Import Substitution in Digital Security: How Businesses Can Choose an Alternative

Which segments of the Russian IS market can be trusted

Many Russian-made information security solutions have long been used in the Russian market. They have been tested for reliability and efficiency and are trustworthy. These are cryptographic protection, antivirus and DLP solutions, intrusion detection tools both at the network level and on customer workstations. But there are some segments in the IS industry, where, at the moment, additional studies are required for the implementation of Russian-made solutions. Such segments include network access control (NAC), zero trust network architecture (ZTNA) and workstation management with remote access. Solutions in these segments still need to be improved and tested. The situation is similar for firewalls. Despite the fact that they are well represented in the Russian market, their performance is sometimes not as high as we would like it to be.

Shifting from Western-made to Russian-made solutions is quite a long process. It may take up to one year or more in some segments. And the process is gradual: without completely shutting down Western-made solutions, Russian-made solutions are implemented. This entails difficulties in scalability and compatibility of solutions.

They arise since many Western vendors (including Cisco, Check Point and Fortinet) have built entire ecosystems of their products with out-of-the-box compatibility. Despite the fact that some of their solutions still remain in the Russian market and are applied in the transition to Russian solutions, this ecosystem will have to be replaced by a technology partnership between Russian vendors. This is where the problem of compatibility of Russian solutions with each other, as well as the integration of Russian-made solutions with the remaining Western-made solutions that are still in use in companies, comes up.
To solve the problems of different solutions working together, it is necessary to carry out preliminary testing on a showcase, where you can deploy products from several manufacturers. In direct interaction with the manufacturer, such testing can help find common ground between solutions, adjust them and develop them to meet specific business objectives. This work is easier to handle if you entrust it to system integrators, the best of which were identified by CRN/RE in March this year.

Reallocation of the IT budget: what companies should expect

After the pandemic, the information security market managed to recover quickly enough, but it saw reallocation of funds in favor of cloud solutions and information security tools for remote work. On top of that, due to the current situation, companies will have to reconsider their IT budgets as many Western-made solutions will need to be replaced. They will have to re-pilot, test and select solutions (see what alternatives to Western-made solutions are available for integration in the memo).
A trend in cloud solutions may change. Most companies are about to go back to their in-house or leased data centers or shift to Russian-made cloud solutions. These are important points to consider in your IT budgets too.

Growth in demand for IS solutions

In March this year, representatives of system integrators, including ICL Group, noted an increase in demand for IS solutions, as targeted attacks on businesses do not stop for a single day. So, even those who were not interested in information security before have now appreciated its importance. Apart from that, due to the imposition of sanctions and the reduced availability of computer hardware, most companies are trying to buy the equipment that is still available on the market, in particular, from Russian vendors. This is an important step that businesses can take now to ensure they have the computational capacity to build cyber defenses in the future.

In general, the current environment has not affected the need for information security, which existed in previous years. It is still necessary to comply with all requirements of regulators in the IS industry, even though this year the Federal Service for Technical and Export Control (FSTEC) of Russia canceled scheduled licensing supervision inspections. However, the deadline for implementation of the legislation of the Russian Federation has not changed: all CII objects must shift to domestic software by 2025. For that reason, even when your business does not draw much attention, you should continue your systematic work on IS: you can arrange an independent audit and eliminate all deficiencies, carry out a categorization of the CII, implement domestic IS systems and determine an IT outsourcer for their support.

We can say that the legislation in the field of security of CII objects has become a driver in implementation and development of domestic software for information security. Previously, this issue was addressed mainly by large companies and industrial enterprises, but now small companies are attacked too. They will also have to complete categorization of CII objects and build their security in accordance with the legislation of the Russian Federation.

How to protect your business from DDoS attacks

According to analytical data from «Kaspersky Lab», in March 2022 DDoS attacks were 54% more frequent than in February. And compared to March 2021, there are almost eight times as many. According to StormWall, they mainly originate from the United States (28.9%) and the European Union (46.7%). This amount of DDoS attacks is understandable, as it is a type of attack that can be carried out by low-skilled attackers using the instructions posted on the web. It is worth implementing a number of priority measures in order to protect your business.

Firstly, you need to make a cooperation agreement with your ISP. This will help keep you safe from attacks that «clog» communication channels and access to the Internet. Secondly, we need to carry out an audit of resources that are on the perimeter and are available on the network to update and strengthen their protection. For example, set up black and white access control lists, restrict access from Western countries if this does not affect your business and set limits on the number of requests on devices. Once these steps have been completed, you can begin to implement dedicated DDoS protection tools, such as a web application firewall technologies or WAF (note: WAFs protect against complex attacks and search for vulnerabilities on the website).

However, even using well-configured defenses, there is no way to avoid «intrusion» into the network if company employees do not follow basic cyber hygiene measures. It is employees that may, after a phishing attack, become threat sources and channels for threat penetration into the company’s network, so it is important to carry out activities to raise the employee awareness in information security. For example, Hive Systems analysts believe that in 2022 the minimum for a strong password is 16-18 characters, and a regular 8-character password can be hacked in 39 minutes at the very least. Therefore, apart from the implementation of multifactor authentication on personal devices, it is worth using automated means of training and testing the employee awareness in information security. They can be purchased and deployed at your company. A good practice is to carry out your in-house drills with company-wide phishing emails to find out which employees actually make a mistake, such as clicking on a link and falling for a fraudster’s suggestions. Such consulting services for employee training can also be provided by system integrators.

Substantially, the interaction that is now forming between Russian businesses and the IT companies that provide information security services to them will have a positive impact on the IT industry. If all the steps to be taken are reasonable, effective and financially affordable, they may have a positive impact on the ability of the Russian IT market to withstand external pressure.