Expobank has been using MaxPatrol SIEM for five years

2024: MaxPatrol SIEM results

Expobank has been using the MaxPatrol SIEM event monitoring and incident management system for five years. Positive Technologies (Positive Technologies) reported this on January 30, 2024. The product promptly detects suspicious activity and notifies operators about it, which helps the bank prevent attacks in the early stages before unacceptable events occur. The effectiveness of the SIEM system operators is confirmed by the statistics of timely identified attempts to penetrate the infrastructure, as well as the results of regular penetration tests.

Since 2018, Expobank has taken an integrated approach to collateral. cyber security Financial the organization uses dozens of information systems; the bank needed to have full visibility of the infrastructure and continuously monitor its security in real time. To monitor information security events, the bank considered foreign the Russian and SIEM systems.

According to the results of pilot testing, MaxPatrol SIEM was chosen, which met the company's requirements as much as possible. The product ensures the effectiveness of analysts, being the core for building information security in the organization.

MaxPatrol SIEM is guaranteed to identify incidents that can lead to a violation of the organization's cyber resistance. The product works stably in infrastructures of any scale, quickly adapting to changes in them, records infrastructure updates in real time, controls the completeness and quality of information security event collection, "said Sergey Sukhorukov, leader in information security monitoring and incident management products practice at Positive Technologies.

The domestic system has the same functionality as its foreign counterparts. In addition, MaxPatrol SIEM, unlike foreign systems, regularly receives information about how to detect threats relevant to the Russian landscape, about the tactics and techniques of attackers (data is transmitted in the form of examination packages). Among other advantages of the product, Expobank specialists note a flexible licensing system. MaxPatrol SIEM also has all the necessary certificates of the FSTEC of Russia and is included in the register of domestic software.

As of January 2024, the system processes 16,000 events per second. It monitors the entire IT infrastructure of the bank, consisting of 5,000 assets (servers, workstations, network equipment). Other Positive Technologies products are also connected to MaxPatrol SIEM: PT Network Attack Discovery, MaxPatrol VM, PT XDR, and PT Threat Intelligence Feeds. The implementation and configuration of MaxPatrol SIEM was carried out by Akstel-Security. The company's specialists support the product, as well as help the Expobank information security division in analyzing cyber threats.

MaxPatrol SIEM confirmed its effectiveness in protecting the bank from cyber attacks. The system notifies you of any suspicious action, and in five years we have not missed a single significant incident. In addition, we regularly conduct penetration tests and are pleased with the results of the operators: in the MaxPatrol SIEM interface, they monitor the entire attack chain, "said Vyacheslav Kuzmin, head of information security at Expobank. - Five more Positive Technologies products help us to be always on the lookout and control security. Thanks to this, the bank responds to threats in a timely manner and counteracts them until serious consequences occur. To protect the network and repel external attacks, we also plan to purchase PTNGFW as soon as it is presented to the market.

The main goal of such projects is not the fact of the introduction of the SIEM system, but the achievement of a high level of cybersecurity of the company. It is checked either at the time of the attack or on pentests. When an organization is subjected to a targeted attack, a set of implemented protection systems - coupled with properly built processes - must detect and stop it in time. The effectiveness of the implementations should be expressed in the results: penetration tests do not lead to events unacceptable for the company, attackers' attacks are detected and prevented on time, - said Maxim Prokopov, head of information security at Akstel-Security. - C MaxPatrol SIEM Expobank feels much more confident: the simplicity and flexibility of configuring monitoring and managing information security events in MaxPatrol SIEM made it possible to do without increasing the number of specialists.