Customer Information Security Priorities

2024: How Customer Requests Change

According to NOTES DOME, companies over the past two years have increased budgets for information security by 15-20%. This is due to the rise in price of vendors' products, and the need for customers to purchase innovative technologies.

Customers today pay special attention to security. In particular, for the introduction of a secure development pipeline into the life cycle of products, the presence of the product in the register of domestic software and the availability of certificates from FSTEC and the FSB of Russia. The level of internal competence of customers has also grown. Increasingly, vendors are receiving requests for specific products and works that cover certain needs of the company. In addition, customers are ready to outsource more and more tasks, as far as legislation allows, which seriously increases the requirements for contractors in terms of information security.

Companies began to pay more attention to the availability of guarantees that the manufacturer will not disappear from the market, will continue to systematically develop the product and support the proposed solutions. Vendors that can provide such guarantees have an advantage in the market. It is also important for customers to integrate with other large Russian solutions, the presence of secure cloud storage located in Russia, an integrated system for protecting physical and virtual desktops, a powerful system for protecting against DDos attacks, as well as trainings for training information security specialists. These factors can become key when choosing a solution. In a more advantageous position are manufacturers who can offer the widest set of functions - it is more likely that the customer will find what he needs. 

Large customers switching to Russian systems have extensive experience in working with foreign products, therefore they are quite demanding, but at the same time they understand well what kind of functionality the solution should have, how it will be used, what results should show. Most customers are ready to make a purchase decision only after piloting and understanding the real capabilities of the product, often arranging combat comparisons of competing solutions in their infrastructure for a comprehensive assessment, "said Ruslan Rakhmetov, CEO of Security Vision.

Many customers make demands based on their foreign products to maximize the functionality of their solutions after import substitution. There is a request for unified storefronts and integration products that systematize information from different SMTs and other products, "says Evgeny Surkov, product manager at Innostage. Customers also pay attention to the vendor's history, product version, frequency of updates, number of successful implementations in companies of a similar profile, availability of detailed documentation and integration capabilities (including API). It is also important to organize reference visits to the sites of organizations that are already successfully operating the evaluated products.

In industries with a high share of state regulation, customers pay special attention to the issue of compliance with the legislative requirements: they are interested in the supported regulatory documents and requirements and the frequency of updating content when new NPAs come into force.

Now companies are somewhat more willing to allocate budgets for information security, but the financial strategy is changing, since there are not always enough new budgets: in 2 years, prices for Russian software have grown at least 1.5 times, and the growth of cyber attacks, according to various estimates, ranges from 25 to 400%. The change is that customers are no longer satisfied with the "patch approach." They are looking for comprehensive solutions with which, for a small start-up money, as part of a pilot project, you can first close critical tasks, but in the future cover the remaining needs with the same solution. For example, they want not only to connect multifactor authentication when entering several applications that are most critical for hacking, but choose the solution that MFA will provide on the pilot, but in the future it will be possible to deploy a single access system with an attribute model out of the box. In terms of access control solutions, customers are looking for products that combine authentication management with IDM, "explains Aleksei Khmelnytsky, CEO of RooX.

Demand for domestic solutions is constantly growing. Many customers have already appreciated the advantages of cooperation with Russian vendors, although some aspects of the solutions are still inferior to foreign counterparts. Russian manufacturers are trying not only to catch up with foreign developers, but also to offer customers products adapted for the Russian market. To do this, they provide a higher rate of development.

A significant part of our sales occur after pilot testing. This suggests a high level of maturity for our customers. They carefully choose between different solutions in the market, understanding what tasks the product should solve in their direction. When choosing solutions, customers take into account many factors. Among them, I would highlight trust in the supplier, the functionality of the product, the convenience of its use, the presence of an FSTEC certificate and, of course, the cost, "says Alexey Dashkov, director of the R-Vision Product Management Center.

Customers pay more attention to the quality of technical support from vendors and integrators. It is important for them to understand that the purchased solutions will not remain "cast in bronze" and in future updates will continue to correspond to the changing threat landscape, including by controlling vulnerabilities within the products themselves.

Communicating with customers, since last year we have seen an increased interest in the Platinum level technical support package. After all, our PAM platform SKDPU NT is often a key element of security and a critical service, so the uninterrupted operation of the system is important for organizations. In addition, the situation in the personnel market has an impact on the growing popularity of comprehensive support - the shortage of qualified specialists on the customer's side forces you to "insure yourself" with the help of technical support 24/7, - comments Vladimir Altukhov, head of the technical center "iT Bastion."

After mass import substitution, compatibility with domestic software and equipment became a logical trend: OS, databases, security solutions, as well as user services.

Customers are increasingly paying attention to the compatibility with each other of various information protection tools, their effectiveness and high-quality support throughout the product life cycle (updates, technical support), - confirms Roman Mylitsyn, Head of the Advanced Technologies, Research and Development Department of Astra Group.

Now customers approach the choice of solutions and technologies more thoughtfully, relying on the business requirements and the ability of the selected product to solve the tasks facing it. Companies have an understanding that the transition to Russian solutions is a need, but it is necessary to ensure compatibility with the existing infrastructure built on Western products. The customer understands that there will be no instant transition and expects that the process will take place smoothly, - said Sergey Khalyapin, Director of Implementation and Presale Department Aladdin R.D.

Working with a Linux environment, the ability to use inexpensive hardware without additional purchases, and the availability of software training are becoming key parameters. Equally important is the quality of products and the adequacy of prices. Fewer companies are chasing big names. They need a balance of price and quality of services, as well as adequate interaction with vendors in terms of technical support and refinement of functionality, "says Yuri Drachenin, Deputy General Director of Atom Security LLC (part of SKB Kontur Group of Companies).

The number of requests for an audit is growing, including with a pentest. Experts also note an increase in requests for assessment and bringing information resources in line with domestic information security requirements. Serious growth is observed in the implementation of the DevSecOps procedure. A growing number of customers are interested in secure software development.

Obviously, it will not be possible to implement all the IPSs present on the market and customers began to sensibly assess their capabilities, and more often make backups to a third-party platform, organize monitoring (including through class solutions SIEM) to quickly identify problems. Previously, many customers "hunted" for the newest SMT names, which marketers in the west came up with. It's gone now. Regulations, policies within organizations cease to be documents for auditors, they are trying to make them understandable to users. In addition, we see a clear surge of interest in Security Awareness solutions, which allow us to teach users not to fall for phishing other tricks of cybercriminals, "comments the Vasily Stepanenko CEO of the cloud provider. NUBES

Business and Public Sector Priorities

Information security is becoming an increasingly relevant topic for both business and the state. Both areas face new challenges and threats that require proactive action.

The priorities of most private and public organizations today coincide - this is ensuring the cyber stability of processes, protecting confidential information (commercial secrecy, bank secrecy, personal data), continuity of service provision, compliance with legal requirements in terms of information protection.

For business, the main priority is to ensure the security of customer data, protect financial transactions and maintain the company's reputation. Companies invest in the development and implementation of information protection mechanisms, train employees in security rules and monitor threats.

The state also seeks to ensure the security of information infrastructure and prevent cyber attacks on critical information. For this, among other things, legislative requirements for data protection are being developed.

For the public sector, especially the defense industry sector, the very concept of permissible information security risk is unacceptable due to the specifics of the tasks being solved. Business has a greater degree of freedom in risk-taking, hence some difference in approach. State structures are focused on strict compliance with the requirements, and a regulatory control system has been built for this. In business, in addition to banking and working for state orders, the obligation is regulated only within the framework of legislation, otherwise creativity is permissible in implementation, - comments Oleg Bosenko, director of the IBS cybersecurity directorate.

