“Market Growth Will Come Very Soon”: Dmitry Lebedev on the Next Stage of Import Substitution

The idea of bringing together the expertise of Russian cybersecurity developers to jointly build market-ready solutions emerged from the urgent need for rapid import substitution in 2022. As Western vendors began withdrawing technologies and services, it became clear that creating competitive domestic alternatives would require Russian companies to coordinate their efforts rather than work in isolation.

In this interview with IT-Russia, Dmitry Lebedev, a leading product promotion specialist at Kod Bezopasnosti, discusses the advantages of such an alliance, its future development, the key trends shaping the cybersecurity market and the pace of import substitution across the sector.

– Dmitry, what exactly is CyberAlliance and how long has it been around?

– CyberAlliance is an informal partnership that brings together several leading Russian IT and cybersecurity vendors. The aim is to enable customers to extract maximum value from jointly developed solutions, primarily those built around next-generation firewall (NGFW) platforms designed to secure corporate networks.

The idea for such cooperation emerged after foreign developers exited the Russian market in 2022. NGFW platforms are one of the core components of a modern security architecture, which created an urgent need to fill the gap left by the departure of international vendors.

– How exactly does CyberAlliance help close that gap?

– The technological foundation of the initiative is the NGFW platform Kontinent 4 developed by Kod Bezopasnosti. Within the CyberAlliance framework, our specialists conduct extensive compatibility testing with other cybersecurity and IT vendors, as well as with a number of systems integrators, ensuring that their flagship products work seamlessly with Kontinent. In this way, we combine the strongest expertise available on the domestic market and deliver a comprehensive, enterprise-grade security solution.

– What advantages does this approach offer both customers and the vendors themselves?

– One key point is that foreign NGFW platforms have a long development history. Over time they built mature ecosystems in which the firewall itself is complemented by a wide range of cybersecurity services providing extended protection capabilities. Russian customers have become accustomed to that level of functionality because, despite the versatility of NGFW platforms, there are security tasks that cannot be solved by a firewall alone.

After foreign developers exited the market, Russian vendors effectively faced three possible development paths. The first group of companies had never produced NGFW platforms before but decided to enter the segment. The second group already operated within a specific niche with their own NGFW products and began expanding them by building additional security service ecosystems. Both approaches are viable, but they tend to fall short for large enterprise customers. In the first case there is a lack of accumulated expertise and the inevitable growing pains. In the second case vendors must commit significant resources to developing several security services simultaneously. This means investing in technologies such as sandbox environments, authentication systems and SIEM platforms, which can ultimately affect the overall quality of those solutions.

That is why Kod Bezopasnosti chose a third path. We focused on what we do best – continuously improving the NGFW platform itself – while integrating complementary services from specialised partners. Companies that have spent years developing antivirus technologies, sandbox environments or SIEM systems will naturally outperform vendors that are only beginning to build such capabilities.

In effect, customers gain high-quality integrations delivered by leaders in different segments of the cybersecurity market, while vendors gain the opportunity to participate in large-scale projects. Meanwhile, compatibility testing conducted in advance significantly reduces both the time required to deploy the solution within a customer’s IT infrastructure and the overall cost of the technology bundle.

– Which areas is CyberAlliance focusing on right now?

– There are three main directions: secure remote access, integration into high-load networks and advanced protection against cyberattacks. For example, within the first area we are expanding integrations with multi-factor authentication systems and ensuring VPN client compatibility across different operating systems. In the high-load network segment we work with traffic brokers and load balancers that allow horizontal scaling of firewall throughput – something that is critically important for large IT infrastructures.

– More broadly, has the cybersecurity market been moving toward consolidation in recent years, or is there a trend toward vendors entering as many security segments as possible?

– There is certainly a trend toward market consolidation, although in practice vendors typically follow one of two development paths. Some companies attempt to build their own security ecosystems, despite the fact that this requires substantial resources and does not always result in the level of quality customers expect. Others advocate active integration with adjacent systems. The broader the compatibility of your product with other technologies, the more likely it is that customers implementing import substitution will choose a solution that can be deployed quickly within their IT infrastructure without additional testing.

– Many experts say the pace of import substitution has plateaued after the initial surge. Is it fair to assume that growth of that scale will not happen again?

– The market cannot operate in a constant state of explosive growth. At this stage the pace of import substitution is indeed slowing, but this is largely because the organisations under the closest regulatory scrutiny have already replaced their most critical IT and cybersecurity systems. As a result, they can now move forward at a more measured pace and plan the substitution of other elements within their infrastructure.

But the next market upswing is likely to arrive very soon, as those same companies begin the second and even third stages of import substitution. At the same time, organisations that were able to remain on foreign technologies will also start migrating as those products approach the end of their lifecycle. Most likely, the next significant wave of market growth should be expected around 2027–2028.