Import substitution in the field of information security

2024: Import substitution of information security and software in CII should be completed in 100 days. Many do not have time

The BISA Association announced the results of a survey of Russian companies for readiness to comply with the requirements of two presidential decrees of 2022: No. 166, which requires import substitution of software at CII facilities, and No. 250, which obliges to abandon the use of information protection tools (IPS) produced in unfriendly countries. Both decrees set a deadline of January 1, 2025, which is only a hundred days away.

We have two decrees: No. 166 - on import substitution of software at KII facilities and No. 250, concerning information protection tools, "Yevgeny Khasin, director of the Ministry of Digital Development cybersecurity department, explained at the association's summit. - The second is significantly wider than the objects of CII. A total of about 100 thousand organizations fall under it. These are systems of state bodies, and strategically significant, and system-forming objects, including CII objects. There, the wording is not import substitution, but a ban on the use of means of protecting information from unfriendly countries. Recently, there was an addition to this decree, where, in addition to information protection, it was about services. Not only the products themselves, but also services. They also cannot be used. There is no question of postponing the deadlines. There are decrees and they must be executed.

Evgeny Khasin described the current situation with import substitution

At the same time, according to a poll by the BISA association by decree No. 250, the results are optimistic: 25% of respondents said that they had already fulfilled the requirements of this decree, and another 9% - which was used only by Russian IPS before. Another 14% of respondents do not apply to the requirement of the decree, and another 32% promised to completely or partially abandon the use of foreign products by the deadline. Only 20% of those participating in the survey said they would not be able to fulfill it on time.

At the same time, the situation on import substitution of software is significantly different, since it does not apply to 32% of respondents at all. Only 7% said that they have already fulfilled the requirements of Decree No. 166, and plan to fulfill the requirements by January 1, 2025, another 8%. They think that they will be able to partially fulfill by January 2025 - another 32%. They have no idea when they will be able to fulfill the decree - 14%.

Regulators discussed the level of execution of decrees No. 166 and No. 250

If we take it from the procurement of state bodies and state-owned companies, then according to formal figures in information security, it's just happiness in front of me and all regulators, because the numbers are approaching 100%, "said Ilya Massukh, director of the ANO" Center for Competencies in Import Substitution in ICT. " - About 96%, about 97% in different classes. We have only two classes behind: NGFW and backup. These classes are at the level of 75-80% import substitution. They are still lagging behind, but still 80% are numbers that are unattainable for other classes of systems. According to databases or operating systems, if we talk from the point of view of use, then the replacement level is in the region of 50%, or even lower.

FSTEC also shows good figures on the transition to domestic means of protection and registration of significant objects of CII.

By decree No. 250 for 2023 and 2024, the register has an increase of 462% for significant objects where domestic means of protection are used, - said Vitaly Lyutikov, Deputy Director of the FSTEC of Russia. - This growth is more than four times. The increase in the share of facilities with Russian SMTs is observed and has a positive trend. The growth of significant objects for the end of 2023 and the first half of 2024 amounted to 48%, that is, more than 20 thousand new objects were added. And regulatory requirements change, and people mature, and understand the inevitability of consequences and punishment.

Vitaly Lyutikov on filling the register of CII objects

That is, by January 1, 2025, the situation with import substitution of protective equipment (decree No. 250), especially in state bodies, is working, but with import substitution of basic software (decree No. 166), the situation is somewhat worse. Moreover, this year another "May decree" was adopted^[1] "On the national development goals of the Russian Federation for the period up to 2030 and for the future until 2036." In it, in particular, there is such a point 8d:

The transition by 2030 of at least 80 percent of Russian organizations in key sectors of the economy to the use of basic and applied Russian software in systems that provide basic production and management processes

Here we are talking about import substitution in commercial companies of key sectors of the economy. To do this, it is planned to create its own legislation and methods for promoting domestic solutions.

There is a presidential decree in May, in which he outlined the task for state-owned companies and government agencies to switch to 95% by 2030, and for other companies and organizations with a different form of ownership - ordinary commercial or public - to switch to 80%, - said Ilya Massukh. - In fulfillment of this decree, a law will be issued, which is aimed at the transition of ordinary organizations - non-state - also to domestic software. This is a whole task. It's a different kind of regulation. They are more difficult to order and control. Therefore, we see the main task in the development of such a law. This will lead to the fact that the market for Russian developers will expand. I hope that the quality will improve and the cost will decrease.