The difference lies in the fact that the public sector is traditionally more regulated, and therefore pays more attention to the closure by protective solutions of the requirements of information security standards and the presence of certificates of compliance with IPS. The business is more free to make decisions, but also more demanding - the formal execution of protective functions will not work, the products require real results and reliability, convenience, ease of operation and administration.

The business proceeds from other prerequisites - it is important for it to ensure the continuity of its own business processes and organize a set of measures in the field of information security in such a way as to prevent leaks of sensitive commercial information and not lose control over its infrastructure due to attacks. Large commercial companies form their own IT divisions, and small and medium-sized companies outsource, and, as a rule, this happens after specific incidents, when owners realize the reality of existing threats and the degree of their impact on business, "says Kirill Timofeev, head of the information technology department" OBIT. "

Business and the public sector also differ in the speed of decision-making. Commercial structures can agree in a short time to test, purchase and implement protective solutions, while organizations from the public sector will be located only at the first stage.

However, both private business and the public sector pay attention to the effectiveness of the SMT to counter modern cyber attacks. Despite the fact that the intruders' techniques used in attacks on various industries are slightly different, the main tactics of the attackers are quite similar, therefore, to counter, traditional preventive, directive, preventive and compensating measures are required, adapted to modern methods of cyber attacks.

State-owned companies have to act proactively to meet import substitution requirements. True, we already understand that not everyone who was obliged to switch to domestic software will have time to do this in the remaining year. All this requires a lot of financial, labor and time. A complete restructuring of the infrastructure is laborious and sometimes takes more than one year. But in any case, this process is underway, companies both state and private are gradually switching to domestic OS and information security tools, - said Dmitry Slobodenyuk, commercial director of ARinteg.

In recent years, we have observed that the difference in approaches to information security between the public sector and business is becoming less significant. If earlier for state organizations the priority was to fulfill only legislative requirements, while business was more focused on practical information protection measures, today these differences are gradually erased and such extremes are less and less common, "says Dmitry Vasiliev, director  of the Softline Group of companies information security department.

Experience in recent years has shown that incidents in large numbers occur in completely different industries and segments, and can have serious consequences, including in the physical world. As a result, all customers require more and more functionality, real testing, and not just the ability to "close on pieces of paper." That is, the priority shifts towards real protection, which cannot but rejoice, - comments Ivan Chernov, UserGate Development Manager.

The public sector has become more demanding on the quality of information security solutions. This is due to the fact that the load on information security in state bodies has grown significantly: there have been objectively more attacks on Russian infrastructure, among them the number of politically motivated has increased.

Their peculiarity is that it is important for attackers to inflict maximum damage and get a great media resonance. The state IT infrastructure in this sense is especially attractive. At the same time, digital state services and platforms that manage large amounts of data that require effective protection are actively developing. We can confidently say that the demand for improving the quality and effectiveness of information security solutions has grown on the part of government agencies, "explains Andrei Arefiev, director of innovative projects at InfoWatch Group of Companies.

The main threats remained the same compared to 2022, but their number increased by a multiple. For example, there are constant requests from customers about ransomware attacks - despite the steady development of cybersecurity in digging, many users, and especially privileged ones, still neglect digital hygiene. Unfortunately, the number of cyber attacks and incidents does not greatly affect investments in information security within the company, it is often easier ″ hush up ″ problem, pay overtime to the administrator for night processing, and wait for the next incident. This suggests that it is necessary to raise awareness of key threats and vulnerabilities not only among IT and information security specialists, but also among decision-makers in the company, "says Rodion Vorobyov, head of software solutions at I-Teco Group.

Do Vendors Cover Customer Needs

Many companies continue to use Western solutions, although they do not receive timely updates, and as a result, there are "holes" in security. Import substitution of NGFW remains a sore topic. It is this target segment that will grow most dynamically in the next two years. Also, the segments DevSeCops, PAM/DAG, SWG, IDM, DLP have good growth potential.

The issue of complete replacement of infrastructure with the transition to domestic solutions remains difficult.

If earlier complex security systems were built on the products of Western vendors, and such an infrastructure could be built on solutions from 1-2 manufacturers, now we have to compile from a considerable number of solutions from different domestic manufacturers that can provide the necessary functionality. That is, so far we cannot build a comprehensive security system in the company on the solution of one vendor, but this is a temporary phenomenon, - comments Dmitry Slobodenyuk, Commercial Director of ARinteg.

Over the years of working with Western solutions, the market has become accustomed to a certain functionality, which, in most cases, is not the main one for solving, but somehow helps to fulfill the tasks facing information security departments more easily or efficiently. Nevertheless, serious progress in filling products present on the market is noticeable.

Businesses need information security tools that will be integrated into the corporate directories that replace Microsoft's Active Directory. There are several key players in the operating systems market who develop their corporate directories, but in the future the question may arise - how to manage workstations built on another OS using one catalog. And it will be a real challenge in terms of security.

Only a DLP system can protect such an infrastructure, which will be integrated with all directory options. Perhaps in the near future, vendors of domestic OS will come to some single standard of corporate catalogs, and this would be a reasonable decision, "says Andrei Arefiev, director of innovative projects at InfoWatch Group of Companies.

Fedor Trifonov, Director of the NOTA KUPOL Solutions Development Department, notes that the market still has a shortage of domestic solutions for automation of penetration testing (Continuous Testing), as well as new generation firewalls for high-load networks. In addition, companies with large infrastructures are looking for NSPM class solutions to monitor and sometimes manage a fleet of firewalls. In connection with the replacement of equipment, such products are in demand and make it possible to simplify the transition.

In general, most user companies have no questions about Russian software IPS, and the main difficulties begin at the junction of infrastructure and hardware components, for example, when it is necessary to import highly specialized PACS and integrate them into a heterogeneous corporate IT environment. Conceptually, there is a lack of ecosystem in import substitution, which would be provided by a combination of Russian hardware, software (system and application) and means information protection to achieve full technological sovereignty and integrated support. cyber security

The products of domestic suppliers largely meet the needs of customers, but in some areas there are still gaps. For example, Forescout to control access to the network - a domestic solution of a similar class is currently absent, - notes Kirill Timofeev, head of the information technology department of OBIT.

It can also be difficult for large customers who require better performance, scalability, and better detection and response to threats.

As of 2023, almost all product segments of the information security market were represented by domestic developers, including the most niche ones. The process of replacing imported vendors with Russian vendors is associated with product maturity, and maturity is directly related to sales. This is the main stumbling block in development, because without proper investments, quality and functionality will not grow to foreign analogues. It remains only to believe in Russian developers and be patient, - said Rodion Vorobyov, head of the software solutions department of the I-Teco Group of Companies.

2023: Information security priorities of business and the public sector

If we delve into the study of the structure of the information security market, then we need to consider the needs of the three main consumers of modern information security solutions: large and medium-sized businesses, financial organizations and government agencies. For each of these sectors, the trends in the development of protective equipment are slightly different, so we will analyze in detail the difference in approaches to ensuring information security for them separately.

Large and medium-sized businesses

On the one hand, representatives of large and medium-sized businesses are more free to choose means of protection and can still choose foreign solutions, but often they are still the owners of critical information infrastructure and personal data, and therefore must at least formally follow regulatory requirements and engage in import substitution. Although the main incentive to abandon foreign solutions is precisely the behavior of the manufacturers of these funds, who at the most crucial moment refused to provide services and support for their products. The main path of import substitution is associated with the virtualization of its infrastructure, its transfer to domestic operating systems and DBMS and the transition from monolithic client-server applications to decentralized web applications in DevOps format. Moreover, the support for this process is the ability to use third-party resources of cloud operators, which are now enough in Russia.

