Magnit uses MaxPatrol SIEM to monitor cybersecurity events with tens of thousands of assets

2025: Implementation of MaxPatrol SIEM

Magnit has implemented MaxPatrol SIEM to continuously monitor cybersecurity events and manage incidents. At the first stage of the project, the system monitors tens of thousands of nodes and processes more than 20,000 events per second, it is planned that the target configuration, after connecting the remaining sources, will handle up to 100,000 events per second. Positive Technologies announced this on March 3, 2025.

To ensure reliable protection, Magnit needs full visibility of the IT infrastructure and effective management of information security incidents. Before the introduction of the Positive Technologies product, the company already used the SIEM class system of a foreign vendor.

When implementing the project import substitution , the retailer tested the solutions of various vendors. The company needed to maintain cyber resilience and business continuity by integrating a new system into existing processes in the organization. In addition, retail network specialists needed a convenient interface to create user normalization and correlation rules. MaxPatrol SIEM meets the company's requirements best.

At the first stage of the implementation of MaxPatrol SIEM, the company's specialists connected the necessary event sources for one of the sites to the system, set up notifications and reports, and also wrote normalization and correlation rules specific to Magnit, - said Ivan Prokhorov, head of product MaxPatrol SIEM, Technologies. - The maximum reduction in the time from the installation of MaxPatrol SIEM to the start of work of specialists with it and obtaining real results allows a large amount of expertise, which is filled with the system. We constantly update content and add rules for detecting tactics and techniques of attackers to the product.

As of March 2025, 10 Magnit specialists work with MaxPatrol SIEM. The flow of events required by the security department to work after filtering and optimization is 20,000 events per second. It is planned that the target configuration, after connecting the remaining sources, will handle up to 100,000 events per second.

More than sixty source groups are connected to MaxPatrol SIEM, which collect events from tens of thousands of assets. Among the main nodes are Windows and Unix systems, network devices, remote access solutions and virtualization systems, basic information protection tools for controlling infrastructure security (PT Application Firewall, antivirus programs), and mail service. MaxPatrol SIEM also supports six critical business systems that store their logs in databases - these are custom sources.

One of the practical monitoring cases is an audit of the security of resources hosted in Yandex Cloud, accompanied by control of the network perimeter. MaxPatrol SIEM also uses information collected from the MCDS to identify potential incidents involving unauthorized access to the retailer's information systems.

MaxPatrol SIEM helps not only SOC employees, but also other divisions, - said Alexey Bobrovsky, head of SOC of the Magnit group of companies. - For example, IT professionals use MaxPatrol SIEM reports to support users and administer systems. In turn, the antifrod division detects fraudsters for abnormal activity in loyalty programs that the system detects,

As a database, Magnit employees use LogSpace, developed by Positive Technologies specifically to solve storage problems large amounts of information about events from a variety of sources. Experts note its plus before open source-: DBMS density data storage is higher. An organization, based on its needs, can regulate the volume or shelf life of events, while minimizing consumption. data stores In addition, the implemented MaxPatrol SIEM is installed with the ability to scale horizontally to quickly connect new event processing pipelines for further reaching the required power.

It was important for us that the new SIEM system allow us to quickly identify potential threats, "commented Alexander Vasilenko, director of information security at the Magnit group of companies. - MaxPatrol SIEM meets Magnit's information security requirements. Today, the product completely closes the company's needs for monitoring and detecting cyber attacks.