Ilya Massukh reveals plans for further import substitution

So far, the corresponding bill is only being developed - it has not even been submitted to the State Duma, therefore, it is still difficult to understand how exactly "commercial import substitution" will be arranged, among the subjects of which there will be both medium and small enterprises (SMEs). Nevertheless, the discussion of the contours of such a bill has already begun.

First, different organizations differ in terms of the technologies they use, "said Sergey Demidov, Director of the Department of Operational Risks, Information Security and Business Continuity, Moscow Exchange, to TAdviser. - For certain sectors of the economy, typical solutions are suitable, agreed initially by the regulator and having a cost that will not kill the SME economy. Such funds will be suitable for them. The second direction is cloud services, when SMEs with their technology are the consumer of these services from the cloud. If this cloud passes the necessary certifications and certifications, then such an infrastructure will be secure. The third is to focus on those sectors of the economy where typification is impossible. In these industries, you need to have industry standards of regulation so as not to try to comb everyone under the same comb. This can be achieved by proportional adjustment. The Central Bank has elements of proportional regulation when the requirements for different organizations are different from the point of view of security, depending on the scale of the organization's activities and the scale of the risks that this organization carries.

Sergey Demidov reflects on future import substitution in key sectors of the economy

2022: Import substitution in information security: assessments of the current situation and the main difficulties of migration from foreign systems

Import substitution is perhaps the main trend for the Russian information security market in 2022 and in the coming years. The ratio of foreign and domestic information security solutions used by Russian customers varies greatly depending on the industry. In the public sector and in significant objects of critical information infrastructure (ZOKII), the share of domestic solutions prevails significantly and can reach 90-100%. In general, among commercial structures, the ratio of foreign information security solutions used to Russian ones, according to the average assessment of experts, is approximately 50/50.

Compared to previous years, the pace of import substitution has accelerated significantly. The departure from the Russian market of a number of foreign vendors freed up some niches for domestic developers. However, the maturity of domestic solutions does not always correspond to the functionality of foreign ones, experts say.

We see great interest from customers, a large number of pilots and tests of domestic products are carried out. Thanks to these activities, the developers received a larger number of requests for revision. Including, due to the implementation of such additions, they will be able to bring their products to the level of world leaders, some of the solutions are already there, - notes Sergey Sherstobitov, CEO of Angara Security.

In Russia, the local information security market is strong enough, confirms Alexander Bondarenko, CEO of R-Vision. At the same time, there are not many countries in the world that can boast of having the same number of local producers. And this is despite the conditions of the average development of the startup environment and the not frequent appearance of new information security companies on the market, as is the case in the United States.

We have many analogues for most modern protective equipment. But we must honestly admit that Russian companies in conditions of financial restrictions (due to the lack of large-scale venture capital investments in the industry) invest an order of magnitude less in R&D than world leaders. All this leads to the fact that technologically in a number of areas we are still lagging behind. Thus, we can say that domestic manufacturers are ready to offer alternatives to many products of foreign vendors that leave the Russian market. But in some cases, these alternatives may not be so functional, productive and do not always meet customer expectations. But I am convinced that this lag can be made up by financing from domestic consumers, only this can take several years, "says Alexander Bondarenko.

He also notes the heterogeneity of the market in terms of the presence of foreign vendors in various niches.

For example, in the SOAR or SGRC segments of solutions, in which R-Vision also works, foreign manufacturers, according to our estimates, occupied no more than 15%, so their departure will not significantly affect the balance of power. A similar situation is observed in terms of antivirus solutions and vulnerability management products. But if we take network security, backup, monitoring and analysis of logs, then in these areas foreign vendors occupied either a dominant or significant share, therefore, their departure will lead to difficulties associated with finding a replacement, as well as a serious redistribution of shares among market participants and, possibly, the emergence of new players, - concludes the expert R-Vision.

The NPPKT company adds that if everything is not so bad in the field of software solutions, then the situation with software and hardware IPS is not encouraging, since there is no base of its hardware. Also, large problems are observed when trying to modernize the MOT ACS due to the large amount of proprietary software for controlling industrial controllers.

According to our assessment, it is not worth waiting for any changes in these areas in the next year or two. The situation with the development of its own industrial controllers may improve if the semiconductor product market stabilizes, the company says.

Ruslan Rakhmetov, General Director of Security Vision, adds that it will be possible to talk about complete import independence when a comprehensive information ecosystem is created that ensures interaction between hardware produced in the Russian Federation and Russian operating systems, drivers, system utilities, application software and information protection tools.

