MaxPatrol
Endpoint Security
Protect your organization's devices, including PCs, servers, remote workstations, and virtual desktops, from commodity attacks and advanced targeted attacks
Comprehensive endpoint security solution: two products that can work together or independently
Baseline protection
MaxPatrol EPP
For preventing widespread and known cyberthreats
Who it's for:
- You're just getting started with security.
- You need antivirus protection for PCs and servers to cover the essentials.
Enhanced protection
MaxPatrol EDR
For detecting advanced cyberattacks and responding to them
Who it's for:
- You already have baseline endpoint protection.
- You need defense against advanced hacker tools and targeted attacks aimed specifically at your organization.
All capabilities of MaxPatrol EPP and MaxPatrol EDR, combined
Static and dynamic threat detection
Static and dynamic analysis to detect malware, plus behavioral analysis to catch sophisticated attacks
Modular architecture
Flexible component selection and connectivity based on your use cases
Autonomous agents
To protect devices outside the corporate network
20+
years of expertise: we know how large organizations are attacked worldwide and how to defend them
30+
operating systems, including Windows- and Linux-based platforms
Ecosystem approach
A single endpoint protection agent that integrates seamlessly with SIEM, VM, and sandbox solutions
All capabilities of MaxPatrol Endpoint Security
Protection
- Continuous malware detection and remediation powered by antivirus technologies
- Detection of common tactics and techniques from the MITRE ATT&CK framework, including attacks leveraging legitimate tools (PowerShell, WMI, CMD, Bash)
Threat detection methods
- Static and dynamic threat detection. MaxPatrol EPP employs static and dynamic analysis to identify and block known malware and obfuscated threats
- MaxPatrol EDR uses a correlation engine for behavioral analysis and detection of sophisticated attacks, plus YARA rules and file checks against IoCs
Stopping cyberattacks
- Preventive malware blocking before it can execute in the operating system
- Automated and manual response in MaxPatrol EDR, with 40+ response actions on a single device or across device groups
Deployment
Support for 30+ operating systems across the Windows and Linux families
Configuration
- Flexible policy configuration aligned with internal regulations and business needs. Policies are applied based on the user's subnet. A job scheduler minimizes routine manual operation of agents
- Integration with Positive Technologies solutions:
MaxPatrol SIEM and PT Sandbox for in-depth threat analysis with minimal consumption of endpoint resources; MaxPatrol VM for collecting audit data from endpoints and calculating vulnerability scores
Operating modes
- Autonomous agent operation. Analysis and response occur on the endpoint without contacting the management server, helping protect devices outside the corporate network
- Operation in isolated environments. Delivery of knowledge base updates to isolated network segments without internet access
Find the right solution for your needs
MaxPatrol EPP
MaxPatrol EDR
Description
Description:
Baseline protection for preventing widespread and known cyberthreats
Description:
Enhanced protection for detecting sophisticated attacks and responding to them
Who it's for
Who it's for:
- Small and midsize businesses that want to implement endpoint protection
- No in-house SOC or dedicated cybersecurity specialist
- Unlikely to be targeted by seasoned hackers or APT groups, but at risk from viruses and ransomware
- Need to meet regulatory antivirus requirements, including the use of multiple independent antivirus solutions
Who it's for:
- You have an in-house SOC and need defense against APT groups and seasoned hackers
- You need not only preventive measures but also active incident response
- You already use Positive Technologies solutions and want products that fit into a unified ecosystem
- You require a high level of import substitution and support for the full range of domestic operating systems
Signature-based analysis and an emulator for file inspection
Signature-based analysis and an emulator for file inspection:
Signature-based analysis and an emulator for file inspection:
YARA-based scanning
YARA-based scanning:
YARA-based scanning:
Detection of TTPs mapped to MITRE ATT&CK
Detection of TTPs mapped to MITRE ATT&CK:
Detection of TTPs mapped to MITRE ATT&CK:
Threat response
Threat response:
Automatic blocking of malicious file execution; network isolation; quarantine
Threat response:
40+ response actions
API integration for response in external systems
API integration for response in external systems:
API integration for response in external systems:
Operating systems supported by agents
Operating systems supported by agents:
Windows, Astra Linux, RED OS
Operating systems supported by agents:
30+ operating systems
Validate the capabilities of MaxPatrol Endpoint Security with a test drive
Thinking about the best way to protect your company?
Contact us.
During the consultation we'll propose a solution precisely tailored to your organization.