Positive Technologies has released a new version of the Maxpatrol SIEM information security event monitoring system – 7.0. The main thing in the new release is support for operating systems of the Linux family, the ability to conduct a distributed search for events to detect attacks on large geographically branched infrastructures, as well as simplifying the management of the importance of assets in terms of information security.
Maxpatrol SIEM 7.0 received support for operating systems of the Linux family. In 2020, over 1 million licenses for Astra Linux OS were purchased, and the total number of organizations using this software exceeded 4 thousand. Now the product can be deployed by government departments, state corporations, CII entities and organizations that already use Linux or are switching to this software as part of import substitution. The ability to install Maxpatrol SIEM on domestic OS distributions is especially relevant for Russian companies in today’s realities. The system also supports Debian 10.
“We have long felt the need for customers to use a single platform for all product components. This greatly simplifies the deployment of the system and its operation, which is the main priority of the company in the development of its information security solutions. And support for domestic Linux distributions makes it easier to meet import substitution requirements,” said Roman SergeevProduct Development Manager for Maxpatrol SIEM, Positive Technologies.
According to Positive Technologies, 15% of information security specialists attribute information security monitoring in subordinate departments to the most time-consuming actions in a SIEM system. This problem is typical primarily for organizations with a large geographically branched infrastructure. Thanks to the distributed search for events, Maxpatrol SIEM users see the overall picture of information security and can quickly identify complex non-standard attacks aimed at the infrastructure of both a separate unit and the entire enterprise as a whole. Events from all installations are available to the headend operator for searching, filtering, grouping, aggregating and issuing reports on them.
Network infrastructure nodes, which number in the tens and hundreds of thousands, differ in terms of importance from the point of view of information security. To prevent operators from being unnecessarily distracted by less important assets, Maxpatrol SIEM 7.0 adds the ability to assign importance to assets using policy. So, for example, all domain controllers can be assigned a high level of significance – the function works automatically, which saves Maxpatrol SIEM users from routine operations. At the same time, you can manually override the significance of an asset at any time.
Starting from version 7.0, the product supports a new event storage specially developed by Positive Technologies – Logspace. Its use increases the efficiency of using disk resources by 5–7 times. Thus, Maxpatrol SIEM users can either reduce their hardware costs or increase the depth of event storage with the same resources that they previously had. In addition, customers still have the option to use the familiar Elasticsearch storage.
Natalya Likhodievskaya, Softline: We want every employee of the company to become its shareholder
In addition, Maxpatrol SIEM 7.0 has improved the performance of the correlator responsible for detecting malicious activity: optimized RAM consumption, increased bandwidth, and added the ability to use multiple processor cores.
Event filtering requests are now saved in history and available for reuse. This change will be especially useful for SIEM system operators when testing hypotheses using PDQL queries during investigations.
“Maxpatrol SIEM 7.0 is a long awaited release. It combines updates that affect system changes (for example, the ability to use the Linux family of operating systems, including certified versions, and the transition to a proprietary database that meets customer requests for processing significant event streams) and architectural changes – horizontal scaling for distributed event search. Also in the new version of the system there are many improvements that increase the convenience of the operational work of information security analysts investigating cybersecurity incidents. The Maxpatrol SIEM development team has done significant work for the effective use of the product in distributed environments of large customers in the enterprise segment,” noted Elman BeibutovHead of Information Security Event Monitoring at Positive Technologies.