MaxPatrol O2

Name: MaxPatrol O2
Brand: Positive Technologies
Availability: InStock

Autopilot for result-driven cybersecurity

Request a pilot

Overview Key features How it works Benefits Interaction scheme

Intro

90%%

of companies have a shortage of information security professionals

0%

of non-tolerable events can be realized by threat actors within one month

0%

of corporate infrastructures can be hijacked by internal malicious actors

0%

of corporate infrastructures can be hijacked by internal malicious actors

MaxPatrol O2 overview

The MaxPatrol O2 metaproduct detects attackers, identifies breached assets, predicts attack scenarios based on company-specific non-tolerable events, and stops attacks before irreparable damage is done.

Result-driven

Rules out non-tolerable events for business.

Automates SOC activities

Reduces the human factor in detection, investigation, and incident response processes, and automates routine actions.

Knows how attackers operate

Utilizes Positive Technologies' unique expertise gained from regular cyberexercises (including Standoff), and bug bounty programs (including Positive dream hunting).

Key features

Models potential attacker actions

Predicts the non-tolerable events that suspicious activity may lead to and how many steps are left until risks are realized.
Prediction is based on:
- Network reachability of hosts: routing, access lists, NAT rules
- Account permissions for remote login
- RCE vulnerabilities on hosts
- Remote login opportunities through VPN
- Read access to lsass.exe process memory

Detects hacker activity chains

Analyzes data from Positive Technologies sensors in the metaproduct and demarcates attacking, targeted, and captured resources.
Correlates resources to build activity chains informed by knowledge of threat actor TPPs.
Each chain contains a visualization of the attackers' path, plus a prediction of where they will move next.

Automates investigations

Uses data from Positive Technologies sensors to build the full attack context and conduct an investigation.
Obtains enrichment of the following activities:
- Process startup: process -> session -> user
- Remote login: RDP, SMB, WMI
- Movement in the infrastructure: IP -> IP
- VPN session creation: client IP -> external IP + username

Assesses threat severity

MaxPatrol O2 views captured resources and assesses the proximity of a non-tolerable event.
Upon receiving this information, the system escalates attack chain status to "Attention required" before stopping the hacker or prompting the operator to make a decision.
The threat severity assessment algorithm continues to improve thanks to regular Positive Technologies cyberexercises and the contributions of Standoff 365 Bug Bounty participants.

Stops attackers

Considers risks to business processes and suggests the optimal response scenario.
The scenario can be implemented automatically or manually if adjustments are needed.
Possible response actions:
- Lock account: in the domain or locally, in Windows, Linux, or Mac.
- Block IP address in the firewall: incoming/outgoing traffic.
- Isolate host on the network.
- Stop running process.
- Revoke OpenVPN token.
- Delete email message.

How the metaproduct works

Based on the network topology and reachability of hosts, MaxPatrol O2 factors in vulnerability intelligence and models ways in which non-tolerable events might be realized. If risks haven't been identified in advance, the system calculates the attack vectors to the most critical hosts in the infrastructure.

MaxPatrol O2 analyzes sensor triggerings and identifies captured, targeted, and attacking resources, such as accounts, hosts, sessions, processes, files, and emails.

To assemble an in-depth chain of attacker activity, MaxPatrol O2 queries the relevant sensors for intelligence to build the full attack context, prioritize chains, and decide how to respond.

MaxPatrol O2 analyzes the data and correctly links new sensor triggerings with activity chains already in the system. If none of the existing activity chains can be extended with the new data, MaxPatrol O2 creates a new chain to link the triggering received from the sensor.

Based on data from the threat prediction module, MaxPatrol O2 assesses the severity level of the attack chain. If it exceeds the threshold value, the system switches the chain to the "Attention required" status and prompts the operator to select response measures.

MaxPatrol O2 provides the operator with response options for each resource type to stop the hacker and regain control of the captured resources. All that remains for the operator is to verify the chain and accept the proposed response scenario designed to minimize the impact on the company's critical business processes.

MaxPatrol O2 benefits

No niche skills required

For the metaproduct to work effectively, it's enough to have an operations analyst and expert in system administration and maintenance.

Lowers the threshold of entry to the world of result-driven cybersecurity

Enables companies to address result-driven cybersecurity issues without the need to hire additional experts or automate SOC processes.

Replaces manual investigation

Automates the investigation process by providing the operator with ready chains of attacker activity with full context.

Detects advanced targeted attacks

MaxPatrol O2 links all attacker actions into one chain, while traditional solutions create independent incidents within the framework of the targeted attack.

Considers non-tolerable events

Predicts the attackers' path before they can realize a non-tolerable event. Determines the threat level based on the attackers' proximity to the target system. Adapts to evolving business risks in ever-changing corporate infrastructures.

Knocks out hackers in an instant

Thanks to PT XDR agents located in the corporate infrastructure, MaxPatrol O2 responds in seconds, preventing the realization of non-tolerable events.

Positive Technologies ecosystem

Brings together Positive Technologies products that function as sensors, exchange knowledge, and provide comprehensive IT system protection with minimal human involvement.

Positive Technologies expertise

Regularly updated with new methods for modeling attack vectors, improved algorithms for incident linking and enrichment, and automated response actions.

Single-window operation

The operator doesn't need separate products to detect traces of intrusion and investigate incidents. The system does this automatically by building activity chains and querying Positive Technologies sensors for further attack context.

Domestic solution

The MaxPatrol O2 product suite is made entirely in Russia, included in the Register of Russian Software, and certified by the Federal Service for Technical and Export Control (FSTEC) of Russia (certification for PT MultiScanner is currently in progress).

Suitable for all infrastructures

Protects corporate infrastructures and meets the demands of all industrial sectors: energy, transportation, metals, manufacturing, medicine, and utilities. The suite includes solutions specially designed for ICS (SCADA) network hosts.

Interfaces with any system

During implementation of the metaproduct, Positive Technologies experts will connect any business and IT systems, including custom and in-house systems related to target or key sources.

Interaction scheme

Get in touch

Fill in the form and our specialists will contact you shortly.