Positive Technologies MaxPatrol 10 (MaxPatrol 10) is a system that collects, stores, and analyzes data about events that occur in a company’s IT infrastructure. This ensures information security monitoring for both the entire IT infrastructure and individual subdivisions, hosts, and applications.
MaxPatrol 10 provides the following basic features:
Asset inventory. The system regularly collects data about network hosts and interactions between them.
Event data collection. An event source is any supported hardware or software.
Event analysis to detect infosec incidents. A set of special rules that provide the basis for analysis is constantly updated by the Positive Technologies experts.
Infosec incident management. The system helps to manage information security incident investigation and response.
Data visualization. Summary information on assets, events, and incidents is displayed in the system web interface as charts and tables.
MaxPatrol 10 provides the following additional features:
Expertise packs. Usage of the knowledge base developed by the Positive Technologies experts. The base contains data on the most up-to-date tactics and techniques of hacker attacks and helps to detect even complex non-standard attacks.
Asset management automation. The system can automatically set asset importance and freshness and aging periods for asset data received after the IT infrastructure scans.
Reputation lists. Up-to-date information about malicious IP addresses and dangerous file hashes is used to prevent incidents.
Event rechecks. Retrospective correlation of the previously received events after adding new rules or updating tabular list data; a retrospective search for indicators of compromise.
Asset security monitoring. The system analyzes and monitors compliance with security standards for both the entire IT infrastructure of an enterprise and individual hosts and systems.
Sending of notifications. Notification of operators about changes in the corporate IT infrastructure, operation of data collection tasks, events being collected, and infosec incidents detected.
Integration with PT NAD. Registration of incidents based on sessions and attacks.
Integration with MaxPatrol EDR. Detection of complex targeted attacks and automatic response.
What do you think?
It is nice to know your opinion. Leave a comment.