Director of the Information Security Department of Softline Group of companies Dmitry Vasiliev:

For large and medium-sized businesses, solutions that provide comprehensive information protection, including data loss protection, monitoring and analytics, and virtual and cloud security, are now the most relevant.

Security Vision CEO Ruslan Rakhmetov:

Large and medium-sized businesses are now interested, first of all, in the effective cybersecurity and cyber resilience of their business processes, provided with cost-effective methods. The difficult economic situation and the need to urgently replace the solutions of the departed vendors led many Russian companies to solutions and service providers that provide cybersecurity as a service - these are commercial SOC centers, MSS providers, and cloud solutions provided by subscription as part of the SaaS model. Transferring information security management processes to outsiders no longer scares customers, but attracts them with economic feasibility, including payment as the service is consumed (Pay-as-you-go model), the ability to scale horizontally in the event of an increase in load, measurable and predictable results, expertise of the service provider's team, and, finally, the simplicity and speed of connecting such services.

Elena Rukhlova, leading analyst at Informzaschita:

There is a growing need for cybersecurity services related to security analysis, information security event monitoring, incident response and investigation, which is a direct consequence of the increased number of attacks. In general, customer requests have become more "advanced," often no longer enough basic security tools and even SIEM (Information Security Event Management) solutions, SOAR/IRP (Automation of Information Security Incident Response Processes), XDR (Advanced Threat Detection and Resolution Systems) solutions are required. The demand for SOC (Information Security Center) services is growing. Since 2022, the demand for site protection (WAF class solutions) has sharply increased, which continues to remain relevant.

Financial sector

Banking information systems were under pressure from DDoS attacks and phishing no less than large corporate resources. A feature of their functioning is the presence of the largest Russian banks under sanctions, which leads to the need, for example, to receive SSL certificates from the certification center of the domestic Ministry of Digital Development, which, generally speaking, is not recognized by all browsers. In addition, there were problems with mobile applications that banks cannot place in foreign marketplaces. This also forces the banking community to switch to web technologies and protect them already, and in accordance with the rather strict requirements of Russian regulators - the financial industry is considered critical in terms of information infrastructure.

iTPROTECT Technical Director Maxim Golovlev:

If we talk about financial organizations and the public sector, then these areas are clearly and strictly regulated, so changes in them are almost always tied to the requirements of regulators, in particular the Central Bank and the FSTEC. However, these organizations initially pay great attention to the protection of information, allocating appropriate resources to it, both monetary and human. Since they already use a wide range of security tools, first of all, banks and the public sector are now focusing on complex systems that protect against a wide range of threats, from IPS from NSD and antiviruses to vulnerability scanners and threat management systems. In the case of banks, solutions such as database protection and masking, as well as information leakage prevention systems (DLP) are also popular.

Security Vision CEO Ruslan Rakhmetov:

The financial industry is quite regulated, so compliance with legislative requirements here is one of the main drivers. In particular, the tasks of fulfilling the requirements for ensuring cybersecurity of CII facilities, the provisions of the standards of the GOST R 57580 series and the Regulations of the Central Bank of the Russian Federation interconnected with them are relevant. The recently published updated Bank of Russia Standard STO BR BFBO-1.5-2023 will enter into force on October 1, 2023 and clarifies the format of interaction between financial organizations with the Central Bank of the Russian Federation in managing cyber incidents and operational reliability incidents, which will make it possible to more effectively identify fraudulent transactions, cyber attacks and personal data leaks. At the same time, cyber attacks are most critical for the financial sector, leading to downtime of business processes and inaccessibility of services for customers - in this regard, solutions and services to protect against DDoS attacks are of increased interest, as well as cyber threats to ransomware viruses that can not only disable infrastructure, but also blackmail organizations by disclosing stolen confidential information.

BI.ZONE Product and Technology Director Muslim Mejlumov:

From the point of view of cybersecurity needs and priorities, I will highlight an increasing understanding of the value market in EDR solutions and the gradual implementation of such solutions in an increasing number of companies. In addition, the market expects not just point solutions, but mutually integrated products, platforms and ecosystems that can reduce integration costs and speed up the process of implementing complex measures, increase the speed of detection and response to complex attacks, lower the threshold for entering specialists, and generally increase the level of operational efficiency. Financial companies require all the same as large and medium-sized companies, but there are certain nuances. In particular, the need to replace foreign anti-fraud solutions and transfer ATM software from Windows to Linux and, as a result, the changes in the cybersecurity approaches of this platform that follow.

Public sector

Public sector enterprises have long been under the laws No. 44-FZ and No. 233-FZ, which since the middle of the tenths have limited them in the ability to buy foreign software and hardware. Almost all state companies and departments have already developed strategies for gradual import substitution, and in most cases it was necessary to start with a solution to information security. Therefore, the public sector turned out to be as prepared as possible for the departure of foreign manufacturers, and, for the most part, had at least an import substitution plan and the first pilot projects. However, it was the public sector that was the main blow to the activity of both hacktivists of the first wave and subsequent waves of ransomware and applications for stealing valuable data - information dealers. That is why the country's leadership decided to speed up the import substitution process with the help of additional regulatory measures.

Security Vision CEO Ruslan Rakhmetov:

For the public sector, import substitution remains a priority: despite various restrictions on ON foreign and protective equipment that existed earlier, it was the legislative requirements of last year on the complete transition to domestic analogues that are now the main driver. Thus, Presidential Decree No. 166 of 30.03.2022 "On Measures to Ensure Technological Independence and Safety" from critical information infrastructure of the Russian Federation March 31, 2022 for certain organizations (bodies state power and entities CUES acting as procurement customers in accordance with Law No. 223-FZ) a ban was introduced on the purchase of foreign software for use at significant facilities of the CII without the approval of the FNIV, the list of which was determined in Decree of the Government of the Russian Federation No. 1478 of 22.08.2022. The same Government Decree established for these organizations the requirements for the possibility of operating at significant CII facilities only those software products that are included in the unified register of domestic software or in the register of software developed in the member states. EEU At the same time, to ensure the safety of significant objects of CII, it is required to use solutions that also have certificates of conformity FSTEC Russia and/or the FSB of the Russian Federation. In addition, Presidential Decree No. 250 of 01.05.2022 "On Additional Measures to Ensure Information Security of the Russian Federation" from January 1, 2025 introduces a ban on the use by government agencies, state-owned companies and KII entities of funds information protection produced by developers from unfriendly countries or manufacturers controlled by such countries.

Elena Rukhlova, leading analyst at Informzaschita:

The public sector is distinguished by a high level of formalization and, in comparison with business, purchases are determined by the requirements of regulators. A characteristic difference is that import substitution of equipment and software for information security is much more important for state organizations. A separate topic is the demand for analysis of the security of GIS. The Ministry of Digital Development of Digital Science organized an experiment to assess the safety of GIS within the framework of the federal project "Information Security" of the national program "Digital Economy" back in May 2022. It was supposed to be completed in March 2023, but in the end it was extended until March 30, 2024. The catalyst was the growth of attacks on GIS from 2022 in connection with geopolitical events.

BI.ZONE Product and Technology Director Muslim Mejlumov:

For many years in the public sector, the predominance of regulatory compliance over the quality and functionality of solutions has been unconditional. Now certification of solutions is an integral and basic requirement, and customers are ready to do fewer and fewer concessions in the practical value of implementing such solutions. The efforts of the regulator represented by FSTEC are also aimed at this, which increases the requirements for the quality of solutions and is looking for approaches in terms of checking the characteristics declared by vendors. There is an increasing focus on secure software development. The state is actively transferring electronic services to the GosTech platform and is forming new approaches in the field of GIS protection on a multi-tenant platform in the cloud.

