MaxPatrol O2

Autopilot for result-driven cybersecurity

Request a pilot

Overview Key features How it works Benefits Interaction scheme

Intro

90%%

of companies have a shortage of information security professionals

0%

of non-tolerable events can be realized by threat actors within one month

0%

of corporate infrastructures can be hijacked by internal malicious actors

0%

of corporate infrastructures can be hijacked by internal malicious actors

MaxPatrol O2 overview

The MaxPatrol O2 metaproduct detects attackers, identifies breached assets, predicts attack scenarios based on company-specific non-tolerable events, and stops attacks before irreparable damage is done.

Result-driven

Rules out non-tolerable events for business.

Automates SOC activities

Reduces the human factor in detection, investigation, and incident response processes, and automates routine actions.

Knows how attackers operate

Utilizes Positive Technologies' unique expertise gained from regular cyberexercises (including Standoff), and bug bounty programs (including Positive dream hunting).

Key features

Models potential attacker actions

Detects hacker activity chains

Automates investigations

Assesses threat severity

Stops attackers

How the metaproduct works

Based on the network topology and reachability of hosts, MaxPatrol O2 factors in vulnerability intelligence and models ways in which non-tolerable events might be realized. If risks haven't been identified in advance, the system calculates the attack vectors to the most critical hosts in the infrastructure.

MaxPatrol O2 analyzes sensor triggerings and identifies captured, targeted, and attacking resources, such as accounts, hosts, sessions, processes, files, and emails.

To assemble an in-depth chain of attacker activity, MaxPatrol O2 queries the relevant sensors for intelligence to build the full attack context, prioritize chains, and decide how to respond.

MaxPatrol O2 analyzes the data and correctly links new sensor triggerings with activity chains already in the system. If none of the existing activity chains can be extended with the new data, MaxPatrol O2 creates a new chain to link the triggering received from the sensor.

Based on data from the threat prediction module, MaxPatrol O2 assesses the severity level of the attack chain. If it exceeds the threshold value, the system switches the chain to the "Attention required" status and prompts the operator to select response measures.

MaxPatrol O2 provides the operator with response options for each resource type to stop the hacker and regain control of the captured resources. All that remains for the operator is to verify the chain and accept the proposed response scenario designed to minimize the impact on the company's critical business processes.

MaxPatrol O2 benefits

No niche skills required

For the metaproduct to work effectively, it's enough to have an operations analyst and expert in system administration and maintenance.

Lowers the threshold of entry to the world of result-driven cybersecurity

Enables companies to address result-driven cybersecurity issues without the need to hire additional experts or automate SOC processes.

Replaces manual investigation

Automates the investigation process by providing the operator with ready chains of attacker activity with full context.

Detects advanced targeted attacks

MaxPatrol O2 links all attacker actions into one chain, while traditional solutions create independent incidents within the framework of the targeted attack.

Considers non-tolerable events

Predicts the attackers' path before they can realize a non-tolerable event. Determines the threat level based on the attackers' proximity to the target system. Adapts to evolving business risks in ever-changing corporate infrastructures.

Knocks out hackers in an instant

Thanks to PT XDR agents located in the corporate infrastructure, MaxPatrol O2 responds in seconds, preventing the realization of non-tolerable events.

Positive Technologies ecosystem

Brings together Positive Technologies products that function as sensors, exchange knowledge, and provide comprehensive IT system protection with minimal human involvement.

Positive Technologies expertise

Regularly updated with new methods for modeling attack vectors, improved algorithms for incident linking and enrichment, and automated response actions.

Single-window operation

The operator doesn't need separate products to detect traces of intrusion and investigate incidents. The system does this automatically by building activity chains and querying Positive Technologies sensors for further attack context.

Domestic solution

The MaxPatrol O2 product suite is made entirely in Russia, included in the Register of Russian Software, and certified by the Federal Service for Technical and Export Control (FSTEC) of Russia (certification for PT MultiScanner is currently in progress).

Suitable for all infrastructures

Protects corporate infrastructures and meets the demands of all industrial sectors: energy, transportation, metals, manufacturing, medicine, and utilities. The suite includes solutions specially designed for ICS (SCADA) network hosts.

Interfaces with any system

During implementation of the metaproduct, Positive Technologies experts will connect any business and IT systems, including custom and in-house systems related to target or key sources.

Interaction scheme

Thinking about the best way to protect your company?

During the consultation we'll propose a solution precisely tailored to your organization.