The bank chose a domestic system to protect its infrastructure.
Expobank, one of the top 40 largest banks in Russia, has been using the MaxPatrol SIEM information security event monitoring and incident management system for five years. The product quickly detects suspicious activity in the infrastructure and notifies operators about it, which allows the bank to prevent cyber attacks at an early stage before unacceptable events occur. The effectiveness of SIEM system operators is confirmed by statistics of timely detected penetration attempts, as well as the results of regular penetration tests.
Since 2018, Expobank has been using a comprehensive approach to ensuring cybersecurity. A financial organization has dozens of information systems, so it needed full visibility of the entire infrastructure and the ability to continuously monitor its security in real time. To monitor information security events, the bank considered foreign and Russian SIEM systems.
Based on the results of pilot testing, the choice fell on the domestic MaxPatrol SIEM, which maximally met the requirements of Expobank. The product ensures the effectiveness of analysts work, being the core for building information security in the organization. "MaxPatrol SIEM is guaranteed to detect incidents that may lead to a breach of the organization's cyber resilience. The product works stably in infrastructures of any scale, quickly adapting to changes in them, captures infrastructure updates in real time, and monitors the completeness and quality of information security event collection, " commented Positive Technologies.
The domestic system has the same functionality as its foreign counterparts. In addition, MaxPatrol SIEM, unlike foreign systems, regularly receives information on ways to detect threats relevant to the Russian landscape, on the tactics and techniques of intruders (data is transmitted in the form of examination packets). Among other advantages of the product, Expobank specialists highlight a flexible licensing system. In addition, MaxPatrol SIEM has all the necessary certificates of the FSTEC of Russia and is included in the register of domestic software.
Currently, the system processes 16,000 events per second. It monitors the entire IT infrastructure of the bank, which consists of 5,000 assets (servers, workstations, network equipment). Other Positive Technologies solutions are also connected to MaxPatrol SIEM: PT Network Attack Discovery, MaxPatrol VM, PT XDR, and PT Threat Intelligence Feeds . Axtel-Security implemented and configured the system. Its specialists provide technical support for the product and assist the information security division of Expobank in analyzing cyber threats.
"MaxPatrol SIEM has confirmed its effectiveness in protecting the bank from cyber attacks. The system notifies you of any suspicious activity, and we haven't missed a single significant incident in five years. In addition, we regularly conduct penetration testing and are satisfied with the results of the operators 'work: in the MaxPatrol SIEM interface, they monitor the entire attack chain," said Vyacheslav Kuzmin, Head of Information Security at Expobank. - Five more Positive Technologies products help us to be always on the alert and monitor security. Thanks to this, the bank responds to threats in a timely manner and counteracts them before serious consequences occur. To protect the network and fend off external attacks, we also plan to purchase PT NGFW as soon as it is introduced to the market."
"The main goal of such projects is not to implement the SIEM system itself, but to achieve a high level of cybersecurity of the company. It is checked either at the time of the attack, or on pentests. When an organization undergoes a targeted attack, a set of implemented security systems-along with properly structured processes-should detect and stop it in time. The effectiveness of implementations should be reflected in the results: pentests do not lead to unacceptable events for the company, and malicious attacks are detected and prevented in time — " comments Maxim Prokopov, Head of Information Security at Axtel-Security. "With MaxPatrol SIEM, Expobank feels much more confident: the simplicity and flexibility of setting up monitoring and managing information security events in MaxPatrol SIEM made it possible to do without increasing the staff of specialists."
Expobank, one of the top 40 largest banks in Russia, has been using the MaxPatrol SIEM information security event monitoring and incident management system for five years. The product quickly detects suspicious activity in the infrastructure and notifies operators about it, which allows the bank to prevent cyber attacks at an early stage before unacceptable events occur. The effectiveness of SIEM system operators is confirmed by statistics of timely detected penetration attempts, as well as the results of regular penetration tests.
Since 2018, Expobank has been using a comprehensive approach to ensuring cybersecurity. A financial organization has dozens of information systems, so it needed full visibility of the entire infrastructure and the ability to continuously monitor its security in real time. To monitor information security events, the bank considered foreign and Russian SIEM systems.
Based on the results of pilot testing, the choice fell on the domestic MaxPatrol SIEM, which maximally met the requirements of Expobank. The product ensures the effectiveness of analysts work, being the core for building information security in the organization. "MaxPatrol SIEM is guaranteed to detect incidents that may lead to a breach of the organization's cyber resilience. The product works stably in infrastructures of any scale, quickly adapting to changes in them, captures infrastructure updates in real time, and monitors the completeness and quality of information security event collection, " commented Positive Technologies.
The domestic system has the same functionality as its foreign counterparts. In addition, MaxPatrol SIEM, unlike foreign systems, regularly receives information on ways to detect threats relevant to the Russian landscape, on the tactics and techniques of intruders (data is transmitted in the form of examination packets). Among other advantages of the product, Expobank specialists highlight a flexible licensing system. In addition, MaxPatrol SIEM has all the necessary certificates of the FSTEC of Russia and is included in the register of domestic software.
Currently, the system processes 16,000 events per second. It monitors the entire IT infrastructure of the bank, which consists of 5,000 assets (servers, workstations, network equipment). Other Positive Technologies solutions are also connected to MaxPatrol SIEM: PT Network Attack Discovery, MaxPatrol VM, PT XDR, and PT Threat Intelligence Feeds . Axtel-Security implemented and configured the system. Its specialists provide technical support for the product and assist the information security division of Expobank in analyzing cyber threats.
"MaxPatrol SIEM has confirmed its effectiveness in protecting the bank from cyber attacks. The system notifies you of any suspicious activity, and we haven't missed a single significant incident in five years. In addition, we regularly conduct penetration testing and are satisfied with the results of the operators 'work: in the MaxPatrol SIEM interface, they monitor the entire attack chain," said Vyacheslav Kuzmin, Head of Information Security at Expobank. - Five more Positive Technologies products help us to be always on the alert and monitor security. Thanks to this, the bank responds to threats in a timely manner and counteracts them before serious consequences occur. To protect the network and fend off external attacks, we also plan to purchase PT NGFW as soon as it is introduced to the market."
"The main goal of such projects is not to implement the SIEM system itself, but to achieve a high level of cybersecurity of the company. It is checked either at the time of the attack, or on pentests. When an organization undergoes a targeted attack, a set of implemented security systems-along with properly structured processes-should detect and stop it in time. The effectiveness of implementations should be reflected in the results: pentests do not lead to unacceptable events for the company, and malicious attacks are detected and prevented in time — " comments Maxim Prokopov, Head of Information Security at Axtel-Security. "With MaxPatrol SIEM, Expobank feels much more confident: the simplicity and flexibility of setting up monitoring and managing information security events in MaxPatrol SIEM made it possible to do without increasing the staff of specialists."
