Absolut Bank completes implementation and adaptation of MaxPatrol SIEM for updated infrastructure as part of import substitution

2023: Adaptation of MaxPatrol SIEM for updated infrastructure as part of import substitution

Absolut Bank has completed a project to replace Micro Focus ArcSight with MaxPatrol SIEM. The Bank has been using the system since 2021 to ensure visibility of IT infrastructure and monitor information security incidents. The updates occurred due to a change in the internal landscape, the commissioning of additional IT solutions, as well as an adjustment in the significance of incidents. This was announced on March 9, 2023 by Positive Technologies.

As of March 2023, MaxPatrol SIEM monitors about 5 thousand nodes in Absolut Bank, which covers 95% of credit the organization's infrastructure. All assets are categorized and all event sources are connected: antiviruses sandboxes, network devices, workstations servers , etc.

MaxPatrol SIEM is one of the important tools of the Absolut Bank operational response center. The system gives full visibility to the IT infrastructure, takes into account changes in it and provides information on cybersecurity incidents in real time. Thanks to this, the bank can respond in a timely manner to emerging threats and prevent the implementation of risks.

During the pilots, we tested four SIEM systems. MaxPatrol SIEM most fully satisfied our concept in terms of its capabilities. In particular, the product already out of the box meets the requirements of the Bank of Russia by more than 80%, and Positive Technologies independently interacted with the Central Bank of the Russian Federation and helped our experts implement all the necessary requirements of the regulator described in GOST R 57580.1-2017 Requirements that apply to financial institutions to implement the requirements for ensuring the protection of information established by the regulations of the Central Bank of Russia. In addition, I will note the technical support. Banks, as a rule, do not have narrow competencies that involve administration and deep configuration of SIEM. When implementing and further supporting MaxPatrol SIEM, Positive Technologies experts deal with these issues, "said Ruslan Lozhkin, Head of Information Security at Absolut Bank.

MaxPatrol SIEM allows you not only to build an effective basis for monitoring information security and meet user expectations, but also to make an almost seamless transition from other solutions. In any SIEM system, the content with which it is filled is important - the more expertise, the less time it will take to implement and work with false positive positives, it will not be possible to limit itself to just installing the software. We constantly update content in MaxPatrol SIEM, adding rules for detecting emerging tactics and techniques of attackers to the product, "said Pavel Popov, leader in vulnerability management and information security monitoring products, Positive Technologies.