. Because of it different specifics, different requirements to products and absolutely different divisions are engaged in it.

In my opinion, our protective solutions now far ahead western. The indicative example occurred in the current year when we entered the markets of Latin America, began work in South Africa, Turkey and in other countries. We had to separate a product into SearchInform DLP and SearchInform Forensic Suite. The matter is that at world level of a DLP system in many respects themselves was discredited, to them began to treat as formal tools which actually not especially help. Level of the western DLP is about 20% of opportunities of our system. And correctly to position existing solutions, more serious functionality was taken out in Forensic Suite and is on sale separately. And basic opportunities, such as interception of traffic and simple search, remains in the product DLP.

We not simply detect and we prevent information leaks, we help with investigation of more wide range of incidents. A possibility of control of productivity of employees, PUM tools, telephony control, inventory of the equipment and the software — all these tools are not just in usual I will sink down DLP systems. In foreign understanding DLP solves only one problem — control of transfer of sensitive data. The antivirus protects from viruses, spam filter — from spam, and DLP — from leak of confidential documents. We offer much more.

In my opinion, it is possible to be proud of the Russian developments of DLP. At us in general on the industry level is higher, and chances of success abroad very good.

Lev Matveev: They do not affect our business in any way and have no special impact on the Russian market of DLP. Prior to the beginning of sanctions policy in Russia only about 10% of sales were the share of foreign players, and nobody even noticed their leaving. Nevertheless, looking at current situation, we understand that it does not make sense to leave with the products in the USA. Today SearchInform speeds up the work in Latin America, the UAE, India, Turkey, Africa. In the States it is necessary to prove that we are not spies, and it is not interesting to us.

Lev Matveev: Modern DLP very different actually. Someone is concentrated on interception of the maximum number of channels, someone on blocking, someone on analytics. We came to the market from full-text search therefore we propagandize the idea – the mass of data from interception is useless without worthy analytics.

Systems can do a lot of things today: analyze texts, a sound, video and images. perform difficult types of search, including in a sound and images. For example, the solution "KIB SearchInform" can save record of a 8-hour working shift from one camera in the file of 150 megabytes in size. And when there is a message about suspicious activity, you can start deep study on a certain employee or group of people for the last 2-3 months.

Also elational graphs which highlight interactions of people enjoy wide popularity and help to create groups for investigations. Special semantic technologies allow to look for documents not on prints of 'fingerprints', and according to contents, and in any language.

Separately It should be noted performance. Different solutions provide the different level of efficiency. More perfect technologies allow one officer to monitor comprehensively working activity of two-three thousand employees.

Lev Matveev: Possibilities of the modern systems of protection "close" the most part of threats. However we faced a problem – the main headache of security – a human factor.

People do not observe the cybersecurity rule, show absent-mindedness and negligence, pursue the interests and use official position, take bribes, create shadow businesses, etc. The question not just fight, and warning of these problems rose very sharply. The solution now anyway is looked for by all vendors. We relied on technologies of a profayling and we aim that is called "digitize a human factor" – to help the cybersecurity specialist to predict risks, to understand motives of employees, to reveal criminal propensities, etc.

Now we work on automation of a profayling as a part of DLP. Regular profiling even 30–40 employees with forces of the expert-profaylera will be occupied by a lot of time. What to tell about the companies with several thousand employees. Automation solves this problem.

Except reduction of labor costs, automation of a profayling allows not to frighten off the careful insider, to avoid a negative from subordinates, to make investigation and preliminary diagnostics, without drawing excess attention of personnel.

At this stage we released the first version of ProfileCenter as a part of KIB SearchInform. We test it in home company and at several loyal clients. We plan commercial release at the beginning of 2018.

Lev Matveev:I think that the problem of the modern market of cybersecurity is that in it speculate with words much. Some use desire of the client to receive the red button with a text "find the villain". However gradually this naivety vanishes and to continue marketing discussions, someone thinks out new terms.

Classical cases which are considered by the behavioural analysis can be executed by a linking of DLP+SIEM already now. It turns out, try to sell us the bicycle under other name more expensively.

I together with the command am convinced that the analysis of the user behavior a thing psychological, it is necessary to try to understand motives of people to predict threats. Technical statistics which is under construction based on the systems of logging now is not capable to solve this problem — and it is an essence of all existing UBA systems. Yesterday the employee sent 10 messages, today 100 — as on the basis of these data it is possible to approve something? It is necessary to analyze statistics not separately, and together with a context. Thus, UEBA and UBA is a net marketing.

Lev Matveev:First of all it is necessary to take off pink glasses. In any company where more than 50 people work, there are intrigues. Installation of the cybersecurity systems on all computers without exception and orientation of service cybersecurity to result is very important. According to our internal statistics, after implementation of the new tool in the presence of experienced officers of cybersecurity in 3-4 months of work dismiss from 0.5% to 2% of employees for absolutely specific offenses – the insider, bribery and rollbacks, use of resources of firm in the purposes, etc.

And to estimate what tool of the class DLP will bring a benefit maximum, it is necessary to use month of free operation at the maximum installation of all components – such service is provided today practically by all players in the market. At such approach the customer will be able to estimate pluses of specific tools and to select the most appropriate solution for its Information Security Service, cutting a marketing component.