Yandex launches the Yandex Cloud Detection and Response cybersecurity service

Yandex cloud unit (MOOEX: YDEX) builds investments in cybersecurity and displays a new service to the market to identify incidents and attacks with its own SIEM system, tool analysis tools and machine learning. Complex security is relevant for the provider of cloud solutions, market participants say: risk detection for one of the customers will help prevent the incident from others. However, this decision is not unique for the market, and the company will have to offer customers a wide range of services.

The Yandex B2B Tech business group included in Yandex (unites Yandex Cloud and Yandex 360) displays a service for monitoring and identify Yandex Cloud Detection and Response (YCDR), told Kommersant in the company. The launch is planned until the end of the second quarter. YCDR is designed on the basis of the Security Operations Center (SOC) Yandex Cloud. With its help, IB specialists, according to the statements of the Yandex press service, will be able to quickly discover hacker attacks and other threats. As part of the service, IB specialists of the company will use the SIEM system of their own development, tool analysis tools of the SECURITA DATA Lake and machine learning tools. SIEM (Security Information and Event Management) is a software solution for monitoring, analyzing and reacting in real time. It collects data from various sources in the infrastructure, identifies anomalies and helps to prevent attacks.

According to Kommersant in Yandex B2B Tech, in 2024 the company invested 1.3 billion rubles in cybersecurity, which is 30% more than in 2023. In 2025, it is planned to increase investments in the direction by another 40%, says Kommersant’s interlocutor, familiar with the company’s plans. Today, the company has 17 security services for business. Among them, for example, a service for centralized control of cloud infrastructure safety and the new Web Application Firewall (WAF) inter -grid screen. This not only ensures the safety of the entire cloud platform, but also helps clients to organize cloud media protection, says Yandeni Sidorov, information security director at Yandex Cloud.

Today, almost every cloud provider offers certain cybersecurity services-most often protection against web applications (ANTI-DDOS, WAF), network protection, encryption of communication channels for GOST, Mail protection (Seg, Anti-SPAM), high competition and in SOC solutions, Red Security expert (included in MTS) Ilnaz Gataullin. According to him, since monitoring centers differ among themselves by the volume of protection technologies that they can provide by the service model, the success of each new player will depend on what he can offer at the start of this, and a pool of loyal potential customers with fairly serious budgets.

“Socaas service is convenient for users, as they receive an additional service. But here, to a greater extent, monitoring is carried out at a less deep level than Data Plane, which is not to set up « out of the box. » That is, this is most likely about a typical replicated service, ”adds Mr. Gataullin. Creating your own SOC-in the interests of companies providing cloud services: when they attack any of the customers, their “neighbors” also suffer from the actions of the crackers, said Nikita Tsaplin, CEO of the RUVDS hosting provider.

For external SOCAAS, the main benefits are quick launch, access to mature technologies and examination, says Ruslan Permyakov, deputy director of NTI, “Trust Interaction Technologies”. However, he also notes the risks: loss of control over the reaction chain, dependence on external vendor, problems with customization to cloud architecture. “It is much easier and more efficient to use the specialized service, while providing proper protection for your and client infrastructure, this is the price of price-quality,” the representative of the provider Cloud.ru agrees.

Philip Krupanin