CEO of SayberOK Sergey Gordeichik:

The public sector traditionally protects its resources with insufficient personnel and qualifications, and, frankly, we believe that the most effective here will be the transfer of most digitalization functions to cloud platforms with centralized cybersecurity support based on security-as-a-service service providers or platform developers themselves.

2022: How Customer Information Security Priorities Have Changed

2022 has significantly changed the priorities in the field of information security for most companies. In connection with the aggravation of the geopolitical situation and the change in the regulatory framework in Russia, the trend of import substitution came to the fore. Foreign vendors left the Russian market en masse, as a result, domestic companies were forced to look for alternative products among Russian suppliers as soon as possible. Also, against the backdrop of an unprecedented increase in the number of hacker attacks, it was important for companies to urgently take measures to strengthen protection and prevent such threats.

Dmitry Vasiliev, the head of the information security department, Softline confirms that priorities have shifted towards choosing mainly Russian solutions. Companies began to switch from foreign SMTs to Russian-made solutions. (From March 31, 2022, a ban was introduced on the purchase of foreign-made EPIs to protect OZKII). More attention was paid to solutions for protecting WEB resources, AntiDDOS, WAF. Also, according to him, there is a need to conduct an audit to assess security in order to minimize information security threats and fulfill one of the points of the Decree of the President of the Russian Federation of 01.05.2022 No. 250 "On additional measures to ensure information security of the Russian Federation."

Maxim Golovlev, technical director of iTPROTECT, is also among the main priorities for emergency import substitution. According to him, this applies, first of all, to those products that have stopped working or are being updated. It was also important for companies to urgently take measures to strengthen protection and prevent cyber attacks in a number of areas, especially for government agencies, banks, transport organizations, retailers in connection with the growth of attacks on them. And finally, make the transition from foreign cloud solutions to on-premium or cloud, but Russian solutions.

Of the specific information security areas, it is a priority to protect the network perimeter, in particular, by introducing or replacing new generation firewalls and web filtering systems, blocking services from DDoS and web attacks, especially if web services are a business critical asset for the company, adds Maxim Golovlev.

Roman Podkopaev, CEO of Makves (Makves), adds that now it has become obvious to everyone that data is the main prey of a cyber attack. According to him, the security officer needs to remember that it is impossible to prevent a cyber attack, but it can be detected in time and the consequences can be minimized.

Almost all customer companies are faced with one significant difficulty: it boils down to the need for unscheduled financing of IT and information security areas, says Dmitry Romanchenko, head of the information security department at Rubytech. However, this, according to him, was quite predictable.

Each decision in the field of information security - both Russian and foreign - has its own life cycle. Any solution requires technical support, regular renewal and renewal of certificates. Usually all this is calculated, planned and embedded in the financial model of IT and information security operation at the enterprise. After the February events, companies were forced to revise budgets, including adjusting the program related to the operation of solutions. Also, due to the forced change of individual decisions, the business had to urgently finance the retraining of personnel. There were also unscheduled design implementations, taking into account all the mandatory stages, - explains the Rubytech expert.

In general, customers began to pay more attention to practical security issues. As Vitaly Masyutin, Deputy Head of the IBS Platformix Information Security Expertise Center, notes, in 2022, penetration testing, source code analysis, and information security monitoring can be among the popular tasks, regardless of the industry. Also, according to him, interest in cybersecurity services and services has significantly increased.

This is also stated by Sergey Sherstobitov, CEO of Angara Security. His company records an increase in demand for SOC services and, in general, for cybersecurity subscription services. In addition, the demand for security analysis services and application source codes is growing, notes the CEO of Angara Security.

Security Vision CEO Ruslan Rakhmetov also confirms this trend. According to him, the efforts of domestic information security market players are now focused on scaling up the business to meet the multiple increased demand from customers, as well as on expanding the range of "security as a service" offers provided, including MSSP services, external SOC services, and connection services to State system of detection, prevention and elimination of consequences of computer attacks.

Information security priorities of the public sector

Customers from the public sector are actively considering ways to replace infrastructure solutions and elements of the user environment with domestic solutions. This includes operating systems, office suites, servers, directory services, virtualization systems, and many other components. Replacing them leads to the need for testing, adaptation, and in some cases a review of the choice of protective measures.

The transition to domestic products in the field of IT and information security is a key priority for the public sector. At the same time, state-owned companies have a request for additional solutions to protect against current threats. This is directly related to the increased number of new cyber attacks, - said Nikolai Fokin, director of the Information Security Center of LANIT-Integration (part of the LANIT group).

It is worth noting that the public sector as a whole, including companies with state participation, turned out to be the most prepared for the ongoing changes, since the process of migration to domestic solutions began much earlier.

By 2022, they have already developed design solutions and have accumulated sufficient experience in working with domestic software and hardware products, "says Sergey Sherstobitov, CEO of Angara Security.

In addition to the need for technological independence, the public sector faces the task of ensuring the information security of state web resources, protecting against DDoS attacks and data leaks of citizens, and confronting organized cyber groups, including hacktivists and cyber armies. According to Ruslan Rakhmetov, Director General of Security Vision, special attention is paid to the protection of information processed in state information systems and ensuring the continuity of the provision of socially significant services via the Internet.

Customers from the public sector are interested in an automated monitoring and notification system about a potential data leak on the darknet network, said Dmitry Vasiliev, head of the information security department. Softline He also highlights a number of trends. Among them:

• Increasing demand for solutions and projects related to raising awareness of users in information security.
• Strengthening by the academic sector of the direction of training of users in the field of information security in terms of practice - Cyber ​ ​ polygons.
• Growing interest in specific solutions: NGFW, SIEM, Cyber ​ ​ Polygons.

Dmitry Romanchenko, head of the Rubytech information security department, in turn, notes that requests from government customers have become clearer and more structured. This was largely due to the fact that the Ministry of Digital Development, together with the FSB of Russia and the FSTEC of Russia, is very active in monitoring the state of ensuring information security of significant objects of KII. For example, in accordance with the Decree of the President of the Russian Federation of 01.05.2022 No. 250 "On Additional Measures to Ensure Information Security of the Russian Federation," a corresponding Order of the Government of the Russian Federation was developed. It defines a list of key organizations that need to take measures to assess the level of security of their information systems. The list of events today is also regulated.

The Ministry of Digital Development is actively developing various federal services, systems and platforms for ensuring information security, and the very problem of information security has been raised to the federal level. Today it can be confidently argued that the security of state systems in our country is ensured at a high level. This work is becoming more systemic, because threats have become systemic. Only a whole industry can resist their scale, and only relying on state support, says Dmitry Romanchenko.

Information security priorities of customers from the banking sector

Customers from the banking sector retained their strategy for the development of information security, while the task appeared to conduct market analytics, determine and update the requirements for technical security systems. One of the popular areas is the secure development of internal services.

According Softline to Dmitry Vasiliev, head of the information security department, companies from financial sector faced an increase in the number of attacks on their services, which also leads to a revision of the approach to building information security systems, including connecting to external security services, for example, SOC services. As before, a significant driver for the development of information security systems in the financial sector is the requirements of standards CENTRAL BANK , including GOST 57580. In terms of growing interest in specific solutions, he highlights primarily the following: NGFW, DDoS protection, WEB protection, WAF, IDM and SOC.

In addition, customers from the banking industry face urgent tasks to quickly replace the usual imported solutions with domestic ones - piloting, functional comparison, further configuration and administration. At the same time, not all domestic products completely cover the needs of the banking sector in information protection systems. According to Security Vision CEO Ruslan Rakhmetov, difficulties may arise with the replacement of foreign network equipment, including firewalls, as well as specialized banking software and hardware (including HSM modules).

In general, attacks on large financial institutions quite often generate an acute social reaction, especially against the background of a general negative information background, so the urgent tasks will be to counter DDoS attacks, leaks of customer data, disruption of service performance as a result of ransomware attacks, - adds the expert Security Vision.

