A New Phase in Cyber Defense: How an Ecosystem Approach Takes On Advanced Threats

Market Maturity Is Deepening

A clear example of this approach is offered by UserGate. Its SUMMA ecosystem integrates security products (NGFW, DCFW, EDR/NAC, WAF), educational programs through the UserGate Academy, and SOC services delivered via uFactor. For customers, this translates into a consolidated “one-stop” security model rather than a fragmented stack of unrelated tools.

The UserGate case also illustrates how ecosystem-based models are increasingly tied to the protection of critical information infrastructure. Rather than addressing threats in isolation, such ecosystems are designed to secure complex, interdependent environments where failures can have systemic consequences.

Globally, the integration of products, services, and training is a well-established trend. In Russia, however, this model is taking shape under the specific conditions of import substitution and regulatory requirements, effectively localizing a broader international movement in cybersecurity.

For Russia’s IT sector, the transition to domestically developed, comprehensive security platforms creates an opportunity to raise overall market maturity, strengthen information security architectures, and stimulate internal demand. At the national level, this shift improves the resilience of critical infrastructure, reduces reliance on foreign components, and reinforces digital sovereignty. For citizens, the practical outcome is stronger data protection and a lower risk of disruptions to essential digital services. In this sense, the Russian approach may offer a reference model for other countries facing similar sovereignty and resilience challenges.

Strategic Partnerships as a Policy Driver

The state has emerged as a key driver behind the move toward comprehensive cybersecurity solutions. Russia’s law on the security of critical information infrastructure has effectively made a systemic approach mandatory. Organizations operating critical infrastructure are now required not merely to deploy individual security tools, but to build full ecosystems capable of monitoring, managing, and responding to cyberattacks.

Attacks on AI models are becoming more common, including data poisoning and prompt injection. Effective defense in this area requires not only advanced AI algorithms, but also strict data governance and human involvement to validate AI-driven decisions. In the future, the balance between attackers and defenders will increasingly depend on how quickly models can adapt, the quality of training data, and the deployment of hybrid systems that combine artificial intelligence with expert human oversight

Alexey Dashkov

The product development center's director at NGR Softlab

As a result, customers are increasingly seeking not just a security product, but a long-term strategic partner. UserGate again serves as an illustrative case, offering services such as a virtual chief information security officer. In November, the company significantly strengthened its position in the protection of critical infrastructure by officially obtaining the status of a corporate center within the State System for Detection, Prevention, and Mitigation of Computer Attacks on Russia’s information resources (GosSOPKA), based on its uFactor platform.

According to Elman Beybutov, UserGate’s director of business development, corporate center status within GosSOPKA enables uFactor to provide services to companies in critical sectors. Certified UserGate products and uFactor services that comply with requirements set by Russia’s Federal Security Service collectively deliver reliable protection for critical infrastructure operators, strengthening national cyber resilience and technological sovereignty.

The Growing Importance of Service and Support

UserGate’s SIEM solution, UserGate Log Analyzer, entered the Russian market in 2023. By collecting logs from all components of the SUMMA ecosystem, it supports layered defense and automates security operations, forming a foundation for proactive threat prevention.

In 2024, demand for threat intelligence services continued to grow. Leading vendors, including Kaspersky, BI.ZONE, and Positive Technologies, expanded their TI platforms, integrating them with other security tools to increase the practical value of threat data.

A UserGate study conducted in 2025 showed that while customers report high satisfaction with technical protection levels, they increasingly expect high-quality services and training. For many, the level of service support now outweighs purely technical specifications. This shift reinforces the broader market trend toward ecosystem-based cybersecurity, where human expertise, education, and operational support are as critical as the underlying technology.