What are the difficulties of replacing foreign information security solutions with domestic ones

The labor intensity of replacing foreign information security products depends on the specific class of solutions. Replacing the antivirus is quite simple, says Rustem Khayretdinov, director of growth at BI.ZONE. At the same time, transferring thousands of proprietary rules from a DLP or SIEM system to a new one is not an easy task, almost manual work, a migration project for a couple of years.

The more customized rules in the system, the more difficult it is to move, "explains the BI.ZONE expert.

Vitaly Masyutin, deputy head of the IBS Platformix information security expertise center, lists several other factors. According to him, the labor intensity of this process can be influenced by the duration of use of a foreign analogue, the functions involved, configured integrations and the processes used.

The main difficulties are the absence of some secondary functions, differences in the logic of work, classical difficulties of migration projects, lack of information and documentation, compatibility problems, unpredictable impact on the infrastructure as a whole. The easiest way is to replace endpoint security solutions and information security monitoring solutions. The most difficult thing is solutions with a large number of integrations, for example, IDM- Vitaly Masyutin believes.

The infrastructure of companies has been based on foreign solutions for years, and according to the maneuver of the stick, replacement will not occur. This is a really complex process that requires the stress of all elements of the supply chain - customers, integrators, manufacturers and logistics companies.

According to Sergei Sherstobitov, Director General of Angara Security, the difficulties of import substitution are also associated with a shortage of expertise and human resources in general. In addition, there are challenges to quickly scale successful projects due to the uniqueness of each client.

After the departure of Western companies, domestic vendors got a great chance to seize previously inaccessible market segments. Customers from these segments are accustomed to a certain level of products and service, and in this situation they expect a similar approach from Russian vendors. At the same time, the replacement of foreign systems with a long history of operation and administration is associated with a large amount of work on auditing the current state, consulting in terms of choosing replacement domestic products to minimize current cyber risks, and careful planning of project activities.

Customers may face a situation in which the chosen Russian solution simply will have no one to qualitatively accompany within the company - they will either have to urgently train the new solution of existing employees, or hire new ones, which will not be easy in conditions of chronic personnel shortages, "says Ruslan Rakhmetov, General Director of Security Vision.

According to him, the way out may be the use of an outsourcing or service model, in which the customer receives the predicted level of quality services and gets rid of the need to hire and retain employees.

The easiest way will be to replace the basic information protection tools - antiviruses, software firewalls, host intrusion detection systems, EDR solutions. It will be more difficult and long to switch to domestic SIEM systems, XDR solutions, WAF products, sandboxes, email protection systems. The largest calls await customers when replacing hardware and software systems, network devices, highly specialized security tools, "the Security Vision expert believes.

The company "Sissoft" advises to look for new software based on solving a specific business problem and not try to choose software as a replacement for the functionality of the usual solution that has ceased to work.

Most often, instead of one product, you will have to use several domestic programs to solve a specific problem. This is a reality that we face constantly: the functionality of Russian solutions is often not as extensive as that of foreign analogues, - notes Dmitry Kovalev, head of the information security department at Sissoft.

At the same time, information security solutions are often "deeply embedded" in the customer's information system, so it is not always possible to do with a "modular" replacement, says Dmitry Gusev, Deputy General Director of InfoTeCS.

Since Western solutions had a wider application, more expertise has been developed to integrate them into a single ecosystem. With domestic analogues, integration issues are at the initial stages of the solution. In addition, domestic solutions in themselves were focused on integration with Western products and often support Russian in a very small volume or do not support at all.

A striking example is. VMware All domestic solutions are ready to work on this virtualization system, but few are ready to deploy in the system, virtualizations Brest- say AST.

Thus, if a customer who has a Russian information security system on VMware must urgently switch to a domestic virtualization system, then there will be problems with the operation of a domestic information security solution.

As a result, in addition to the task of replacing the solution itself, we get an additional task of migrating from a virtual environment to a physical one. And this is a completely different budget, additional competencies, additional time, etc., - explain in AST.

Maxim Golovlev, CTO of iTPROTECT, adds that Russian clouds are mostly built on foreign virtualization tools or opensource, and it was for them that security tools, especially certified ones, were focused. However, in his opinion, as soon as Russian clouds begin to "move" to Russian virtualization tools, the issue of developing domestic cybersecurity tools may become more active.

Dmitry Belov, Development Director of BSS-Security, mentions another problem - the bureaucracy of business processes in many companies. It prevents the necessary decisions from being made promptly and in a timely manner. Also, according to Belov, many employees of companies and administrators of information security systems consider domestic information security solutions not able to close all potential attack vectors.

To debunk these fears and not make a mistake in the correctness of choosing a domestic decision, you have to spend a lot of time piloting, justifying and protecting budgets, says the development director of BSS-Security.