2021: Due to which the costs of large companies for information security are growing

In 2021, the trend "cannot be reduced, increased" in relation to information security budgets has remained. So, according to the analytical company Canalys, in 2021, information security costs in the world will increase by 10% and exceed $60 billion. Russian experts generally agree with such conclusions, follows from the TAdviser survey. The bulk of respondents notice an increase in information security budgets among large Russian companies. But in fairness, it is worth noting that some industries are still in a difficult situation - for them the pandemic turned out to be a severe shock and, accordingly, the costs of certain categories, including information security costs, at best remained at the same level.

Let's consider the opinions of domestic specialists about those factors that influenced the change in business costs for solutions and services in the field of information security.

Growing priority for information security among company executives

The budget for information security is usually allocated from funds allocated to IT. And if earlier information security services had to win back the budget from DITs or justify the feasibility of increasing costs to the company's management, now the approach is beginning to change. As Sergey Sherstobitov, founder and CEO of Angara Group of Companies explains, information security is formalized as a separate structure, its subordination is increasingly transferred outside IT divisions, and it is firmly established as a strategic unit of the business, since it has a direct impact on its performance indicators.

Mikhail Levitin, R&D Director of Qrator Labs, adds that business began to consider information protection as an integral element of IT infrastructure and support for complex high-tech systems.

In particular, according to our study of the financial industry, about half of the surveyed credit institutions expect an increase in the budget for information security in 2021. 40% believe that it will not change - including, in view of investments already made, often unplanned, at the beginning of 2020, he notes.

The very structure of information security costs has also undergone significant changes, says the general director of the Angara group of companies. Given the increase in the surface of attacks due to the distribution of infrastructure, the priority is the speed of response to threats and emerging incidents, and this requires the implementation and constant support of "heavy" information security solutions with elements of behavioral analytics.

In addition, information security budgets are growing due to the need to constantly test corporate infrastructure for penetration.

Now there is a trend towards an overall increase in the share of projects that involve internal and external pentests. At the same time, the first becomes a continuation of the second, which allows you to assess not only the likelihood of penetration into the company's network perimeter, but also possible vectors of attack development within the infrastructure. The combination of testing approaches allows you to ensure not only formal compliance, but also multiplies the security of the IT infrastructure. For example, a pentest is necessary to ensure the safety of significant CII objects. Also, according to the requirements of the Bank of Russia, it should be regularly carried out by banks, insurance companies and microfinance organizations, - explains Sergey Sherstobitov.

Return of companies to the previous IT and information security development plans

Many companies recovered from the first shock of uncertainty caused by the development of the epidemic and lockdowns in 2020, and returned to their plans for business development, IT infrastructures and, as a result, the introduction of security technologies.

The revival is now noted in almost all areas, but I would call the financial sector, industry and the oil and gas industry the most active, "says Alexander Bondarenko, CEO of R-Vision.

Expansion of digitalization

In connection with the pandemic, informatization and digitalization simply broke into the life of every company and every person, new threats arose, and the number of attacks on the information infrastructure increased. It took a lot of change, and, of course, costs.

In connection with the introduction of digital technologies, growth will be noticeable in all industries, but the fastest growth rates, in our opinion, will be in the field of finance, industry and the public sector, - said Dmitry Luchko, head of system integration at Digital Design Group of Companies.

Ensuring the safety of CII

Specialists record a significant increase in costs from organizations that are objects of CII (critical information infrastructure). At the same time, failure to comply with the requirements of the Federal Law of 26.07.2017 N 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation" threatens companies with sanctions.

Fyodor Dbar, commercial director of the Security Code, adds that in the case of information security incidents, the responsibility of KII officials can go up to criminal.

Industry Specific Features

For some companies and organizations, the increase in information security costs is explained by industry characteristics. For example, the increase in information security costs for large companies operating in the field of retail and e-commerce is due to the increase in traffic. Thus, one of the large retail chains, which actively supports online sales, noted a fourfold increase in traffic in 2021 compared to 2020. In accordance with this, the cost of filtering it from DDoS attacks has increased.

Traffic growth seems to be facilitated by a change in consumer behavior: despite the weakening of quarantine measures, which were especially tough during the pandemic, retail customers spend more and more time searching and studying goods and services online. As for the industries in which the costs of protection against DDoS attacks are growing most strongly, these are telecom, e-commerce and the entertainment industry, - explains Ramil Khantimirov, CEO and co-founder of StormWall.

Fyodor Dbar, Commercial Director of Security Code, also notes an increase in information security costs in the public sector, which is actively digitalizing public administration functions. Import substitution policy also has a positive impact on this process.

What is the demand for information security solutions?

According to the study "SearchInform," in 2020, security costs increased 24% of companies in the Russian Federation. In 2021, even more companies realized that in the current situation, it is impossible to save on security.

We have been conducting a study of the equipment of companies with protective equipment for many years, and this is the picture in dynamics. Since 2017, the availability of administrative tools has grown by 31%, antivirus programs - by 15%, SIEM systems - by 7%. Tempo was not hindered even by the pandemic crisis. Equipping with tools to protect against insider risks (DLP systems) is growing more slowly - by 3% in 4 years, now programs cost 31% of companies. That is, the Russian market has not yet been mastered, - says Lev Matveev, chairman of the board of directors of SearchInform.

According to the observations of Vladimir Ulyanov, head of the Zecurion analytical center, the segment of network security, as well as audit and data protection in storage places (DCAP, DAG, etc.) is growing the most

Although the second segment is more than an order of magnitude inferior to the first in absolute values, but the growth dynamics (year to year) is impressive, he clarifies.

Dmitry Shamonin, Technical Director of Smart-Soft, notes the greatest growth in the areas of BYOD, cloud security and VDI.

Nikita Semenov, head of the information security department at Talmer, calls EDR systems, building commercial SOC centers and MSSP, creating internal SOC centers, as well as next-generation email protection systems as key categories of information security expenses.

Positive Technologies cites as an example the change in sales statistics of its own solutions. Thus, sales of MaxPatrol SIEM (information security incident detection system in real time) increased by 75%, PT Industrial Security Incident Manager (software and hardware complex for deep analysis of technological traffic) showed equally significant indicators - an increase of 80% compared to last year, and sales of the PT Application Inspector application security analyzer more than doubled.

The top most productive products in 2020 included MaxPatrol 8 (security and compliance control system), MaxPatrol SIEM, PT Application Firewall (comprehensive web attack protection tool) and PT Network Attack Discovery (deep traffic analysis system). At the same time, the PT Network Attack Discovery product over the past year, in addition to commercial success within Positive Technologies, has formed the domestic market for Network Traffic Analysis (NTA) solutions.

This is one of the key results of the year: despite the fact that the product has been on the market for several years and is growing far from zero, sales have quadrupled. Our NTA solution is actively replenished with expertise, including in terms of conducting investigations and proactive search for threats. Over the past year, the product has literally become market-forming and today we can say with confidence that the NTA market in Russia has taken place, and we are leading on it, "say Positive Technologies.

Sergey Sherstobitov, General Director of Angara Group of Companies, adds that with the increase in business digitalization, the demand for information security solutions will increase. However, in his opinion, cybersecurity cannot rely solely on technology - the human factor has a significant impact, and one cannot do without the participation of workers in countering cybercriminals.

Information security must be incorporated into the corporate culture. The introduction of the most modern technologies will negate the efforts of information security services, while organizations will have employees who open phishing links. It is necessary to regularly conduct training and testing of employees, increase their awareness of cyber threats and scenarios of cybercriminals, talk about the rules and policies of the company in the field of information security, and work out techniques and skills to repel cyber attacks. This is a permanent process that requires a systematic approach and appropriate investments, the expert sums up.

