- Security
- A
Evolution of NGFW in Russia on the example of UserGate. Interview with UserGate NGFW Development Manager Kirill Pryamov
There was already an interview on tekkix about Next Generation Firewall from Solar, which touched on the technical aspects of developing such solutions. There was also material about NGFW from Positive Technologies, about the junction of developing open source solutions and proprietary developments. To better trace the history of NGFW development in Russia and show different approaches of information security companies, I decided to conduct an interview with one of the oldest NGFW development companies in Russia - UserGate.
UserGate began developing NGFW back in 2009. We spoke with the UserGate NGFW development manager Kirill Pryamov. The main focus was on how the project started, what tasks and limitations the company faced, and what solutions were released in 2024. Enjoy reading!
How long has UserGate been developing NGFW?
We started developing NGFW in 2009, more than 15 years ago. It was a significant moment for the company, as we decided not just to release a new product, but to create a competitive solution that could become part of the Russian network security ecosystem.
When we released our first next-generation firewall, the NGFW market in Russia was completely dominated by foreign manufacturers, and there were no local counterparts. We understood that this would be a difficult path because NGFW is an extremely capital-intensive product. Not only because of the integration of many functions, such as application control, intrusion prevention, and so on. It is a different approach to architecture plus deep work with hardware if you want to achieve at least satisfactory performance indicators for large businesses. We understood that it would take significant time and resources to offer customers such a solution, but we consciously took this step long before the events after which global vendors closed their business in Russia.
Why did the company decide to engage in NGFW specifically?
NGFW has been and remains a key element of network security. Compared to traditional firewalls, NGFW offers advanced features such as deep traffic analysis, application control, intrusion prevention, network antivirus, and integration with other security tools such as Sandbox, DLP, and SIEM systems.
When we released our first NGFW, the market in Russia was just beginning to realize that classic firewalls were no longer able to cope with the tasks of ensuring security in modern networks. Traffic volume was growing, threats were becoming more complex, and companies needed a solution that could not only block suspicious traffic but also identify its causes, analyze events, and provide additional protection tools. We saw that there were no local solutions on the Russian market that could offer such functionality. Therefore, we decided to fill this niche.
What was the situation on the Russian NGFW market when you released your first solution?
The Russian market was dominated by foreign companies such as Check Point, Cisco, Palo Alto, Fortinet, WatchGuard. They completely controlled both the market for devices for small customers and the NGFW segment for large customers, including banks, oil and industrial companies, telecom and government structures. At the same time, there was already a demand for local products. We understood that this trend would only intensify, especially with the beginning of the transition to import substitution and the complication of the cyber threat landscape.
What about other Russian companies?
At that time, most Russian vendors were producing regular firewalls with some additional functionality, such as VPN, but this was far from a full-fledged NGFW. Not only because of the presence or absence of certain functions, but primarily because of performance, fault tolerance, and scalability. Among domestic developers offering a multifunctional network solution (UTM), companies "AltEl" and "Ideco" can be noted. But no one could offer a competitive NGFW for large businesses. Only after the events of February 2022 did products begin to appear en masse in Russia, which classified themselves as NGFW.
When you started developing NGFW, did you focus on foreign hardware platforms or did you immediately choose localization?
We started the business using foreign hardware platforms. But when creating NGFW, we initially decided to consistently move towards our own platforms, as we understood that dependence on foreign solutions could become a critical factor in the future. Localization was a strategic choice.
In addition, we want to control the entire process: from design to production. Of course, this required additional costs and efforts, but in the long run, this decision turned out to be the right one. Today we can already offer our customers our own solutions that fully meet the requirements of import substitution, including platforms for small organizations (UserGate C150) and the UserGate FG platform with a built-in hardware accelerator based on FPGA to meet the needs of the largest customers.
What challenges did you face during development?
One of the key challenges is creating a team that could handle a task of this level. We were looking for specialists who understand not only network security but also hardware development. In addition, we started work on creating the previously mentioned UserGate FG platform with FPGA. In it, we implemented our own design and circuitry, as well as our own code for FPGA. The entire process from idea to production, refinements, and first sales took 5 years.
Another challenge was the need to ensure high performance of our solutions. NGFW requires powerful hardware to handle large volumes of traffic, which means that it was necessary to develop an architecture capable of effectively coping with such loads.
How were things with the supply of components before and how does it look in 2024?
It is clear that logistics and the supply of components were much simpler before. We could choose from a wide range of foreign suppliers, and this allowed us to implement our ideas faster.
By 2024, the situation has changed significantly. Restrictions on the supply of components, rising prices, and logistics problems have become challenges for the entire industry. But the Russian market has adapted: new suppliers have appeared, localized production is developing, we have been able to build reliable supply chains and create large stocks of platforms in warehouses. Of course, this requires a lot of effort and expense, but we are coping.
Is all the circuitry developed within the company?