For which foreign information security solutions there are no domestic analogues

Domestic experts of the information security market note that by now in Russia there are no frank white spots in the landscape of information security solutions, while they admit the presence of gray ones.

In particular, as Angara Security CEO Sergei Sherstobitov notes, there are a number of product areas that need additional development and increased productivity, but this is only a matter of time, money and the desire of the parties to come to the desired result.

The most difficult thing to replace is not information security solutions, but hardware platforms - due to the weak predictability of the delivery time of hardware components, - he clarifies.

Vitaly Masyutin, Deputy Head of the IBS Platformix Information Security Expertise Center, adds that the current problem is the lack of high-performance firewalls capable of operating at speeds of 100 Gbps and higher. In addition, according to him, so far no analogues of highly specialized solutions and complex security services such as SASE have appeared. In some cases, the choice is limited to 1-2 domestic decisions, he explains.

Alexander Goltsov, General Director of AMT GROUP, in addition to problems with high-performance firewalls, notes an extremely small number of domestic products for protecting industrial networks and APCS systems.

iTPROTECT believes that it is now problematic to replace web application security scanners, both in the format of cloud services and on-premiere. Also, according to company representatives, there are no direct analogues of foreign secure access brokers (CASB) to clouds and network access control systems (NAC).

Do not forget about the issue of individual choice. Formally, the solution may be on the market and at the same time not suitable for the customer's task due to architectural or functional capabilities, or this replacement will require serious inappropriate changes in the infrastructure, says Maxim Golovlev, CTO of iTPROTECT.

In general, the interviewed experts of information security companies note that for almost all types of information security products there are domestic analogues, the only question is functionality and stability of work.

Cross Technologies' answer looks the most optimistic:

At the moment, you can replace everything. And what does not change directly is solved through a change in the paradigm of information security protection.

2020: Ministry of Digital Development plans to regulate public purchases of antiviruses

On February 7, 2020 TAdviser , it became known that Ministry of Digital Development, Communications and Mass Media of the Russian Federation it had prepared a draft order#^[2] of the Ministry of^[3], which defines the form and procedure for presenting information centralized purchases. anti-virus software The project was published on February 6, 2020. More. here

2019: The state will force Russian information security vendors to spend money, and the "Varangians" to leave

The Federal Service for Technical and Export Control (FSTEC) approved in April 2019 a new list of requirements for the processes for the development, production and security support of information protection tools (IPS), depending on the level of trust assigned to them. The corresponding information message is posted on the official website of the department^[4]

In accordance with the new rules, six levels of trust are established for the SMT. The lowest level is the sixth, the highest is the first. Information security means corresponding to, for example, the first, second and third trust levels are used in information systems in which information containing information constituting a state secret is processed.

Under the new rules in relation to IPS, tests should be carried out to identify vulnerabilities and undeclared capabilities ("bookmarks," "backdoors") in accordance with the methodology developed and approved by the FSTEC in February 2019.

FSTEC considers firewalls, intrusion detection tools, antivirus programs, trusted download tools and monitoring of removable media, as well as other solutions in the field of information security as means of protecting information.

The requirements come into force on June 1, 2019 and relate to developers and manufacturers of software and hardware information protection tools, applicants for certification, as well as for testing laboratories and bodies performing work on certification of protection tools for compliance with information security requirements.

The agency recommends that developers and manufacturers of EPFs assess the compliance of their solutions with new requirements and submit the results to the FSTEC of Russia for re-issuing compliance certificates by January 1, 2020, otherwise the certificates may be suspended.

2017: How did the trend of import substitution affect the information security market? Expert opinions

If we summarize all the statements of Russian participants in the information security market about what effect was achieved from the import substitution policy, then we can conclude that in general, customers became more interested in domestic solutions, the share of such products began to grow, and Russian analogues appeared for some foreign systems.

Below are the statements of Russian information security experts about the impact on the market of the import substitution trend (November-December 2017).

