Cybersecurity is looking for OS – Newspaper Kommersant No. 186 (7387) of 10/07/2022

In 2022, companies that massively switch to Russian software and operating systems (OS) have increased demand for their integration with vulnerability management tools, Positive Technologies found out. Most of these products were developed for foreign systems, such as Windows, and adaptation to domestic OS based on Linux will be costly, market participants admit.

Kommersant got acquainted with the Positive Technologies report on changes in the construction of the vulnerability management (VM) process in 2022. It follows from the report that in 2022 more companies began to use open source solutions for security: in 2020, 26% of companies used it on their networks, this year – 43%. Representatives of IT companies, the public sector, financial institutions, the fuel and energy complex and industrial companies participated in the survey – a total of 200 thousand people.

The trend of transition to open source is also confirmed by the Citilink survey (Kommersant has it), conducted from July to early August in 280 companies. It follows from it that 48% of respondents are ready to switch to products of domestic manufacturers, including domestic operating systems Astra Linux, BaseAlt and Red OS (developed on the basis of open source Linux).

Now Russian companies are massively switching to Russian software and OS, transferring assets important from the point of view of business processes to them, Anastasia Zueva, Senior Manager for Development and Promotion of MaxPatrol VM, Positive Technologies, says: “In particular, for public sector companies and organizations, related to critical information infrastructure (CII), there is a requirement to switch from information security tools from unfriendly states by January 1, 2025.

But, according to her, now on the market “there is a shortage of VM tools that support the search for vulnerabilities in the OS and software of Russian production that are gaining popularity.”

The need to install VM solutions on Russian operating systems is seen by 42% of companies surveyed by Positive Technologies, 51% want to get support for scanning domestic OS and software. Pavel Korostelev, Head of Product Promotion at Code of Security, says: “If a company has developed a product under Windows, it will be expensive to quickly “move” to Linux. In addition, it is necessary to maintain the compatibility of the VM with not one, but several Russian operating systems.

In 2021, the volume of the market for protective equipment in Russia as a whole was 186 billion rubles, according to the Center for Strategic Research, and to a greater extent accounted for by foreign vendors. But by 2026, their share may be reduced from 73 billion to 23 billion rubles. (see “Kommersant” dated August 2), including due to the departure of Russian manufacturers’ competitors from the market: since the beginning of the military operation in Ukraine, IBM, Cisco, Fortinet, ESET and other vendors have left Russia. At the same time, attacks on Russia’s information systems only intensified, in particular, this was facilitated by the aggravation of the conflict and the announcement of partial mobilization in Russia on September 21 (see “Kommersant” dated October 4).

As a rule, either OS developers who are facing difficulties or customers who are switching to a new OS act as a catalyst for integrating protection solutions with the OS, says Sergey Vasiliev, Deputy General Director of JSC NPPKT (develops the OSNOVA OS, etc.) Sergey Vasiliev: “They need to provide the functioning of the ecosystem of third-party software used in their day-to-day activities.” Domestic means of protection are not suitable for all Russian solutions, admits Roman Mylitsyn, head of advanced research at Astra Group:

“The main difficulty is to coordinate the development of products and the synchronization of the release of updates, it is important to agree on the implementation of compatibility work even before the release of new releases.”

The safety of work should be ensured primarily not by external means, but by the means of the OS itself, Alexey Smirnov, Chairman of the Board of Directors of Basalt SPO, is sure. For this, he notes, the FSTEC has developed requirements for safe development.

Tatyana Isakova