2020

In the summer of 2020, TAdviser conducted a survey of experts from companies specializing in the field of information security, and found out how business information security priorities have changed - from small organizations to large enterprises.

Remote Security

In 2020, the term "remote" has firmly entered the everyday life of companies, regardless of their size and industry specifics. Office employees changed their offices to their rooms and kitchens. For many organizations, providing remote access in an instant has become the main task that was necessary to maintain its work. As a result, information security priorities have shifted towards protecting remote connections and personal devices of employees.

For most, the priority of number 0 was to provide reliable and secure remote access. We conducted a large survey of C-level managers of companies that are our customers. And more than 70% of respondents talk about this problem. Everyone - both representatives of small banks and the largest industry - is unanimous here, "says Andrey Yankin, director of the Information Security Center of Jet Infosystems.

At the same time, companies needed to solve a number of important tasks in a short time: to ensure the availability of key IT services and data security, remote administration of the corporate infrastructure, secure connection of client equipment to it, and the creation of a secure communication environment for remote specialists.

At the same time, representatives of the SMB segment were often limited to basic security tools - software antiviruses and software firewalls, and available teamwork tools, for example, Zoom or MS Teams, were used to interact with employees, - said Vyacheslav Logushev, director of IT service and outsourcing at X-Com.

Ensuring competent interaction between employees and protecting the exchange of data between employees and the enterprise has become the most urgent problem for SMB companies, confirms Dmitry Agafonov, Development Director of Inoventica Technologies. According to him, there was also a need to resolve issues related to managing the availability of its systems and services.

At the same time, there was an explosive increase in the number of large projects in which companies provided secure access to the corporate network for thousands and even tens of thousands of users. At the same time, such projects were implemented in the shortest, very short time, notes Andrey Shpakov, head of the technical consulting department at S-Terra CSP.

Nikolai Domukhovsky, Deputy General Director for Scientific and Technical Work of the UTSB, notes that remote access from the "elite service" for a limited number of company employees has become massive and critical for business. As a result, companies are forced to invest in large-scale projects for secure remote access.

Of course, mobility has become the number one priority. Moreover, mobility is safe. Now each employee must be able to perform his tasks from anywhere in the world (or at least from his apartment) and from any device, he explains.

Vladimir Lavrov, head of the information security department of the Softline group of companies, believes that the pandemic has leveled large and small businesses: in the new conditions, cyber risks for them have become identical. With the transition of most employees to home-office, the main tasks for most companies were to control the security of the IT perimeter, the need to ensure the protection of remote access to company services, control of home computers and personal gadgets of employees working remotely.

In general, the crisis clearly showed that many information security solutions operating within enterprises turned out to be ineffective in working from home. Therefore, business, both small and large, needed to quickly rebuild to new realities and make operational changes to the information security strategy, - said Sergey Voinov, CEO of EveryTag.

At the same time, the number and degree of threats directed at users has significantly increased, adds Alexey Gorelkin, CEO of Phishman. According to him, the processes of providing remote access, increasing user awareness, providing technical support and incident management remained extremely important areas.

We are seeing that more and more companies are thinking about training employees, because the pandemic and forced work on the remote showed that it is impossible to achieve a high level of security exclusively by technical means, the CEO of Phishman noted.

Cloud Security

More companies are turning their attention to cloud platforms, and at the same time there is a growing interest in cloud security approaches and technologies. Organization security services examine the specifics of attacks on cloud provider infrastructures, on hosted end-customer environments, and select certain technologies to minimize the risks associated with these attacks.

Since part of the responsibility is assigned directly to providers, the security services of companies planning to use cloud platforms are carefully studying the approaches and implemented mechanisms for protecting cloud providers, - said Andrei Ivanov, head of the development of cloud security services at Yandex.Cloud.

Interest of SMB companies in information security services

A number of experts notice a decrease in demand for information security solutions from small and medium-sized businesses.

Throughout the spring, we saw a decrease in demand from SMB, apparently due to the fact that most of the organizations from this segment simply did not function, - said Maxim Filippov, director of business development at Positive Technologies in Russia.

The priorities of small companies have changed dramatically. Already small budgets for information protection have been frozen or delayed "until better times." A large share of SMB was "stopped" and simply waited for a difficult period of pandemic restrictions, - says Denis Sukhovey, director of the technology development department of Aladdin R.D.

This trend is also confirmed in Dr.Web. According to Vyacheslav Medvedev, a leading analyst at the development department of this company, temporarily closed enterprises are in a cash pit and refuse to purchase.

At the same time, some experts predict or already notice a shift in priorities of SMB companies towards the information security service model.

Among the representatives of medium-sized businesses who thought about implementing information security, most of the priorities have shifted and projects have been suspended. Perhaps for this category in the near future it will be more profitable to model information security as a service, - believes Alexey Sukhov, commercial director of Garda Technology.

SMB companies are more limited in their capabilities, many of them are more affected by negative economic trends. For them, one can note a more loyal attitude to the service model, which many began to consider seriously as an alternative to their own information security infrastructure, "says Dmitry Pudov, Deputy General Director for Technology and Development of the Angara Group of Companies.

In 2020, the number of organizations using the information security service model increased significantly. The crisis forces to reduce capital expenditures, - confirms the trend Andrei Shpakov, head of the technical consulting department at S-Terra CSP.

The current epidemiological and economic situation has led to the need to almost in an emergency mode to transfer many processes online while maintaining business efficiency. In such a situation, information security services offering services under the Security-as-a-Service model with a flexible licensing policy have become in demand, which also corresponds to the long-term decline trend in CapEx. Such services, as well as a high degree of automation of information protection process management and information security incident response, helped to ensure the proper level of cyber defense in the current conditions, "says Ruslan Rakhmetov, General Director of the Intellectual Security Group (Security Vision brand).

Continuation of information security projects by large companies

In general, the majority of experts surveyed do not see significant changes in information security priorities among large companies.

Large companies continue to improve security systems to counter complex and targeted attacks, complementing them with modern and more intelligent systems (EDR, UEBA, NTBA, deception technologies), try to work ahead, therefore invest in operational efficiency and automation systems (IRP, SOAR, automated penetration testing tools), pay increased attention to security issues of such new technologies as containerization, cloud security, - said Dmitry Pudov, Deputy General Director for Technology and Development of Angara Group of Companies.

According to Alexei Sukhov, commercial director of Garda Technology, information security is not an item of expenses that business refuses even in times of crisis. Large business, he said, retains previously developed strategies for the implementation and scaling of information security solutions.

As a vendor of software and hardware systems, we work mainly with large, geographically distributed companies. Here in 2020, we note the interest in Endpoint solutions installed on the ARM architecture - controls such as leak protection systems (DLP). But in the case of remote work, such a solution works optimally mainly when employees work with corporate equipment, pre-installed protection services and agent software. Due to the active use of remote access, in particular the use of personal computers and other devices, the likelihood of identity leakage increases. Therefore, we are seeing an increase in demand for means of monitoring network access and detecting suspicious activity, - says Alexey Sukhov.

R-Vision CEO Alexander Bondarenko predicts a slight compression of budgets and a redistribution of funds to those projects that are the most priority for the company. In the current environment, R-Vision estimates that demand for security monitoring and incident response solutions will continue to grow.

2019

Information security priorities of SMB

SMB segment companies are drawn to the clouds, to the service model of service consumption according to the MSSP (Managed Security Service Provider) model. This helps them significantly reduce operating costs in the field of information security.

Now some vendors offer their customers cloud information security services according to the subscription model. In my opinion, medium and small businesses will go to just such a service model of information security, - notes Dmitry Livshits, General Director of Digital Design.

