Financial Commissioner Operations Support uses MaxPatrol SIEM

2025: Implementation of MaxPatrol SIEM

The Financial Commissioner Support Service (SODFU ANO) has implemented MaxPatrol SIEM to monitor information security events and manage information security incidents . Positive Technologies announced this on April 28, 2025.

SODFU has a complex IT infrastructure with a large number of assets, including remote workplaces for employees. Therefore, in 2020, the organization's need to ensure full visibility of the infrastructure and monitor information security events became obvious. To do this, it was decided to implement a SIEM class system that would monitor what is happening in the infrastructure and track its changes in real time. In addition, it was important for specialists that the system monitor the completeness and quality of collecting information security events from assets.

In an effort to protect customer data as much as possible, SODFU complies with the safety requirements put forward by regulators. Therefore, the service considered only products included in the register of domestic software and corresponding to GOST R 57580.1-2017 on the safety of financial transactions.

In addition, in order to effectively detect cyber threats and investigate incidents, service specialists needed the ability to synergize the SIEM system with other tools. MaxPatrol SIEM was able to meet this requirement - the product is integrated with other Positive Technologies solutions, in particular with MaxPatrol VM. MaxPatrol SIEM supports most advanced security features, network devices, and operating systems.

MaxPatrol SIEM for us is a single point for collecting cybersecurity events and attack alerts from 1,800 assets of the organization, "said Denis Savelyev, Head of Security and Information Protection, SODFU. - SIEM-system is connected to workstations, office and network equipment, servers, printers, telephony, as well as security tools of other vendors: antivirus programs, DLP system. Due to the fact that some of the assets are located outside the external perimeter, a non-standard connection scheme was used to collect data: the SIEM system was located inside the protected infrastructure, and the log collection collector was located on the perimeter. The flexibility of MaxPatrol SIEM in obtaining information from IT systems has become a decisive factor for us.

The average flow of security events handled by MaxPatrol SIEM is 1800 per second. In addition to 1,300 correlation rules and more than 9,000 normalization rules out of the box, SODFU specialists are developing their own rules to detect company-specific cyber threats.

{{quote 'Security of IT infrastructure is the primary task of information security service specialists, - said Ivan Prokhorov, head of the MaxPatrol SIEM product, Positive Technologies. MaxPatrol SIEM detects information security incidents that can lead to the implementation of unacceptable events and attempts to violate the company's cyber resistance. }}

The organization also uses MaxPatrol VM, with which it builds a full management cycle. vulnerabilities The integration of MaxPatrol SIEM and MaxPatrol VM allows you to ensure transparency of the IT infrastructure and increase the accuracy and speed of detecting attacks.

Also, SODFU specialists are interested in using ML technologies, in particular the Behavioral Anomaly Detection (BAD) module to detect abnormal behavior of users or entities in the organization's IT infrastructure and assess the degree of risk of events.