Information security systems development
The task of developing information security protection systems is set before companies around the world, because the volume and severity of information threats is constantly growing. To a greater extent, they are exposed to state information systems (GIS), process control systems of industrial enterprises, banking systems, databases of personal data operators. This gives rise to a systemic demand for the services of companies capable of offering the market a high-quality and effective software product in the field of information security.
Market of services for the development of information security systems
On the Russian market of services for the development of information security systems, foreign and national solutions are presented, quite often the development of such information security systems starts from scratch, according to the needs of the customer. As of the end of 2018, the market for the development of information security systems in Russia amounted to 79.5 billion rubles, and it will grow by 10% annually.
The main customers on the information security systems development market are:
- government organizations interested in the implementation of integrated information security systems that are integrated into the national information system;
- banks and financial institutions;
- educational and health care institutions;
- organizations of medium and large businesses that need to protect confidential information.
Global companies, such as Gazprom or NOVATEK, prefer to create their own development teams, hiring outsourcers only to solve particular problems of building an information security system.
Development market growth is based on:
- an increase in the number of cyber threats;
- clarification and specification of regulatory requirements;
- direction towards the digitalization of society, within the framework of the Digital Russia project and its subprograms to combat cyber threats, within the framework of which the development of the information security market and the creation of several large world-class players are envisaged.
The largest revenue growth was shown by the following companies:
- Kaspersky Lab, but the data on it is not entirely correct: the company does not distinguish revenue in the Russian and foreign markets in the global reporting; in 2018 it earned 45.5 billion rubles;
- Softline received 15.8 billion rubles, increasing its revenue by 7.5%;
- the company "Informzashita" 8 billion rubles;
- InfoTeX - 4.6 billion rubles;
- ICL Group - 4.2 billion rubles;
- Krok - 3.6 billion rubles;
- Aquarius - 2.5 billion;
- Lanit - 2.5 billion rubles.
The main feature of the information security development market is a shortage of personnel among software companies; employees are being washed out by foreign businesses and major Russian corporations. The second serious issue is the underdevelopment of the information base in the development of information security systems and the frequent change in positions and requirements of regulators. As a result, unfinished and patchwork products are brought to the market, which do not represent integral information security systems. Companies are not installing a single solution ready to repel threats, but several products of different plans, difficult to manage and conflicting with each other. This creates problems in terms of hiring qualified personnel and in terms of increasing the cost of technical support. Integral solutions for information protection are developed for state information systems according to a special technical assignment.
The import substitution trend turns out to be the main factor regulating the market, foreign manufacturers are gradually leaving, it is easier for state-owned companies to hire a domestic developer, whose services are about 10-15% cheaper.
Against this background, Rostelecom proposed to place the development of security technologies in the field of information security on the Internet under full state control. Within the framework of the project worth 260 billion rubles, it is proposed to develop:
- a platform for collecting a user's digital footprint on the Internet;
- content recommendation systems;
- domestic messenger, browser and mobile operating system (OS).
Within the framework of creating an information security system, the tasks of protecting the population from the influence of foreign means of manipulating public consciousness are being solved. The task of implementing the program is not an attempt to limit the spread of public opinion in the country, but preparation for the systematic creation of problems from the outside.
State regulation of activities for the development of information security systems
The importance of protecting confidential information prompts the state to regulate its development. Within the framework of the federal law "On Information, Informatization and Means of Information Protection", the main formats of state regulation are determined:
- control of public relations associated with the search, transmission, dissemination of information;
- development of IS for various purposes;
- ensuring the security of the Internet, protecting information from outside penetration;
- ensuring information security of children.
As part of solving the problem of controlling the development of information security systems and protecting confidential information, the state licenses activities to create information security systems and organizes their certification. This function provides business and citizens with an understanding of which information protection tools do not have undeclared capabilities and provide the highest level of security.
Technical requirements for the development of information security systems are reflected in GOSTs, the basis for which are international standards. A list of licensed organizations and certified protective equipment can be found on the website of the FSTEC of the Russian Federation, which has been delegated the authority for state regulation in this area.
