Irkutsk Oil Company ensures business cyber resilience with MaxPatrol SIEM

2024: Implementation of MaxPatrol SIEM

Irkutsk Oil Company has implemented MaxPatrol SIEM. The system quickly detects suspicious activity in the IT infrastructure and timely informs specialists about it. This prevents hackers from intruding before they cause unacceptable damage to the organization. Using MaxPatrol SIEM, the information security division of the enterprise solves one of the main tasks - it ensures cyber resistance and business continuity. Positive Technologies (Positive Technologies) reported this on May 30, 2024.

A few years ago, the Irkutsk Oil Company launched a project aimed at ensuring effective cybersecurity and compliance with requirements No. 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation." One of the points of the project provided for the introduction of an SIEM system that would allow you to quickly identify information security incidents leading to the implementation of unacceptable events. The organization initially considered only Russian certified products and, according to the results of pilot testing, made a choice in favor of MaxPatrol SIEM.

Business continuity is directly related to information security, - said Vadim Ashroev, head of the information security department of the Irkutsk Oil Company. - Every year, cyber threats are improving, and industrial organizations do not go unnoticed by hackers. In this regard, it was important for us to choose a product that can bring tangible results - measured by the speed and quality of detection of attempts to violate the company's cyber resistance. This is our first experience with the SIEM system. The Positive Technologies team quickly helped our specialists understand how the MaxPatrol SIEM product works and how to use it to get the most out of it.

As of May 2024, MaxPatrol SIEM monitors about 1,700 nodes of the organization. Nodes running Windows, Linux, Cisco solutions, Citrix, Kaspersky Lab are connected to the product as event sources. The system processes from 5 to 7 thousand events per second. In general, MaxPatrol SIEM supports 355 different sources and helps control the completeness of asset connectivity and the quality of information collection. The product is capable of analyzing more than 540 thousand events per second on one core using all expert rules out of the box. These capabilities allow you to minimize the time from system implementation to real results.

In the near future, the Irkutsk Oil Company plans to connect the APCS segment and other divisions to MaxPatrol SIEM so that monitoring covers the entire infrastructure of the enterprise. Asset security will be ensured, among other things, using the MaxPatrol VM vulnerability management system, which has already been implemented and applied in the organization. The project also provides for the expansion of the staff and their training.

Due to the high performance, MaxPatrol SIEM can work stably in infrastructures of any size. The product uses detailed inventory technology, which controls changes in IT assets and quickly adapts to new conditions. MaxPatrol SIEM has a flexible architecture that allows you to monitor the information security status of all offices and resources in one window. It is also important that the product not only detects threats, but also helps analysts quickly assess the validity of positives and make decisions on incidents. A better quality task allows us to perform a better built-in ML assistant BAD - a second-opinion assistant who uses about 30 machine learning models and operates our twenty years of experience in detecting and investigating incidents, "said Oksana Naumenko, account manager at Positive Technologies.