Ruslan Rakhmetov, Security Vision
The market for information security tools and cybersecurity services has been actively developing for 30 years, but in the last 5-6 years, development has become rapid due to the spread of remote work, increasing digitalization, and increasing tension in cyberspace. Consumers face difficulties in choosing a suitable security solution - unclear criteria of functionality for new information protection systems, confusion with classes and types of IPS, regularly appearing "revolutionary" technologies and all new abbreviations interfere. In this article, we will talk about the available classifications of security solutions and services, give examples of such a taxonomy, and discuss the principles of choosing suitable products.
According to the methodology of the research company Gartner, IT and information security technologies go through the so-called "HYPE cycle" as part of their life cycle, which includes the following stages:
• Innovation Trigger - the emergence of a new technology and the gradual growth of interest in it;
• Peak of Inflated Expectations - the emergence and widespread discussion of the first successful and failed technology implementation projects;
• The abyss of Disillusionment - a decrease in interest along with the lack of results from the use of technology, manufacturers are leaving the market, but those who remain continue to develop the technology;
• Slope of Enlightenment - the next generations of products are emerging, understanding and examples of effective technology application are growing;
• Plateau of Productivity - mass adoption of technology, the emergence of clear criteria for evaluating products, technology manufacturers demonstrate sustainable profitability.
As a result, technology development can be represented as an S-shaped curve - for example, for AI in 2025, in Gartner's vision, it looks like this.
Gartner publishes its market reviews, Magic Quadrant, and descriptions of the functionality and various scenarios for using the technology (Critical Capabilities). Gartner classifies the following types of information security products and services into the "IT Security" category:
• Access Management (AM)
• Adversarial Exposure Validation (AEV)
• API Protection
• Application Security Posture Management (ASPM)
• Application Security Testing (AST)
• Backup and Data Protection Platforms
• Backup as a Service (BaaS)
• Brand Protection
• Business Continuity Management Program (BCM)
• Certificate Lifecycle Management (CLM)
• Cloud Security Posture Management (CSPM)
• Cloud Web Application and API Protection (WAAP)
• Cloud-Native Application Protection Platforms (CNAPP)
• Continuous Controls Monitoring (CCM)
• Cyber Asset Attack Surface Management (CAASM)
• Cyber-Physical Systems (CPS) Protection Platforms
• Data and Analytics Governance Platforms (D&A)
• Data Loss Prevention (DLP)
• Data Security Platform (DSP)
• Data Security Posture Management (DSPM)
• Digital Communications Governance and Archiving (DCGA)
• Disaster Recovery as a Service (DRaaS)
• Email Security
• Endpoint Protection Platform (EPP)
• Exposure Assessment Platforms (EAP)
• Extended Detection and Response (XDR)
• External Attack Surface Management (EASM)
• File Analysis Software
• Governance, Risk and Compliance (GRC)
• Identity Governance and Administration (IGA)
• Identity Threat Detection and Response (ITDR)
• In-App Protection
• Insider Risk Management
• Integrated Risk Management (IRM)
• IoT Security
• IT Resilience Orchestration (ITRO)
• IT Risk Management (ITRM)
• IT Vendor Risk Management (IT VRM)
• Managed Detection and Response (MDR)
• Managed Security Services (MSS)
• Medical Device Security
• Mobile Application Management (MAM)
• Mobile Application Security Testing (MAST)
• Network Access Control (NAC)
• Network Detection and Response (NDR)
• Network Firewalls
• Network Management
• Network Sandboxing
• Network Security Microsegmentation
• Online Fraud Detection (OFD)
• Password Management (PM)
• Privileged Access Management (PAM)
• Remote Isolation Software
• SAP Security Software
• Secure Access Service Edge (SASE)
• Secure Enterprise Browsers (SEB)
• Security Awareness Computer-Based Training
• Security Consulting Services
• Security Information and Event Management (SIEM)
• Security Orchestration, Automation and Response (SOAR)
• Security Service Edge (SSE)
• Security Threat Intelligence Products and Services
• Software Supply Chain Security (SSCS)
• Supply Chain Planning (SCP)
• Third-Party Risk Management Technology (TPRM)
• Threat Modeling Automation
• User Authentication
• Vulnerability Assessment
• Workload Identity Management
However, Gartner classifies security products and services according to its market vision. From the point of view of standardization of such a taxonomy, analytical work was done by the European non-profit organization for cybersecurity (ECSO), which in 2021 released the document "A Taxonomy for the European Cybersecurity Market: Facilitating Market Defragmentation" ("Taxonomy of the European Cybersecurity Market: ensuring market defragmentation"). This publication provides an overview of the information security market, existing regulations, standards and frameworks in order to classify various information security services and IPS to avoid confusion. As a result, the following classification of solutions was implemented in accordance with the five key information security objectives described in the NIST CyberSecurity Framework (CSF):
The task of classification and taxonomy in the field of information security is also handled by the European Joint Research Center (JRC), on whose website you can find some definitions of terms and trends in the field of cybersecurity.