At the moment, no. Currently, our platform list includes B50, C150, C151, D250, FG, and X10. The E and F series are still based on foreign platforms, but we are actively working on replacing them - our own E1050, E2050, E3050, and F80 500 platforms are now actively being tested and refined. By 2026, these platforms will be produced in Russia based on our design and circuitry.
How do you assess the level of localization of your production?
Our localization is high. We develop the design and circuitry of the devices, and production is carried out at a contract factory near St. Petersburg. The textolite for the boards is ordered from Russian suppliers, the components are mounted in production, and quality control, assembly, and testing of the finished device are carried out there.
We even conduct factory tours for key customers to show how our equipment is manufactured. This helps convince them that our solutions truly meet localization and quality requirements. Moreover, this visit to the production is truly mesmerizing and has a strong emotional impact — after all, there is a lot of skepticism towards Russian manufacturers, many customers still believe that it is just a matter of re-labeling.
What features are implemented in your new NGFW?
UserGate NGFW includes a wide range of security features: the now traditional firewall with session state control (FW L3/L4), application control (FW L7), network antivirus, a whole block of Identity Firewall functions, which we combine under the name User ID, and with which network traffic can be linked to specific users. We also have a gentleman's set of network functions: static and dynamic (BGP, OSPF, RIP) routing, VLAN, PBR, VRF, ECMP, BFD, WCCP, DHCP, QoS, channel redundancy, etc. They allow NGFW to be integrated into the customer's existing infrastructure as painlessly as possible. Plus, failover functions (Active-Passive, Active-Active), centralized management, not only of NGFW, but of our entire ecosystem (SIEM, EDR/NAC/VPN-client).
We also support integration with Active Directory, LDAP, Samba, FreeIPA and other systems, including through an open API.
What competencies are required to work with your NGFW?
Working with NGFW requires basic knowledge in the field of network security, there is no way around it. We understand that not all specialists have sufficient experience with our product, so we have created an entire department responsible for educational activities — the UserGate Academy. There you can undergo training, take exams and receive certificates that are recognized on par with foreign counterparts, such as Cisco.
How is NGFW configured?
Configuration can be done through a web interface or CLI. The CLI provides advanced features, including the use of our UserGate Policy Language for describing firewall policies. For IPS, we have a separate configuration language, which allows you to set rules with a high degree of detail.
In your opinion, what do Russian NGFWs lack?
The main challenge is to reach the level of functionality and performance of leading foreign solutions. Although some companies claim to have already done this, the truth is that catching up with world leaders with budgets of billions of dollars, the scientific potential of thousands of employees, and many years of experience solving the problems of the largest customers from various industries is a non-trivial task. But achievable. We are actively working on increasing performance, expanding functionality, and expanding the product ecosystem. It is important for us that our solutions meet the needs of even the most demanding customers. In the new NGFW for data center-level tasks, which we called UserGate Data Center Firewall, we have implemented all our new developments, including a vector firewall with 130 thousand rules. The product release is scheduled for the 2nd quarter of 2025.
Are your solutions available only in hardware versions or are there software counterparts?
We offer both hardware and virtual versions of NGFW. Hardware appliances are in demand in large companies, but we see a growing interest in virtualized solutions and Firewall as a Service. We actively cooperate with cybersecurity service providers (MSSP), and revenue from this segment shows steady annual growth.
What processors are used in your devices?
At the moment, we use x86 processors from Intel and AMD, as well as ARM. We considered the possibility of using Russian processors, such as Baikal and Elbrus, but their performance does not yet meet our requirements.
Are you considering switching to ARM processors?
We see great potential in this architecture due to its energy efficiency and flexibility. We plan to use ARM in future models that will be produced in Russia.
How do you assess the prospects of NGFW in Russia?
The NGFW segment is already the largest of all segments of the Russian information security market. And it will continue to grow as more and more customers will switch from traditional firewalls to products of this class. In addition, there will be a deferred demand associated with the replacement of foreign equipment, especially from the largest customers, as the service life of network equipment is usually 5-7 years. Delivery in the form of PAC will retain its dominant role, but we see a growing interest in virtualized solutions, including in the form of services, and their share in total deliveries will grow. If we evaluate our position in the market, we are firmly on our feet, confident in our abilities and intend to continue to maintain the status of market leader, which was confirmed by the current market research of network security from the Center for Strategic Research.
Using the example of UserGate, one can trace the transformation of the Russian network security market from local solutions to ubiquitous participation in import substitution. As it is clear, NGFW remains a basic element of protection of modern networks. As the market moved away from traditional firewalls, such solutions are becoming not just traffic filters, but multifunctional tools capable of analyzing behavior, preventing threats and integrating with other security systems.
The prospects for the use of ARM processors and the transition to more energy-efficient and flexible architectures are still unclear, as many solutions are in the testing stage. However, I have noticed a trend: several information security companies are already closely monitoring processors based on the ARM architecture. So let's wait and see. Thank you for reading!
Write comment