Among the growing requests in the field of information security systems development:
- domestic DLP and SIEM systems that monitor incidents and protect the company's information perimeter from leaks of confidential information;
- protection systems for automated control systems (ACS) from external intrusion into the network and theft of information contained in them and virus infection;
- complex GIS protection systems;
- network health monitoring tools.
Comprehensive state policy in the field of information security protection allows you to certify the best foreign solutions and promote the development of domestic ones.
New ideas and technologies
Every year new offers from young and growing companies in the field of information security appear on the market. Experts name the following interesting options for the last two years.
SilentDefense (Security Matters)
The software product of the company from the Netherlands is considered one of the best in the field of ICS and SCADA systems protection, responsible for the high-quality work of the process control system. He is able to detect external intrusions. The product integrates with ACS and is also used at the interface between ACS and office networks to create dedicated sectors for secure information exchange.
If the ACS is based on open modern solutions, the software is ready to perform the following functions:
- work with ACS based on 13 open industrial protocols (Modbus TCP, Ethernet / IP, OPC DA / OPC AE, IEC 104, IEC 61850 (MMS, GOOSE, SV), ICCP, Synchrophasor, DNP3, BACnet, ProfiNet) and proprietary protocols : ABB (800xA, AC 800M, AC 800F), Siemens (Step7, Step 7+), Emerson (Ovation, DeltaV), Honeywell, Yokogawa (VNet / IP), Rockwell;
- transfer information to office SIEM systems;
- identify undeclared protocols for transmitting and receiving information, changes in software or commands transmitted from an unknown source;
- identify information security incidents initiated by insiders;
- inventory the network, identify the actual location of devices connected to it, build a network map.
The solution is suitable for industrial enterprises where the process control system is in the threat zone.
mGuard (Phoenix Contact)
Another product that is relevant for manufacturing enterprises. Created in Germany, whose industry has suffered from constant hacker attacks and information leaks for several years. It is an industrial router with implemented firewall function. It helps secure remote connections, monitors network traffic, and secures the network perimeter in a decentralized manner.
For Russian industrial enterprises concerned with information security, the product's advantage will be:
- the ability to work in stealth mode;
- DPI industrial protocols (OPC, Modbus TCP);
- industrial version with installation on a DIN rail and an extended range of operating temperatures, as well as marine version;
- support for GPS / GLONASS, which is important for movable objects in the Russian space.
- The return on the solution will increase if it is used in combination with other information security products.
TrapX Deception Grid (TrapX)
The software was created in Israel and provides protection against targeted (targeted) attacks on the company's information network.
Multifunctional solution, which includes:
- means for placing and managing network health scanners and decoy tokens;
- means of individual launching of processes ("sandbox");
- analyzer of incoming and outgoing traffic information;
- antivirus that works most effectively with encryption ransomware;
- system of event correlation and group processing of incidents.
The solution is useful for organizing monitoring of emerging internal and external threats and will help build a comprehensive security model.
It allows you to implement the following protection strategies:
- "signaling network" technology to protect IP from zero-day exploits and targeted attacks (APT) without the use of software agents and signatures installed on the network nodes. The mechanism works by placing hidden traps and decoys in the system, during an attack, the security service is notified and the compromised device is isolated;
- traps imitating various IT objects (servers, workstations, SCADA devices, network equipment), during an attack, an attacker finds himself in a situation of a virtual “minefield”.
An effective solution will be in the structure of an integrated information security system of a company, bank or financial institution as protection against targeted attacks, blind spots at the junction of various information security systems. It can be used to protect industrial control systems.
Safetica DLP (Safetica)
A product from the Czech Republic due to the possibility of implementation in just 8 weeks and an advanced mechanism of contextual information filtering. The product is modular, you can purchase only one of the modules and, if necessary, further enhance the protection.