Customers, of course, have become more interested in Russian-made solutions. I believe that such dynamics will continue in the near future, and domestic competitive decisions will have a certain priority. It is clear that in some areas Russian developments cannot yet compete with foreign ones. At the same time, not all Western vendors have solutions that have passed the Russian certification system and can be used in government agencies, banks, at critical facilities - where there are mandatory requirements for the availability of certified protective equipment. However, a number of foreign manufacturers and solution providers are seriously engaged in this issue and carry out activities aimed at ensuring compliance with Russian legislation in the field of certification of information protection tools. 'Dmitry Biryukov, head of the information security department of the Asteros group '

Since the emergence of the term "import substitution," the market of Russian technologies has changed significantly. The register of domestic software includes more than two thousand positions. The modern market of our information security products can already offer solutions to ensure the protection of state interests and secure the business of commercial companies. Previously, customers with a high level of maturity of IT/information security services did not consider Russian vendors in principle, and now they increasingly agree to test domestic solutions, and often in the end the choice falls on them. At the same time, the proposed domestic solutions have ceased to be inferior in functionality and level of service to foreign counterparts and, in combination with the ruble price list, look tempting for Russian customers. Another advantage of domestic solutions is that they are created taking into account Russian specifics. The most competitive solutions of domestic manufacturers in terms of antivirus protection (AV), protection of web applications (WAF), protection against leaks of confidential information (DLP), protection of SCADA systems. The market for SIEM systems, firewalls, intrusion detection/prevention systems (IPS/IDS), credential management systems (IDM), enterprise mobility management systems (EMM), protection against targeted attacks, privileged user control systems (PAM) and a number of other systems remains with overseas manufacturers, but the share of domestic solutions presence is steadily growing. 'Ilya Timofeev, Head of Department at the Industrial Safety Center of Informzaschita Group of Companies

The share of domestic solutions in the segments of the information security market is increasing. This fact cannot be denied. This year we had a little more than ten projects, where our large customers, primarily government agencies and companies with state participation, made a transition to our products, abandoning the use of already implemented Western analogues. A comparable number is under development and will be implemented in the first quarter of 2018. 'Maxim Filippov, Business Development Director of Positive Technologies in Russia '

The most active interest in the topic of information security today is shown by state organizations and enterprises of the industrial complex. And the policy of import substitution, of course, played an important role in this. In addition, it should be understood that the widest selection of Russian products today is characteristic of those information security tools that have long been noted by regulators as mandatory and recommended. I.e. the information security market turned out to be more prepared for import substitution than the IT market as a whole. The most wide selection of Russian products is now observed in the field of antivirus protection, DLP systems, means of protection against unauthorized access, security analysis, means of cryptographic information protection, etc. 'Andrey Zaikin, Head of Information Security at CROC

Of course, over the past few years, the demand for means of protecting information of domestic production has significantly increased. At the same time, this trend is characteristic of both commercial and state-owned enterprises. It should also be noted that against the background of increased demand, new Russian products and solutions began to appear on the market, which in some areas may well compete with Western counterparts. 'Victor Serdyuk, CEO of DialogueNauka

The trend of import substitution, the withdrawal from the market of a number of foreign vendors and the actions of regulators have become key drivers of the growth of domestic suppliers of solutions and information security services. In particular, according to the results of the first three quarters of 2017, we are seeing an increase in the supply of malware protection systems, multi-factor user authentication, as well as traffic filtering and network attack detection. The main deliveries were made in the implementation of competitive contracts with state-owned enterprises and large companies of the financial and banking sector and the resource industry. And while regulators are on course to reduce the dependence of the Russian IT industry on foreign developments, this trend will not lose its relevance. 'Sergey Lapenok, Marketing Director of X-Com '

Russian manufacturers initially dominated the domestic information security market, and the trend towards import substitution contributed only to a slight increase in their share by ensuring compliance with new certification requirements and the release of new products. If we talk about foreign markets, then so far the exit and successful work of Russian manufacturers of information protection tools on them is of a single nature and cannot be considered as a trend. We do not foresee significant changes in the coming years. 'Alexey Zaletsky, head of the information security department "Amtel-Service" '

Import substitution is an excellent incentive for Russian manufacturers of information security solutions to improve their products and business processes in order to fully meet the high requirements of customers. There is also a reverse side of the coin - import substitution leads to an increase in the cost of domestic information security solutions. At the same time, domestic software developers can invest in research and development, which makes them more competitive not only in Russia, but will also give wider opportunities for entering foreign markets. 'Sergey Sherstobitov, CEO of Angara Technologies Group '

{{quote 'author
= Maria Voronova, head of consulting at InfoWatch Group of Companies | More and more domestic solutions appear on the information security market, which are able to compete with foreign ones, are included in the lists of the best products based on the results of research by well-known world analytical companies. For example, the "Magic Quadrant" Gartner ("Magic Quadrant for Enterprise Data Loss Prevention") since 2013 included only one Russian product - InfoWatch Traffic Monitor, and this year it is the first among three domestic DLP solutions. The emergence of new Russian participants in the Gartner quadrant illustrates the growing confidence in Russian technologies in general.

