PT XDR (PT Extended Detection and Response)

Main article: Security Information and Event Management (SIEM)

2022

Entry into the unified register of domestic software

PT Extended Detection and Response (PT XDR) - a product for the prompt detection of cyber threats on servers and workstations, as well as response to them, is included in the unified register of Russian programs for electronic computers and databases. According to the order of the Ministry of Digital Development of the Russian Federation, on October 31, 2022, the product developed by Positive Technologies was registered in the class of means for detecting and preventing attacks, as well as in the class of means for automating information security processes. This was reported in Positive Technologies on November 23, 2022.

PT XDR collects and analyzes data from many systems, identifies complex targeted attacks in the company's IT infrastructure, and allows you to verify their fact. The product also provides various options for responding to threats, including the previously defined scenario. PT XDR includes technological developments from the Positive Technologies product ecosystem to detect complex attacks and effectively uses the accumulated expertise of the company's specialists.

The inclusion of the product in the register of domestic software is an important and necessary step for each IT company operating in the Russian information security market. PT XDR, as one of the elements of comprehensive protection in the implementation of the effective cybersecurity approach, will help identify advanced and previously unknown attacks for government agencies and companies with state participation, to which the largest number of attacks are traditionally directed, noted Egor Nazarov, Head of Development of Protection against Complex Attacks, Positive Technologies.

At the moment, more than a dozen Positive Technologies products are included in the register of domestic software, in particular:

• MaxPatrol SIEM information security event monitoring system;
• firewall Web Application Layer PT Application Firewall (PT AF)
•  Application Inspector (PT AI) source code analyzer;
• PT  Industrial Security Incident Manager (PT ISIM)
•    MultiScanner software protection system;
• sandbox for risk-oriented protection PT Sandbox;
• Next Generation Vulnerability Management SystemMaxPatrol VM
• incident management and interaction system  with GosSOPKA "PT Departmental Center";
• vulnerability scanner  XSpider;
• system for monitoring the security and compliance with the security standards of information systems MaxPatrol 8;
•  PTNetwork Attack Discovery (PT NAD) network traffic analysis system.

Release of commercial version of PT XDR

On April 26, 2022, Positive Technologies announced that the PT XDR (PT Extended Detection and Response) solution for detecting and responding to threats is available for pilot ordering and purchase.

PT XDR allows, according to the company, to detect hacker actions tens of times faster, respond to attacks at a lower cost and take into account company-specific risks.

"PT XDR was on the market at a time when the need for such a solution became quite high. The need for a system that allows you to simplify and make more effective response to threats arose during the coronavirus epidemic. We saw how remote jobs began to appear en masse in companies, and the boundaries of the corporate perimeter were completely blurred. In recent months, the intensity of cyber attacks on Russian companies has increased tenfold - operational response to them has become a key task for most information security specialists. Since the start of the early birds program, we have received an average of one request per week for pilot product demonstrations. At the end of April 2022, the frequency of applications quadrupled and continues to grow. We see that the solution is in demand, "- notes Positive Technologies Business Development Director Maxim Filippov.

According to statistics of requests for pilot projects, XDR class solutions are especially in demand among banks, fintech companies, energy industry enterprises, and government organizations. Regardless of the industry focus, PT XDR is of particular interest to companies that have hybrid workplaces, the need for remote access protection, as well as detection and response at endpoints.

"One of the key features of PT XDR is that the system does not inherit legacy concepts that have grown out of other class solutions. This is an original and practical approach to protecting endpoints and the entire infrastructure, allowing for a result that is measurable in terms of reaction rate. PT XDR makes it possible to reduce the requirements for the qualification of information security specialists and optimize the process of response and investigations. The solution automates routine processes: prioritizes the queue for threat analysis, offers options for responding to them, helps to quickly take steps to restore control over the infrastructure. PT XDR provides attack context and finds reasons for compromise, "- comments Dmitry Nagibin, Head of the Department for the Development of Protection Tools for Stations and Servers Positive Technologies.

The logic of the solution is based on the most effective developments used in Positive Technologies products and services over the 20 years of the company's existence.

PT XDR is based on the expertise accumulated in MaxPatrol 8, MaxPatrol SIEM, PT Sandbox, MaxPatrol VM, PT Network Attack Discovery, PT Application Firewall, PT Industrial Security Incident Manager, as well as knowledge on detecting threats and responding to endpoints implemented in the EDR component. In the future, PT XDR as a solution will enrich its knowledge base and other Positive Technologies products.

