Gazprombank Mobile strengthens cybersecurity together with Cross Technologies based on Positive Technologies solutions

2025: Positive Technologies Solutions Implementation

A solution integrator and provider of information security services Cross Technology has implemented a project to provide a cyber security IT infrastructures virtual mobile operator. To Gazprombank Mobile do this Positive Technologies IT infrastructures business processes , security and operator solutions were used. This was reported to Cross Technologies on April 25, 2025.

At the first stage of the project, the implementation of the MaxPatrol SIEM cybersecurity event monitoring system was carried out, which began in May 2023 and took place in several stages until December 2024. The system has the principle of activocentricity. Collecting complete information about events, the product does not leave blind spots in the infrastructure and does not allow the hacker to remain unnoticed.

The infrastructure of Gazprombank Mobile provides monitoring of critical sources, in particular servers (Syslog), Windows Event Logs (Event Log) and individual databases. The rules for detecting incidents have been updated, as well as the speed of the product has been optimized. The system receives an average of 2,500 events per second (EPS), while the MaxPatrol SIEM functionality allows you to process more than 540,000 EPS on a single core with the connection of all expert rules.

The project also introduced a vulnerability management system. MaxPatrol VM The product scans about 150 critical nodes in the infrastructure of Gazprombank Mobile for information security flaws. Among them are databases DNS-, servers controllers, domain file and mail systems, web servers and programs for monitoring application performance monitoring (APM).

MaxPatrol VM helps build a full cycle of vulnerability management - from detection to resolution, and also allows you to receive information about trend vulnerabilities within 12 hours from the moment they are discovered. MaxPatrol VM enriches expertise with information from databases of information security deficiencies, such as NVD, NOS FSTEC, and assesses their danger on the CVSS scale. In addition, the system takes into account the methodology for assessing the level of criticality of vulnerabilities of the FSTEC of Russia.

MaxPatrol HCC module in MaxPatrol VM allows you to prioritize risks, assign security policies, monitor compliance with information security standards and internal requirements, as well as the timing of elimination of violations. The advantages include granular reporting, reducing response time to policy changes through automation, and adapting to dynamic IT environments.

Gazprombank Mobile also introduced MaxPatrol EDR, a system for protecting end devices from complex and targeted cyber attacks. In the company's infrastructure, MaxPatrol EDR is used for monitoring and processing information security events, collecting inventory information about end devices and checking the security of various files. In general, the product can act as a single agent for detecting and responding to attacks, collecting telemetry and vulnerability data on devices on more than 25 versions of popular operating systems and in virtual desktop infrastructure (VDI), including certified Russian operating systems.

As a mobile operator, we consider information security as the foundation of our work and an important condition for stable development. Ensuring the smooth operation of the IT infrastructure is our key obligations. To achieve these goals, we have implemented a comprehensive information security incident monitoring and management system. The project was implemented in cooperation with Cross Technologies specialists based on Positive Technologies solutions, "said Alexander Ishanov, director of information and economic security at Gazprombank Mobile.

Cross Technologies experts played a key role in the successful implementation of the Positive Technologies information security products complex at Gazprombank Mobile. As an integrator of the entire project, we provided an integrated approach to analyzing requirements and setting up different solutions, which made it possible to adapt the functionality of these IPS to the needs of the mobile operator. Our engineers advised employees and provided technical support. Their experience and professionalism made it possible to minimize risks and improve the protection of the IT circuit, - said Lev Fisenko, executive director of Cross Technologies.