According to my forecasts and taking into account the great attention on the part of the state to ensure the digital sovereignty of the country, the topic of import substitution in the field of software and hardware platforms will develop in several directions: increasing the competitiveness of domestic solutions in the global market and improving the legislative framework. }}

Import substitution has become a serious phenomenon on the Russian market. The course towards the use of domestic technologies did not lead to an instant effect, but in the long term the share of foreign suppliers will still decline, and Russian companies will come in their place. This trend certainly has a downside: in a number of situations, import substitution creates almost monopoly conditions, which can negatively affect the quality of the products supplied. Nevertheless, in my opinion, in most cases this will be compensated for by internal competition between domestic companies. 'Alexander Bondarenko, CEO of R-Vision '

Most of all, the trend towards import substitution is noticeable in the public sector and at enterprises that have fallen under sanctions. But it should be noted that, unfortunately, there are areas of information security in which Russian vendors compete very poorly with world giants. In this regard, when it becomes necessary to choose certain solutions in the public sector, equipment and software of foreign vendors are still actively purchased - this has to be done due to the lack of analogues in Russia. 'Yakov Grodzensky, Head of Information Security at SysSoft

{{quote 'author
= Dmitry Gorelov, Commercial Director of Aktiv | You need to understand that the information security market before the advent of import substitution was already partially protected, if we talk about cryptographic things. There was its own regulation. Western cryptography has not and will never be used for government projects. If we talk about other segments of the information security market, then of course, state corporations began to seriously look at Russian vendors in the presence of other respected Western players. Here, the import substitution process made it possible for many specialists who are engaged in the localization of imported funds to make joint projects.

Import substitution for the short term creates some problems for the customer who is introducing information security funds, but in the long term I see only one advantages. Because without healthy protectionism and a desire to control the main things in our country, we will not create a full-fledged IT market. It is easy, understandable to start with information security, and no one has questions. Thank God, we have a very good school in both cryptography and security against unauthorized access. Companies with more than 20 years of experience are on the market. On this basis, and not from scratch, you can make projects using a minimum of Western solutions or with their absence at all. }}

{{quote 'author
= Anton Samoilov, CEO of EveryTag | Over the past year, the demand for domestic information protection has grown significantly in many sectors of the economy. And now I do not take into account the public sector, which, according to the law, simply cannot use foreign solutions. In addition, more and more companies today express confidence that in the next few years Russian software will be able to completely displace imported software.

However, there is also a certain confusion of domestic business, a lack of understanding in which direction to move. It is connected with the still insufficiently developed expertise on new, Russian software. At the moment, there are not many specialists on the market who understand all the features of Russian solutions. For this reason, it is extremely important to educate and train such professionals, as well as develop their own competence centers in organizations. }}

{{quote 'author
'= Alexander Irzhavsky, technical director of NTC "Vulcan"' | The rate of import substitution in the information security market was reflected in several phenomena.

In the segment of the public sector, there was a significant shift in the choice of protective equipment by customers towards domestic manufacturers. Many organizations that previously willingly worked with foreign products have sharply and unambiguously changed their policies: we work only with domestic solutions. Such customers usually select one way or another a product suitable for their requirements and work with it.

Someone is trying to take advantage of the right to apply import solutions in the absence of a domestic analogue and follows the path of a complex and ambiguous justification procedure. Ambiguous - since in the absence of a "reinforced concrete" argument in favor of a foreign product, the initiator of the justification risks a lot: there are already examples of public scandals challenging the results of comparative analysis declared in competitive procedures.

Commercial customers as a whole retain the freedom of choice between imported and domestic solutions. Priorities, if they have shifted, then not much. As before, many with a calm soul prefer more functional solutions, regardless of their origin. As before, for many, the choice of means of protection is determined by the budget allocated for cybersecurity.

Russian developers took the course on import substitution with enthusiasm. Many hastened to enter the register of domestic software in order to be able to more actively work with state customers. Someone makes a sight on the unwinding flywheel 187-FZ, State system of detection, prevention and elimination of consequences of computer attacks and strengthening the regulatory component. If the support of the state, and therefore additional money, is transformed not only into an increase in the profit of developers of protective equipment, but also into an improvement in the quality and functionality of their products, the industry has a good chance to get new modern solutions that are not inferior to foreign counterparts. And then it's up to market mechanisms. }}

{{quote 'author
= Nikolay Domukhovsky, Director of the System Integration Department of the UTS | First of all, the information security market (and IT) began to look more east. This was shown very well by the InfoSecurity Russia exhibition held in the fall, where traditional Western vendors showed record low activity, and colleagues from China showed the opposite.