Positive Technologies traditionally pays attention to working with a partner channel, increases interaction with partners in terms of PT XDR. They will be able to bring their expertise to the solution using the proposed modules for loading and writing YARA rules, self-development of response modules for company requirements.

2021: Presentation of PT XDR

Positive Technologies On December 14, 2021, she introduced the alpha version of PT XDR (PT Extended Detection and Response), a solution in her line designed to detect cyber threats and respond to them. The technology will allow services INFORMATION SECURITY in the event of cyber attacks to take measures and stop them tens of times faster and at a lower cost - by automating response processes. Thus, the company, in the portfolio of which for December 2021 more than ten products for providing cyber security business, enters a different XDR market for itself. The commercial version of PT XDR will be available to companies for purchase in April 2022.

Organizations have all the necessary set of technologies to monitor and protect against cyber threats. On the one hand, this allows you to close the main attack vectors. On the other hand, it creates the problem of lack of resources and time for response. During response and investigation, information security specialists have to work with a large number of products at the same time and analyze a lot of disparate data from various systems. Because of this, information security units regularly lose the most valuable resource - time, and the risk of hacking important systems for business increases.

XDR class solutions neutralize these kinds of problems. They combine events and context from many information security systems to identify real attacks and automate response processes. Gartner calls XDR one of the trends in information security - according to the international analytical agency, these decisions for December 2021 are at the stage of a technological breakthrough.

The decision verifies whether the attack is real or not, reduces the number of false positives, and, through a combined context, presents the associated sequence of actions to the source of infection or compromise. Then PT XDR automatically stops the attack or allows the operator to select effective response actions after the investigation - from network isolation of the node to blocking the local user at the node, stopping the process chain or deleting, harmful file depending on the case. If necessary, the solution conducts "treatment" or restores the performance of systems after an attack. Thus, due to effectively built detection and response to cyber threats, efficiency is increased. SOC

The main feature of PT XDR is the native integration of several Positive Technologies products and the technologies used in them. The enterprise-wide approach to advanced detection and response to cyber threats (XDR) involves obtaining data from SIEM, sandbox, EDR, web application security, vulnerability management (VM) systems, network traffic analysis solutions, and others. The better and more efficient the products will interact with each other, the higher the speed of response to attackers' attacks can be ensured and, accordingly, the more chances cybersecurity specialists will have to stop the attacker at an early stage. Also, with a monovendor approach, less resources are spent on configuring a comprehensive solution, because Positive Technologies products are a priori adapted to work with each other.

MaxPatrol SIEM enriches PT XDR with data on all information security incidents that it captures in the IT infrastructure. In addition, PT XDR refers to its knowledge base on behavioral analysis and detections in order to correctly profile the actions of software and users in the system and on the network. In turn, the task of analyzing malware is implemented through integration with the sandbox - PT XDR transfers files for analysis to PT Sandbox, and if a "bad" instance is found, it is blocked on all nodes. Information about malicious activity on PT XDR network nodes can also be obtained from a Positive Technologies EDR solution.

{{quote "The use of PT XDR along with other Positive Technologies solutions that have already proven their effectiveness increases the speed of detecting and countering cyber threats tenfold. The knowledge of current cyber threats, techniques and tactics of attackers that we receive from our research center and PT Expert Security Center regularly replenish our products. PT XDR accumulates existing expertise and allows it to be applied to end nodes. Thanks to this, the response time was reduced to a matter of seconds. In this way, we narrow the window of opportunity for hackers to consolidate in the infrastructure and develop an attack to critical IT systems, "said Dmitry Nagibin, head of the department for the development of protection tools for stations and servers at Positive Technologies. }}

The launch of PT XDR is a logical step in implementing an effective approach to cybersecurity that defines Positive Technologies' development strategy for the coming years.

Effective cybersecurity implies ensuring a level of information security that ensures that events that are unacceptable to business are impossible.

PT XDR is the solution that we needed to achieve a more global goal - creating meta-products that are guaranteed to make it impossible for a hacker to implement events that are unacceptable to business. It is almost impossible to achieve such a result without having the means of control at the end nodes. Taking into account the dynamics of the development of meta-products, in particular MaxPatrol O2, we need to be able to collect and raise from the endpoints the context necessary for the work of meta-products, the requirements for which are also changing dynamically, - said Maxim Filippov, Business Development Director Positive Technologies. - Therefore, we began to make our decision of this class. But even without MaxPatrol O2, the developed solution covers two formed technology segments: EDR (Endpoint Detection and Response) - an extended threat detection and elimination system that can collect information from EDR, SIEM, sandboxes, NDR, UEBA, WAF, VM.