Yandex Cloud Detection and Response (YCDR)

Main article: Security Information and Event Management (SIEM)

2025: Yandex.Cloud enters the market of situation control centers for information security

Yandex.Cloud"" On April 9, demonstrated the work of the company's developed cloud incident detection and response service called Yandex Cloud Detection & Response (YCDR). It allows companies to rent an information security management center (Security Operation Center -) in the cloud SOC. However, so far the company is only accepting applications for testing, and a full launch is scheduled for the end of the second quarter, when the company will implement the pilots.

SOC from the cloud (SOCaaS) is designed to allow companies to control the security of the cloud and corporate infrastructure and respond to events. However, at the first stage, YCDR will work only with resources that are located at the Yandex.Cloud facilities, the company said. After a while, it will be possible to collect information from the customer's corporate infrastructure. Further, the company plans to realize the ability to receive events from other clouds, which will allow YCDR to work in a multi-cloud configuration.

𝓲

Фото: Yandex.Cloud

The core of YCDR is Security Data Lake - a "lake of data" about security events, where all information related to the protection of cloud and corporate infrastructure is collected. The analysis of this "lake" is carried out by the information security event management system (SIEM), which was developed from scratch by Yandex employees. It was created for the company's own SOC, and when services are connected, YCDR will also become available to customers. Moreover, special artificial intelligence technologies have been developed to analyze a large amount of lake data.

The result of YCDR is warnings about possible security incidents, as well as various reports on the security status of the company's corporate resources and their cloud part. Getting SOCaaS will help the company quickly monitor information security events, which does not rule out building its own incident response center over time.

The company also announced the update of two other services: Yandex Security Deck and Cloud Desktop, which received additional security functionality thanks to integration with YCDR. In particular, YCDR analytics and reporting will be available on the Security Deck cloud services security platform.

𝓲

Фото: Yandex.Cloud

One of the first in the field of SOCaaS in Russia was Softline, which in 2020 launched a service based on the Microsoft Azure Sentinel product, but now it is difficult to use it. In Russia, SOCaaS services are now provided by Usergate in the form of the Security Operations Center service. Also, services of a similar class can be obtained from 1cloud under the general name "Information Security Monitoring Center." Another example of SOCaaS services is Smart SOC, which can be obtained from Step Logic.

The Russian market can be called quite mature, there are players for different segments of customers, - said Evgenia Khamrakulova, head of business development at the Solar JSOC Cyber ​ ​ Attack Counteraction Center of Solar Group. - There are companies with many years of experience in providing SOC service with already built processes, and there are new SOCaaS, which are still at the beginning of the journey. In fact, SOCaaS serves information security divisions of companies. On the one hand, one of the problems remains a lack of resources to build your own SOC. On the other hand, the financial capabilities of information security services may increase or decrease in accordance with business development.

Although the solutions offered by Yandex.Cloud are new to the market, in fact they have already been worked out during the protection of the infrastructure of the company itself, the services of which are used by a large number of customers. That is, as a participant in the Yandex.Cloud market, it is a new player, but as a technology company it can be considered mature.

The Russian cloud SOC market is actively developing, especially in recent years, "Alexander Boyarsky, SOC Development Director at K2 Cybersecurity, shared his data with TAdviser. - This is due to the complication and growth of the number of cyber attacks, the need to comply with regulatory requirements. According to our joint study with Kaspersky Lab, 44% of companies using SOC choose a service model. 41% of companies among those planning to implement SOC in 2025 also choose SOCaaS. All this confirms the high demand for such solutions. The main drivers are the availability of highly qualified specialists, advanced technologies and the ability to quickly deploy.

And if we consider that in the process of import substitution, quite a lot of information systems were transferred to Russian clouds, then their protection and response to security incidents in them are very popular services. If cloud operators themselves begin to provide services to protect their clouds and corporate infrastructure, then such a set of services may be in great demand in the current market conditions.

The main users of cloud SOC services are often organizations in which there is a shortage of specialists or budget restrictions have been set, "commented Anton Alexandrov, director of business development at Cloud Networks, on the SOCaaS market. - These services are also common for customers who prefer OPEX. As far as we can tell from the dynamics of the last few years, in the near future SOCaaS will continue its development within the Russian market and will remain one of the most popular services. Nevertheless, for the above reasons, the demand for the classic version of SOC may decrease due to the emergence of new services.

Indeed, moving a significant portion of companies' resources to the clouds can also lead to changes in the SOC market that protect this infrastructure. Classic SOCs may not have enough competencies to protect companies' cloud resources at the proper level. Therefore, SOCaaS specialists who have more competencies in protecting cloud resources can find their niche in the commercial SOC services market.

𝓲

Фото: Freepik

Users of SOC services are mainly large companies with developed IT infrastructure and digital services, but do not have sufficient resources, time or expertise to effectively counter current cyber threats, said TAdviser Volodymyr Dmitriyev, deputy director of the security expert center of Positive Technologies. - Such companies usually turn to cloud SOCs to monitor security events (collection and storage of logs), analyze them (detection of anomalies and attacks) and respond to confirmed incidents to neutralize the actions of attackers and prevent damage. Also in demand are services to protect web applications and communication channels from DDoS attacks, attacks on applications, as well as protection against threats in network traffic.

Now YCDR has a limited set of functions, but it has good development prospects and opportunities for the implementation of the most demanded services.

The most popular SOC services include monitoring, response and incident management of information security, - Alexey Kubarev, director of information security at T1 Cloud and T1 Integration, shared his observations with TAdviser. - AI and ML tools will be more actively used in SOC platforms. Basically, SOC services are used by companies from the field of finance, power, telecommunications, retail, fuel and energy complex, as well as IT integrators and cloud solution providers, including SOC as part of an integrated security system. Customers from the SMB segment who do not have the opportunity to build their own SOC, but there is a need for monitoring and responding to information security incidents, are increasingly interested in cloud SOC.