But it is not the east that the market is alive alone - over the years of the import substitution trend, eminent developers of domestic information security solutions have become very active - new products, new versions of the classic line, an additional sales market has had an extremely beneficial effect on these manufacturers. In addition, completely new domestic players have appeared, who set themselves the goal of occupying their niche not only in the domestic information security market, but also to enter the international level.

I believe that this movement is very positive in the long term - all the development of IT is based on the fact that there are no "well-deserved authorities" in the market. Even seemingly unshakable colossus like Microsoft, Cisco and IBM can be swept away by young and more flexible players in a matter of years. }}

{{quote 'author
'= Alina Hegai, Head of Information Security at Lanit-Integration (part of Lanit Group of Companies)'
| Import substitution had a positive effect on domestic manufacturers: relevant products are developing, the market is expanding, analogues of foreign products appear, taking into account Russian specifics. But it cannot be said that at the moment the Russian market can satisfy most of the needs of information security at the expense of Russian-made products.

Import substitution also made its own adjustments to the procurement processes, including those related to the justification of the need for foreign software.

The prospects for import substitution are currently poorly predicted, but this issue is increasingly being paid attention to at the state level. For example, within the framework of the implementation of the program "Digital Economy of the Russian Federation" in the direction of information security, several groups were devoted to discussing issues and the formation of development road maps related specifically to import substitution - both in terms of software and equipment. }}

{{quote 'author =
Sergey Terekhov, Director of the Information Security Competence Center of Technoserv | In fact, the tendency of import substitution from the point of view of the market itself for information protection tools did not significantly affect the market in Russia, since domestic classic information protection tools were already produced in sufficient volume to fulfill the requirements of regulators, and certification requirements appeared long before the move towards import substitution. Nevertheless, the import substitution policy allowed domestic producers to develop new segments of the information security market, develop new solutions and technologies and run them on real customers. At the moment, many Russian solutions are losing to Western ones in terms of technology and stability of work, but taking into account the Digital Economy program, I believe that this lag will decrease every year. At the moment, when the customer wants to build serious security, he still focuses mainly on Western vendors.

But from the point of view of certification of Western solutions for regulatory requirements, the path has become very difficult and even the world's largest companies are faced with the difficulties of obtaining compliance certificates. }}

The trend of import substitution was reflected in the information security market by the actively replenished register of domestic software. There are areas where Russian developers traditionally feel confident and release really competitive products - these are manufacturers of DLP systems, antiviruses. And their demand was not influenced by the story of import substitution. And there is a class of products that the new course gave an "impetus" to development - these are SIEM, IdM, WAF, IDS/IPS, SandBox, solutions for providing IC IC information security and not only. Russian products using OEM or source codes have become extremely popular. Domestic solutions are increasingly competing with Western counterparts in our market every year. Let me give an example: two years ago there was not a single Russian Sandbox class solution, and today several manufacturers offer customers their products to protect against targeted attacks. I believe that in the near future we will have a positive trend not only in increasing the number of domestic solutions, but also in expanding the functionality of existing products. 'Alexey Grishin, Director of the Information Security Center of Jet Infosystems

The share of Russian information security solutions in key industries this year has exactly exceeded 50%, and provided even the minimum stability of the Russian economy, there will be a tendency to increase this share. 'Dmitry Gvozdev, CEO of Information Technologies of the Future '

The noise around import substitution has subsided somewhat. If we talk in particular about the DLP market, I believe that import substitution has not particularly affected here before, due to the small presence of foreign players in the domestic field. Russian DLPs have always been strong and buy them not because others are prohibited, but because they better meet the requirements and tasks of customers. 'Lev Matveev, Chairman of the Board of Directors of SearchInform

2015

State organizations are ready for import substitution

The share of information security domestic products in public procurement back in 2013 accounted for 90%. Products of foreign vendors competed with domestic ones in only two categories: IDMPKI systems//SSO (43% belonged to foreign vendors) and information leakage prevention tools (83%), the report reported. "Security Code"

In 2015, the company published a report on the use of domestic information security solutions in various industries. More than 200 respondents representing information security departments were interviewed. The least Russian solutions are used by companies in the oil and gas and energy industries, the telecommunications industry. The public sector is in the lead in import substitution of information security, which uses domestic solutions by 75%. Analysts explained that the popularity of domestic products is associated with the need to comply with the norms of legislation requiring the use of certified products.

It also turned out that fuel and energy enterprises reacted to a change in the foreign policy and economic situation (fall of the ruble, sanctions, etc.) and the next year 66.6% (of the number of respondents in the industry) planned to replace foreign solutions with Russian ones. Only 20% of telecommunications companies plan to switch to domestic solutions within a period of one to three years.