The classification of information security systems and IPS is also carried out by private foreign companies and vendors:
1. TAG Infosphere offers its own taxonomy of security solutions and services, dividing them into 20 areas with 5 types of products/services each;
2. Momentum Cyber Investment Bank is fully focused on the cybersecurity industry, therefore it issues financial reviews of the cybersecurity market and has formed its own CYBERscape 4.0 framework, in which cybersecurity solutions and services are divided into 12 sectors and 62 subsectors;
3. The CyberEdge Group research and consulting company regularly publishes reviews of the international state of the information security market, and in the latest report it provides its classification of cybersecurity solutions and products, indicating also the results of surveys on plans for the implementation of various security technologies (network security in Table.1 on page 41, endpoint protection in Table.2 on page 43, Application and data protection in Table.3 on page 45, Security and operations management in Table.4 on page 47 of the specified report).
In Russia, the classification of IPS is linked to the requirements of regulators. In particular, analyzing the state register of certified information security tools of the FSTEC of Russia and information security requirements for various systems, the following classes of solutions can be obtained:
• antiviruses
• firewalls
• multifunctional network-level firewalls
• operating systems
• intrusion detection systems
• database management systems
• virtualization tools
• trusted download tools
• denial of service protection
• means of containerization
• removable media controls
• node-level detection and response tools
In addition to the regulator, the classification of information security services and IPS is carried out during various studies of the Russian cybersecurity market. In particular, a similar taxonomy was performed in the preparation of the following documents:
1. Forecast of the development of the cybersecurity market in the Russian Federation for 2025-2030 from the Center for Strategic Research: Appendix A, "Decomposition of categories of protective equipment" on page 19 of this document contains a table with categories of ISS;
2. Russian Information security market research from the B1 Group of Companies (the former Russian division of Ernst & Young): The segments considered in the study (taxonomy of information security products and services) are shown on pages 34-35;
3. Research of the Russian software and IT services market from the B1 Group of Companies: on pages 37-39, a taxonomy of the software and IT services market is presented, which may partially overlap with the information security market.
In addition, maps and reviews of Russian information security products and services with their taxonomy are provided by specialized Internet portals:
1. The Anti-Malware website contains a catalog of IPS and a list of certified IPS, divided into categories;
2. The TAdviser website contains a map of the Russian information security market, in which information security products and services are divided into categories.
When choosing a security solution, it is important to be careful about the vendor's marketing positioning and their classification of their development into a specific class. For example, it can be difficult to draw the exact line between classic Honeypot/Honeynet and fashionable Deception solutions (Threat / Distributed Deception Platform), between DCAP (Data-Centric Audit and Protection) and DAG (Data Access Governance), between EPP (Endpoint Protection Platform) and EDR (Endpoint Detection and Response), between MDM (Mobile Device Management) and EMM (Enterprise Mobility Management), between IRP and some SOARS (for example, the IRP class is generally little known in foreign markets, unlike RPA and SOAR). The key factors in comparing and choosing the required security solution may be:
1) The presence of the solution in the Russian software registry, the availability of certificates of compliance from domestic regulators (FSTEC, FSB), product compliance with legislative and industry requirements (integration with ASOI FinCERT and GosSOPKA, supported regulatory documents, frequency of content updates);
2) Implementation of the required functionality, demonstrated in practice - pilot, testing, "combat" comparison of competing solutions in their infrastructure for a comprehensive assessment of the implementation of company-critical security functions (their choice should be justified by the developed model of current cyber threats and intruders, taking into account the results of the analysis of cyber risks of the company), feedback from operating companies from a similar sector of the economy and the results of reference visits to them;
3) Availability of detailed documentation, support for integration capabilities (API), the possibility of authorized product training in training centers (in-house vendor or partner), the breadth of the product distribution network, the vendor's reputation and history, the release date of the first version and the current version of the product, the number of successful implementations in companies of comparable scale and industry, the possibility of refinement or customization of the product to meet customer requirements, availability of a roadmap for product development;
4) Estimation of the estimated total cost of ownership of the solution, taking into account one-time and regular costs, including the cost of licenses, updates, necessary software and hardware, costs of implementation, support and administration of the system, qualification requirements for personnel (administrators, engineers, operators);
5) The frequency of updates, the vendor's policy of responsible disclosure of information about vulnerabilities, and the timeliness of vulnerability removal;
6) The vendor's compliance with the requirements and practices of secure software development, the ability to provide the SBOM specification, the procedure for protecting client data, the state of infrastructure protection and the maturity of vendor's information security processes (to reduce the likelihood of attacks through the supply chain and through trust relationships), compliance of the product and development processes with the principles of Secure by Design (using information security practices in development products), Secure by Default (using secure default configurations), Secure by Demand (meeting vendor reliability assessment criteria).
.jpg)
.jpg)