The service model of information security consumption is becoming more and more in demand by small and medium-sized businesses, since these companies cannot afford a large staff of security specialists.

Attackers are well aware of this and often use it, both to penetrate the infrastructure of SMB representatives directly and to implement complex attacks on market giants through the supply chain. Information security outsourcing helps to deal with these threats. The required result is achieved without increasing the staff, - says Oleg Shaburov, head of the information security department of Softline.

According to Vladimir Balanin, head of the Information Security Department of I-Teco Group of Companies, the SMB segment becomes the main consumer of service providers' services, which provide services immediately with integrated information security services: there are no costs for administration, monitoring and maintenance of its own infrastructure, and the risks of regulatory requirements are borne by the service provider itself.

At the same time, the Russian market is now characterized by a very limited supply of information security for SMB. As noted by Andrei Yankin, director of the Information Security Center of Jet Infosystems, almost all service services are aimed at large customers. Typical and inexpensive, but not primitive information security services for SMB, according to him, practically does not exist, although in a number of other countries this market is well developed.

At the same time, with the development of the segment of managed information security services and the prospect of the development of the cyber risk insurance market, this category of customers will have at its disposal measures adequate to modern threats.

In the meantime, SMB companies implement basic IT security, rarely rising to the level of business processes.

Despite this, small companies that carry out information security hygiene measures (updating systems and antiviruses, controlling access, etc.) often turn out to be, including due to the smaller surface of the attack, more complex targets for hackers than corporations with billions of dollars in information security budgets, - said Andrey Yankin, director of the Information Security Center of Jet Infosystems.

According to Dmitry Pudov, Deputy General Director of Angara Technologies Group for Technologies and Development, SMB representatives, with their budgets, access to high-tech or complex solutions is practically closed. This is not solely due to the cost of the solutions, but rather the reason in OPEX that they carry.

The main solutions that customers of the SMB segment purchase are antiviruses and software firewalls, says Yakov Grodzensky, head of information security at SysSoft. In addition, companies in this segment are actively becoming interested in information security auditing and pentesting, because such organizations do not always keep a separate information security specialist on staff, not to mention pentesters.

Vyacheslav Medvedev, a leading analyst at Doctor Web, adds that surveys of medium-sized businesses have shown that such companies do not have funds for protective solutions other than basic ones.

Only a few percent of such companies have money for something other than antiviruses, backup and maintenance of the current infrastructure, he said.

Information security priorities of large business

It is always important for shareholders, owners and top management to have an objective picture of information security and technological processes within the organization, so the overall level of information security maturity in companies is growing every year. However, some large organizations still lack basic order in business processes that ensure the operation of information systems, which can lead to chaos in information security. Therefore, the main priority for large companies is in solving these problems, says Nikolai Zabusov, director of the information and network security department at Step Logic.

In addition, big business focuses on meeting regulatory requirements and internal standards, trying to create a more or less evenly protected infrastructure. Industry standards in the field of information security have been developed and "implemented" in many corporations.

Large commercial companies are essentially faced with a choice: follow the path of digital transformation, or work without changing the paradigm of doing business. But in the second case, sooner or later they will be forced to give up their position in the market to competitors who have shown great flexibility.

Among the priorities for the enterprise segment, I can note, on the one hand, an increase in the efficiency of using classic information security solutions, and on the other, the introduction of means of protection against threats of a new type as part of the implementation of digitalization projects. The latter is very important, since security restrictions are often one of the main reasons for the slow passage along the path of digital transformation, "said Oleg Shaburov, head of the information security department at Softline.

From the point of view of practical security, the vector is increasingly shifting from preventing attacks to detecting and responding to them, said Andrey Zaikin, head of information security at CROC. This leads to the fact that relatively young classes of solutions are becoming more popular and in demand: EDR, UEBA, IRP. Automated response systems have different sets of scripts, scripts, and allow you to block attempts to spread threats.

Dmitry Volkov, CTO Group-IB, notes that companies are starting to introduce more advanced technologies - means of detecting complex targeted attacks, anomaly detection systems, hunting systems for unknown threats in organization networks, conducting remote research and response. At the same time, according to him, security still does not keep up with the attackers.

Vasily Stepanenko, director of the DataLine cyber defense center, lists several more information security business priorities, including a large one:

Web protection is gaining momentum for any company. Everyone has sites and portals, and more and more problems are there. Certain classes of DLP (Data Leak Prevention) security are fading. Everyone who wanted and could have already implemented them and live on these solutions. Active replacement does not occur due to high cost. Now companies are actively putting things in order in their information security services. Everyone optimizes costs, they want to see a return on investments in information security. Companies are tired of investing in emptiness, many began to consider ROI. Large companies advocate a long-term relationship with one reliable service provider.

According to him, the main categories of expenses in the direction of information security are the purchase of equipment and its service (including administration and technical support). But they buy equipment every year less and less, the priority is the purchase of services from service companies.

Another of the key priorities for large companies now is to improve the manageability and efficiency of information security by automating and centralizing relevant operations.

One of the brightest examples is the active creation by many companies of information security incident response centers (the so-called SOCs), as well as ensuring centralized control over compliance with information security requirements through the introduction of compliance control systems, "says Alexander Bondarenko, CEO of R-Vision.

Leonid Ukhlinov, vice president, executive director of Informzaschita, also notes that large companies were actively involved in building their own SOCs. At the same time, in his opinion, one should not forget that SOC is not only technologies and processes, but also people.

Currently, it is no longer a secret that there is a shortage of personnel on the market. Therefore, we expect large companies to show interest in outsourcing, because the built SOC centers require qualified personnel for service, says Ukhlinov.

At the same time, it is worth remembering the legislative initiatives that prescribe the transition to the funds of information security of domestic production. Many companies are now forced to revise their plans for the acquisition of information security funds in accordance with the requirements of the legislation.

Andrei Tymoshenko, information security manager at Accenture Russia, believes that the main task for business is to implement a minimum "gentleman's" set of information security controls. But, unfortunately, he notes, at the moment not all large companies have done this.

According to Accenture's annual Technology Vision 2019 survey, information security is among the top five technology trends for the coming years. In the post-digital era, it is necessary to create models of cyber risk management at the level of an entire ecosystem that go beyond one company. Companies will have to build alliances to combat threats that will be increasingly global. At the moment, only 29% of the managers surveyed in the study are confident that their ecosystem partners pay due attention to information security issues, says Tymoshenko.

2017

Information security priorities of SMB

Cloud Protection

Small and medium-sized businesses are heavily focused on cloud technologies. As Sergei Terekhov, director of the competence center for information security Technoserv"," notes, against this background, the trend of almost complete movement of the business of such companies into the "clouds" is noticeable.

In this case, companies receive the protection they need so much, both from claims from regulators and from external threats. Therefore, the SMB sector is interested in how the requirements are met in terms of, for example, compliance with requirements in the field of personal data protection, and the presence of individual information security services at a cloud provider, he says.

Basic information security level

Due to financial constraints, including the maintenance of qualified personnel, it is usually not necessary to talk about revolutionary implementations and the use of complex analytical solutions in SMB-segment companies.

However, as Dmitry Biryukov, head of the information security department of the Asteros group, notes, there are opposite examples on the market when companies, with relatively modest budgets, build a thoughtful and economically sound information security system.

I believe that the main task of any SMB company is to provide at least a "basic" level of information security by introducing a certain standard set of measures and means of protection and conducting appropriate organizational measures, says Dmitry Biryukov.

Sergey Lapenok, Marketing Director of X-Com, is also of the opinion that most companies in the SMB sector cannot afford to implement complex solutions, so their tasks are usually reduced to protecting against the most massive threats.