The import substitution program was developed in 42% of IT companies and in 25% of government organizations. In the telecommunications, education, science, healthcare and fuel and energy sectors, such a program is developed or developed at a low pace (from 12 to 16% of companies in the industry).

A complete transition to domestic IT products (not only protective equipment) is considered possible in the distant future by 35% of respondents, 23% plan to replace all solutions with domestic ones within five years, 13% of respondents believe that this will never happen.

The main drivers for increasing the share of domestic products in information security, which are called representatives of Russian companies - certification of solutions (57%), lower cost (34%). A ban on the use of foreign solutions in the presence of Russian analogues (43%), support for domestic vendors with a ruble (33%) are the main factors that will help implement the import substitution strategy on the Russian market.

The state creates trends

The trend for import substitution is still formed by the state. The public sector is actively engaged in informatization, which requires new IT solutions, including in the field of information security. In addition, the legislative framework is "brought" under domestic vendors.

Thus, Vladimir Putin in June 2015 signed a law that provides for the creation of a register of domestic programs and the possibility of restrictions on the use of foreign software in the presence of a corresponding domestic analogue. Russian companies already account for about 50% of the software market and about 30% of sales in the hardware solutions segment.

Representatives of Russian vendors confirm: the positions of domestic companies in the field software are quite strong. The country has its own OS based on open source software (for example, GosLinux which will be installed in 40 thousand employees), FSSP office packages (multi-platform "My Office," which will appear before the end of 2015, are already ready to test 70 thousand officials), software in enterprise management systems the field of information security and so on.

"Domestic products close almost all possible niches. The question, as always, is to the functionality. According to my assessment, Russian DLP, IDM, Security Intelligence, AVZ, WAF, scanners and a number of other solutions are in no way inferior, and sometimes surpass foreign counterparts. But in the segment of network infrastructure security, our companies have room to grow, "says Valentin Krokhin, Marketing Director of Solar (formerly Rostelecom-Solar)

"Long before the appearance of the term" import substitution, "the market was actually monopolized by Russian players. Despite the presence of such large players as, Symantec Intel Security (), McAfee by 2014 the three largest vendors in the DLP field -, and, Jet Infosystems Zecurion InfoWatch occupied about three quarters of the Russian DLP market. In such conditions, the rejection of foreign products will pass almost imperceptibly, "adds the Vladimir Ulyanov head of the Zecurion analytical center.

Due to sanctions, some decisions have ceased to be sold in Russia. The increase in the price of foreign products made some of them inaccessible to a certain category of customers. If the situation in the economy does not change, then voluntary import substitution should be expected. However, the high pace of replacing imported solutions with domestic analogues should be expected only in government agencies, the fuel and energy complex and space development. Stagnation expects telecom and the financial sector, since the infrastructure of enterprises in these areas was originally built on foreign solutions that need to be serviced, updated, renewed, etc., says Andrey Golov.

New products from domestic vendors will appear in 2016

The cycle of development of domestic information security solutions takes an average of 1.5 to three years. Therefore, the peak of the emergence of new Russian ones can be expected in early 2016. The exchange rate for import substitution will lead to an increase in the domestic IT industry, but only in the long term.

Customers are not ready in droves to voluntarily abandon those solutions that have not yet paid for themselves, the depreciation period and the protection actions of which have not yet been released. The refusal will be facilitated by the actions of the sanctions countries, if they speak out for a further break in economic ties with Russia, and the alertness of domestic companies to import solutions.

"If the policy of sanctions is not tightened, then solution providers and lobbyists will still fight to preserve the" registration "of foreign solutions, if not in new accounts, then at least in old ones where products are already used. There really is a reason for this, because a sharp change in IT systems can negatively affect already debugged business processes, "says Vladimir Ulyanov.

"The Russian IT industry will not grow exactly this year, although a certain redistribution will certainly happen," said Sergei Zemkov, managing director of Kaspersky Lab in Russia, Transcaucasia and Central Asia. He predicts: if domestic IT companies can optimize their business crisis period, then in the end it will lead to growth, but not momentary.

Read also

• Overview: Security of Information Systems
• Targeted attacks
• Information security (Russian market)
• Top Trends in Information Protection
• Information Security Software (Global Market)
• Information Security Software (Russian Market)
• Information Security Software (Japanese Market)
• Protection of APCS and other threats of Norilsk Nickel. Security Unit Head Interview
• Security Service Model
• Information Security (Global Market)

Notes