Georgy Belyakov
Linxdatacenter Information Security Manager
09.08.2022

IS in scarcity: a big transition strategy

Providing IS with specialized hardware and software solutions today is complicated by problems common to the IT industry: familiar tools are disappearing and need to be quickly replaced by new ones. How to solve these problems? 

The departure of Western vendors has led to a situation where one part of cybersecurity hardware and software has become unavailable, another part will soon lose license support, and support for the remaining solutions has been terminated prematurely. This affected absolutely all segments of IS solutions, including the most common ones, many of which are industry standards.

Solution options

There are two ways out of this situation: to seek alternatives - foreign and Russian full-fledged box solutions, or to turn to open source tools, modifying them as necessary independently "for yourself".

Note that some popular Western products remain available - you can buy, install, get support, and operate them. However, there are absolutely no guarantees that they will not join the sanctions wave and revoke the license at any time.

The risks for users here are the most obvious: many IS products from leading vendors are quite expensive - you can throw a lot of money down the drain.

Russian alternatives are protected from such risks, but in the vast majority of cases they fall behind Western models in terms of functionality.

Open source products can offer a wider range of functionality and capabilities for customization, but their maintenance is not always cheaper than commercial products.

Open source pitfalls

The administration of open source solutions, let alone a whole pool of them, requires more engineering hours compared to commercial products.

During the operation of open source there are more operational errors, minor failures, situations that require intervention - there is not much documentation on such solutions. Also, the support is different: the developer's response to the client's request can either come very late, or not come at all. Additionally there is the problem of false positives, which requires a longer and deeper analysis of the event logs, configurations and conditions of the event, which with high probability can turn out to be false. In this case it may be impossible to use the services of an open source product developer.

If companies resort to the autonomy of infrastructure segments, you get several isolated IT perimeters - with this approach, the uniformity of versions of the solutions used becomes a requirement, which creates additional difficulties.

For example, ensuring consistent versions of all components is important when using multi-component software, such as SIEM, or IS specialists will drown in solving "typical" problems across the landscape.

Open source also requires careful testing after installing updates: it is advisable to do this in a dedicated environment. Otherwise, there is a risk of failure of some infrastructure component or incompatibility with other components of the IS-perimeter.

When working with open source products, you need to keep a bug and failure backlog, this compensates for the lack of documentation of open source and the speed of fixing similar bugs in the future.

It should be noted that in the case of in-house development of updates and functionality, you lose the opportunity to get updates from an open source tool developer: the company essentially starts developing its own product. On the other hand, this removes the risk of downloading an IS tool update with a bug or malicious functionality.

Money Matters

Russian commercial IS products can be quite expensive, but require less time to implement and configure, and have full technical support for further operation.

Since these are classic "boxed" products, a large staff of specialists in the company for their maintenance and improvement is not required. Their relative "completeness," even with not always satisfactory functionality, offsets the difference in purchase price in the long run.

Open source solutions, on the other hand, are cheaper to buy initially, but as they become operational they can put a serious strain on the IS budget because of the need to maintain and develop the product yourself.

The best way out is a competent analysis of your own IS needs with a combined use of domestic and open source products depending on specific tasks. It is also possible to use open source for the time of gradual planned transition to commercial domestic products to avoid large initial payments.

A new picture of the industry

Speaking of the impact of the ongoing changes on the IS direction as a whole, the following main aspects can be highlighted:

  1. Companies will have to combine Russian commercial IS solutions and open source. No one can replace the existing set of cybersecurity tools in their entirety at one time: this is a huge one-time investment. Companies will have to replace them in stages. In some scenarios, both open source and Russian commercial developments can serve as temporary solutions.
  2. Moving from a familiar IS system to a new one increases security risks. The replacement stage can lead to the complete absence of certain functionality for a certain period of time. This should be taken into account and be able to insure such risks.
  3. The IS team will inevitably adapt to toolkit updates and redesigns. It will take a lot of time and effort, potentially increasing the risks associated with human error.

The total time for an IS overhaul will depend on the scale of the IT infrastructure that needs to be protected, the size of the staff and the level of overall competence, the amount of investment in the project both in terms of finance and in terms of administrative support.

The Challenges of Transition

The first challenge lies in the configuration of the networking component. When replacing equipment that is no longer supported by the vendor, a lot of effort is spent on configuring the upgraded network.

The fact that the accumulated over the years configuration settings of network settings can be specific, and not always these settings can be transferred to new equipment.

The second challenge relates to the issues of adapting open source solutions. This process is often time-consuming - due to the lack of a well-developed support system, it is often necessary to manually explore specialized IS forums in search of a solution. And when you cannot find an answer there, you have to look for a solution yourself and bring in additional staff.

The third challenge is that prices for IS solutions and cybersecurity services from providers are starting to rise. Because of the complexity of organizing the restructuring of the IS direction, there is a growing demand for services from external providers, who turn out to be unprepared for this and are forced to raise prices for services.

Significant price growth we will see very soon, and it will be long-term in nature: in addition to business, demand for such services will arise from government IT systems and operators of CII facilities.

However, there is a positive point here - the trend will stimulate the market development of own IS solutions in terms of improving functionality and overall quality of development.

News and publications

You may also be interested in

How can we help you?
Request Demo Access
client:

BEST, money transfer and payments operator

business challenge

The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.

Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.

Solution

To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.

Thank you for your inquiry, we will get back to you shortly!