NGFW in Russian is high fault tolerance, intrusion prevention and performance architecture

International cybersecurity festival Positive Hack Days 12 started with a round table “NGFW in Russian” with representatives of Russian vendors: Positive Technologies, UserGate, RTK-Solar and Security Code. The topic was not chosen by chance. As Director of the Cybersecurity Department of the Ministry of Digital Development Vladimir Bengin said at CISO-FORUM 2023, the lack of NGFW is one of the main problems in the information security market today. Russian developers are also aware of the particular importance of the problem.

“So far, clients are only taking cautious steps, planning to pilot NGFW. And by 2025, when companies begin to implement the decree on import substitution and switch to domestic software, the picture will change dramatically, and the market will be redistributed among the players,” says Denis Korablev, Managing Director, Product Director of Positive Technologies. “At PHDays 12, we are presenting an early version of our NGFW, which is already demonstrating a technological potential comparable to Western counterparts and even surpassing them. In addition to the technological component, an important difference between PT NGFW lies in our expertise as a vendor: this is 20 years of experience of the strongest offensive (PT SWARM) and defensive (PT ESC) teams that detect unique modern threats, write signatures based on them and share them with community”.

Denis Batrankov, Head of Network Security at Positive Technologies, added that some vendors rely on open source to develop solutions.

“For example, the company uses iptables, nDPI, Suricata, Snort programs and, on their basis, completes its management system,” said Denis Batrankov. – Or developing a product that is not tied to the TCP / IP protocol stack on Linux, but this takes a long time and requires high expertise of programmers who can write highly loaded systems and their own signatures. Both those and other companies are present on the market.”

Positive Technologies experts came to the conclusion that the correct NGFW is one that is completely invisible to the end user, but at the same time reliable, like a Swiss watch. This can be achieved, according to Positive Technologies experts, thanks to fault tolerance and a high-performance core.

RTK-Solar Network Solutions Portfolio Director Alexander Barinov added that it was also important for them, as developers, “to quickly implement the basic functions of NGFW to cover the main scenarios of large business, primarily to protect the network perimeter and its segmentation. Therefore, in the first version, we focused on real customer requests, and not on reproducing hundreds of features of foreign vendors. We took our SWG Solar webProxy as a basis, which made it possible to shorten the time for bringing NGFW to the market as much as possible.”

According to Alexander Barinov, the first version of the product included intrusion detection and prevention capabilities, a high-performance architecture, and a modern web interface with automation of routine operations. The signature source for IPS is the Solar JSOC Cyber ​​Attack Center, which employs 600 cybersecurity experts. By the end of the year, it is planned to implement speeds of 100 Gb / s and full-fledged centralized management.

Pavel Korostelev, Head of the Security Code Product Promotion Department, in turn, said that when developing their own NGFW, their initial task was to make the network infrastructure of clients as secure as possible: provides protection of the perimeter, communication channels and remote access. Around this core, another security loop is formed, where related tasks are solved, including segmentation of a virtualized network, intrusion detection within it, as well as logical network segmentation without affecting the topology at the node level.

At the same time, UserGate Development Manager Ivan Chernov drew the attention of the roundtable participants to the fact that the current developers of Russian solutions have already significantly increased their market share: times, and the trend towards a multiple increase in interest in our products continues. Only last year in the NGFW segment, UserGate implemented more than 2.5 thousand projects, their unit cost is also growing strongly – customers who are convinced of the effectiveness of our solution add more and more new tasks. The number of workstations protected by UserGate today is already in the millions, which is a very significant part of the entire fleet of corporate computers in Russia. The mission of UserGate NGFW is to put effective cybersecurity tools directly into the hands of users, security control should be on the side of customers and belong only to them.

It should be noted that all participants of the round table are confident that they will be able to cope with Chinese products, which are actively entering the still free niches of the Russian market. What the landscape of the NGFW market will look like in the end is an open question.