- Auditor, records all actions of personnel in relation to confidential information;
- Supervisor tuned to improve the efficiency of the organization's business processes;
The product is capable of:
- identify attacks based on social engineering methods;
- track changes in employee behavior and activity and dangerous trends in the use of confidential information;
- control the mobile devices of employees involved in the corporate environment.
Thycotic Secret Server (Thycotic)
The American product allows you to manage accounts and store "secrets" in encrypted form - a combination of login, password and session connection parameters.
- automatically finds privileged accounts;
- changes passwords and SHH keys according to a specified schedule (used to identify a client when connecting to a server via SSH).
There is a behavioral analysis module that makes it possible to build graphical relationships between users and account data and to identify deviations in the behavior of users with the maximum level of privileges when using confidential information.
A free version has been released for small companies with the ability to connect up to 25 users. The software product has a Russian-language version, technical support is also provided in Russian. The program is easy to install and easy to use, this is due to the desire of the manufacturer to promote its product on the Russian market. The software often releases updates, adjusting to the needs of users in the field of information security.
Virtual Data Room, Digital Rights Management (Vaultize)
The product created by Indian developers helps to protect the workflow. The VDR / IRM solution contains a document and information protection module that works not only in the local network of an enterprise, but also after downloading a document to a user's laptop or mobile device. Controls the use of access rights to documents regardless of the form of their presentation.
Skybox Security Suite (SkyBox Security)
A joint product of programmers from the USA and Israel. It is an analytic solution that identifies and optimizes network security management biases. It can be used to customize the IT infrastructure vulnerability management process. FSTEC RF certification allows the product to be used to protect personal data and other information of a high degree of confidentiality.
Among the most interesting features:
- building a network map with all objects and connections, the ability to simulate configuration changes;
- automatic changes to settings;
- detecting the workload of firewalls, changing their settings.
The advantage of the product is the ability to see in real time everything that happens to the network nodes, control all settings, visualize the network map. The program is capable of supporting up to 100 devices simultaneously. Information about network vulnerabilities comes from 25 sources, one of them is the developer's research center in Israel. In the Security Policy Management (Firewall Management) class, this is one of the few foreign software solutions for information security that are certified by the FSTEC of Russia.
Securonix SNYPR (Securonix)
The American solution provides monitoring of network health and information security incidents. The system analyzes user behavior and, based on deviations, draws conclusions about the presence of anomalies. The program will not only find a user with behavior similar to a deliberate attack on the integrity and confidentiality of information, but also identify targeted external attacks by identifying their source.
The model of the information security system is based on big data analysis technology, while more than 400 products from other developers, social networks, and unstructured data are used for analysis.
The most effective product will be for large companies, it will identify an information security incident, provide the data necessary to investigate it and bring the culprit to justice. He will be able to detect unauthorized use of administrator accounts, the fact that passwords have been transferred to other employees, and other options for unauthorized access to the network and to protected data.
SolidWall WAF (SolidSoft)
One of the successful Russian solutions aimed at simultaneous:
- network health monitoring;
- detection and blocking of network attacks;
- control of user activity.
- network protection implemented at a high level, effective against standard attacks and targeted, complexly designed actions;
- monitoring the performance of network nodes;
- control of user activity.
Resource saving is provided by the system of protection against false alarms at an early stage of diagnosis. The program has a built-in mechanism for analyzing the logic of user behavior. The program will protect critical resources from network attacks, easily integrates with network scanners Syslog, SQL, SNMP, REST API. There are ready-made schemes for integration with HPE ArcSight, IBM Qradar, Splunk, Zabbix.
Active Bot Protection (Variti)
Another national product that guarantees protection against external attacks of any type. He specializes in detecting attacks using botnets, has tools for identifying bots by IP. Will be a successful solution for protecting e-commerce resources.
Boutique and proprietary information security solutions are often no less effective than global ones if the threat model developed for the organization does not allow solving general problems, but protecting against specific risks. In the case when the development of information security systems is carried out from scratch, the degree of protection will be higher.