Solutions of the class of protection against information leaks or targeted attacks are out of the question in principle. These are expensive and risks, in many cases, if present, then their cost is lower than the cost of introducing and operating complex information security solutions, he said.

Dmitry Gorelov, commercial director of Aktiv, adds that the SMB segment belongs to information security, unfortunately, according to the residual principle. But those who have already reached the information security part and are in trouble are trying to use replicable easily installed solutions to defend themselves for the future.

For a small advertising agency or store, all information security consists in installing an antivirus, but even this is already not bad. Of course, the main customers of information security remain the state and large corporate segment, - notes Gorelov.

Internet protection

Many companies of the SMB segment rely on the development of business on the Internet. This trend is spurred by the general course towards digital transformation and economics, notes Andrey Zaikin, head of information security at CROC.

Therefore, SMB companies are primarily interested in those tools that protect websites, portals, online stores, mobile applications, he explains.

IB-services

SMB companies that understand the criticality of ensuring information security for their business are following the path of using service models.

STC Vulkan notes that many tools are available in the form of a service for such companies, ranging from DDoS protection to information security outsourcing according to the MDR (Managed Detection and Response) model.

This approach allows you to get the best ratio of information security costs and the effectiveness of protection against attacks by cybercriminals, - believes Evgeny Verezub, sales specialist at the information security department of the Vulkan Research and Development Center

"Fire Fighting"

Small and medium-sized businesses, as a rule, do not approach information security issues strategically and are only engaged in "extinguishing fires." According to Nikolai Domukhovsky, Director of the System Integration Department of the UTSB, at the end of 2017, such "fires" were ransomware and cryptominers, unauthorized use of IP telephony, protection of RBS clients, data protection on mobile devices managers, control access to the Internet and secure remote access.

Alina Hegai, head of the information security department of Lanit-Integration (part of Lanit Group of Companies), also believes that information security projects of the SMB segment are more aimed at reducing certain risks as they are identified, for example, to protect against information leakage, antivirus protection, basic protection at the perimeter level.

Information security priorities of large companies

From paper security to real

Big business is reorienting to practical security. According to Sergei Terekhov, director of the information security competence center of Technoserv, the priority of this segment is changing from paper security to real.

Existing trends in information security lead to an increase in demand for technologies such as SIEM, NBAD, IRP, SOC, BI, with an important component towards visualization, performance metrics and information security processes, he says.

Evgeny Verezub, a specialist in the sales department of the information security department of the Vulkan Research and Development Center, notes that large companies with developed information security infrastructure are focusing their attention on increasing the efficiency of the Security Operation Center (SOC) by vectors:

• Create a SOC competency center and use the Threat Intelligence Service
• formation of a professional team;
• Improve vulnerability and incident management processes
• Improve the quality of IT security event monitoring
• building effective interaction between IT and IT areas within a company or organization.

Maxim Filippov, Business Development Director of Positive Technologies in Russia, adds that an increasing focus on practical security has been reflected among large businesses and among state corporations. Including to the realization of the need to create real security, the market was also pushed by preparations for the entry into force of the Federal Law N 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation."

In accordance with the existing regulatory framework and those draft documents that have already been published, after January 1, 2018, each company related to CII will receive exactly six months in order to categorize the objects of its information infrastructure, to identify among them those that fall under the law on CII. Next, they will have to start creating protection for these facilities and connecting to State system of detection, prevention and elimination of consequences of computer attacks. Nevertheless, there is a certain share of mature companies in the domestic market, which, even without falling under regulatory requirements, have realized the need for such centers and planning their implementation, "Filippov notes.

State system of detection, prevention and elimination of consequences of computer attacks

The project of the State System for Detection, Prevention and Elimination of the Consequences of Computer Attacks on Information Resources (State system of detection, prevention and elimination of consequences of computer attacks) is actively developing. Both state institutions and commercial companies that own the critical information infrastructure and information resources of the Russian Federation must be connected to the system.

Andrei Zaikin, head of information security CROC the "" department, notes that according to the 187-FZ State system of detection, prevention and elimination of consequences of computer attacks , systems of various directions should be connected to such industries as health care transport, communication power, banking, fuel and energy complex, nuclear energy, defense, rocket and space complex, mining, metallurgical and chemical industries, etc. In addition, state-owned companies must also comply with the requirements for the protection of critical information infrastructure facilities.

Maxim Filippov, for his part, recalled that Positive Technologies and Solar Security have combined proven Russian products with the experience of the largest commercial center for monitoring and responding to cyber attacks. Within the framework of this direction, the customer is provided with a set of technological solutions necessary to create the State system of detection, prevention and elimination of consequences of computer attacks center. It includes products for building information interaction with the main center of State system of detection, prevention and elimination of consequences of computer attacks, incident management, monitoring the security of the internal infrastructure and perimeter, protecting critical web services of the organization, detecting and blocking malicious activity.

Comprehensive solutions

In large companies, especially distributed ones, customers gravitate towards comprehensive solutions implemented within the framework of the formed development strategy.

According to Alina Hegai, head of the information security department at Lanit-Integration (part of Lanit Group of Companies), companies try to periodically assess the level of security of information assets, centralize the information security competencies provided within the group of companies, and consider "complex" information security solutions both in terms of technologies and implementation processes.

Customers pay attention to the fact that it will either bring additional profit to the organization, or reduce its costs. From the point of view of technical systems, there has been an increase in interest in protection systems against targeted attacks, privileged account management systems, comprehensive security systems, as well as audits and security assessments of corporate information systems, including pentests, she says.

Centralization

Lev Matveev, Chairman of the Board of Directors of SearchInform, notes that large companies have a noticeable trend towards centralization, combining all security decisions into a single mechanism.

He explains this by the fact that large customers have long implemented and effectively use advanced protection technologies: each individual product is used with 100% efficiency in its site.

Now the task is to establish interaction between them, reduce the reaction time, have more data for centralized analysis, "he explains.

Information security outsourcing

Increasingly, customers are deciding in favor of outsourcing a number of information security support functions. Such a step largely unloads full-time specialists.

However, as Dmitry Biryukov, head of the information security department of the Asteros group, notes, not all processes can be transferred "to the side." Each company must decide for itself how it will treat outsourcing.

For example, one of our customers from the banking sector has transferred questions on the maintenance of information security documentation to us. We are talking about the constant revision and maintenance of the package of organizational and administrative documents, its update in accordance with changes in legislation, the collection and preparation of reporting materials when passing inspections of the parent company and regulators, including the Central Bank of the Russian Federation, - says Biryukov.

Interest in basic security

A number of experts believe that large companies early forgot about basic security.

According to Alexei Grishin, director of the Information Security Center of Jet Infosystems, in recent years, large businesses have actively invested in what can be called the "icing on the cake" in the information security world: active monitoring of information security, construction of SOC, automated management of user rights, tracking violations at the level of business logic (including anti-fraud), Threat Intelligence, etc. But the latest major virus epidemics have shown that large businesses early forgot about basic security.

Now there is again great interest in managing updates and vulnerabilities, including outsourcing these functions, advanced antivirus protection, infrastructure penetration tests, raising user awareness, the demand for solutions that help detect previously unknown threats (various sandboxes, heuristic analysis systems) has increased, - he notes.

Need for information security specialists

In large commercial and state structures, information security issues are paid much more attention. But even here their difficulties arise, with, it would seem, a fairly serious technical study and the presence of a large number of already acquired solutions.

As Dmitry Biryukov, head of the information security department of the Asteros group, notes, a "bottleneck" is a certain shortage of specialized specialists and a relatively small staff of information security employees: any expensive products without adequate support and administration turn into a pile of iron, and the absence of a serious organizational component condemns the information security system to ineffective functioning.

See also