The departure of Western vendors has led to a situation where one part of cybersecurity hardware and software has become unavailable, another part will soon lose license support, and support for the remaining solutions has been terminated prematurely. This affected absolutely all segments of IS solutions, including the most common ones, many of which are industry standards.
There are two ways out of this situation: to seek alternatives - foreign and Russian full-fledged box solutions, or to turn to open source tools, modifying them as necessary independently "for yourself".
Note that some popular Western products remain available - you can buy, install, get support, and operate them. However, there are absolutely no guarantees that they will not join the sanctions wave and revoke the license at any time.
The risks for users here are the most obvious: many IS products from leading vendors are quite expensive - you can throw a lot of money down the drain.
Russian alternatives are protected from such risks, but in the vast majority of cases they fall behind Western models in terms of functionality.
Open source products can offer a wider range of functionality and capabilities for customization, but their maintenance is not always cheaper than commercial products.
Open source pitfalls
The administration of open source solutions, let alone a whole pool of them, requires more engineering hours compared to commercial products.
During the operation of open source there are more operational errors, minor failures, situations that require intervention - there is not much documentation on such solutions. Also, the support is different: the developer's response to the client's request can either come very late, or not come at all. Additionally there is the problem of false positives, which requires a longer and deeper analysis of the event logs, configurations and conditions of the event, which with high probability can turn out to be false. In this case it may be impossible to use the services of an open source product developer.
If companies resort to the autonomy of infrastructure segments, you get several isolated IT perimeters - with this approach, the uniformity of versions of the solutions used becomes a requirement, which creates additional difficulties.
For example, ensuring consistent versions of all components is important when using multi-component software, such as SIEM, or IS specialists will drown in solving "typical" problems across the landscape.
Open source also requires careful testing after installing updates: it is advisable to do this in a dedicated environment. Otherwise, there is a risk of failure of some infrastructure component or incompatibility with other components of the IS-perimeter.
When working with open source products, you need to keep a bug and failure backlog, this compensates for the lack of documentation of open source and the speed of fixing similar bugs in the future.
It should be noted that in the case of in-house development of updates and functionality, you lose the opportunity to get updates from an open source tool developer: the company essentially starts developing its own product. On the other hand, this removes the risk of downloading an IS tool update with a bug or malicious functionality.
Russian commercial IS products can be quite expensive, but require less time to implement and configure, and have full technical support for further operation.
Since these are classic "boxed" products, a large staff of specialists in the company for their maintenance and improvement is not required. Their relative "completeness," even with not always satisfactory functionality, offsets the difference in purchase price in the long run.
Open source solutions, on the other hand, are cheaper to buy initially, but as they become operational they can put a serious strain on the IS budget because of the need to maintain and develop the product yourself.
The best way out is a competent analysis of your own IS needs with a combined use of domestic and open source products depending on specific tasks. It is also possible to use open source for the time of gradual planned transition to commercial domestic products to avoid large initial payments.
A new picture of the industry
Speaking of the impact of the ongoing changes on the IS direction as a whole, the following main aspects can be highlighted:
The total time for an IS overhaul will depend on the scale of the IT infrastructure that needs to be protected, the size of the staff and the level of overall competence, the amount of investment in the project both in terms of finance and in terms of administrative support.
The Challenges of Transition
The first challenge lies in the configuration of the networking component. When replacing equipment that is no longer supported by the vendor, a lot of effort is spent on configuring the upgraded network.
The fact that the accumulated over the years configuration settings of network settings can be specific, and not always these settings can be transferred to new equipment.
The second challenge relates to the issues of adapting open source solutions. This process is often time-consuming - due to the lack of a well-developed support system, it is often necessary to manually explore specialized IS forums in search of a solution. And when you cannot find an answer there, you have to look for a solution yourself and bring in additional staff.
The third challenge is that prices for IS solutions and cybersecurity services from providers are starting to rise. Because of the complexity of organizing the restructuring of the IS direction, there is a growing demand for services from external providers, who turn out to be unprepared for this and are forced to raise prices for services.
Significant price growth we will see very soon, and it will be long-term in nature: in addition to business, demand for such services will arise from government IT systems and operators of CII facilities.
However, there is a positive point here - the trend will stimulate the market development of own IS solutions in terms of improving functionality and overall quality of development.
BEST, money transfer and payments operator
The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.
Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.
To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.
Thank you for your inquiry, we will get back to you shortly!