Positive Technologies, a leader in result-driven cybersecurity, released version 7.0 of its MaxPatrol EDR endpoint cyberthreat detection and response solution. The update is primarily designed for large organizations with distributed infrastructure. The new MaxPatrol EDR allows users to respond to incidents from external systems using an API, perform actions on multiple agents, add custom detection rules, and create and replicate custom security policy templates. Support for fault-tolerant management server clusters was also added. These features will help users respond to detected incidents exponentially faster and allow organizations to reduce the solution's operating and scaling costs.

Today, MaxPatrol EDR is already implemented in large geographically distributed IT infrastructures. Based on the requests of these organizations, their experience in protecting themselves against real attacks, and the implementation of information security tools in practice, Positive Technologies experts improved MaxPatrol EDR to make it easier and more convenient to use. Developers added new, more efficient pre-configured detection policies, as well as the option to create templates based on custom policies and replicate them between branches and departments in the organization. A new module for configuring audit parameters for Windows operating systems was also added. These updates will reduce system implementation costs in large infrastructures and provide a centralized process for discovering attacks, which is especially important for organizations that have long been benefiting from MaxPatrol SIEM monitoring capabilities. 

"We released MaxPatrol EDR as a standalone product in October 2023, but the technology powering it had proven its effectiveness long before that. We know that endpoints are one of the most popular points for attackers to penetrate infrastructure, so our team is dedicated to improving the solution and increasing its effectiveness with each update," comments Sergey Lebedev, Head of the Workstation and Server Protection Tool Development Department at Positive Technologies. "For example, one of the most frequent customer requests we got was to add support for cluster installations. Today, the trend in large companies is to build fault-tolerant cluster systems that collectively process millions of events per second. Now our product enables the seamless protection of endpoints in them." 

Other MaxPatrol EDR features were also developed to improve the user experience. The new version allows for responses to information security incidents on multiple agents. For example, if two dozen devices are attacked, specialists can respond on the entire group of protected devices at the same time. The console displays the status of this process on each device and lets users continue performing actions with the selected group without stopping to re-select agents. This helps reduce response time exponentially (for example, from over half an hour to just a couple of minutes). Also, now users can perform actions on agents from third-party systems thanks to a response API.

Another significant innovation is that now MaxPatrol EDR users can add their own event processing rules to identify incidents. This enables companies to configure the solution for their specific infrastructure more precisely and leverage the experience of information security specialists for the early detection of specific sophisticated threats. In addition, MaxPatrol EDR 7.0 is faster and more stable than ever with reduced memory consumption and added support for multiple operating systems.