MaxPatrol 8

ptsecurity.ru
Positive Technologies
Facts and Figures
About us

Main products
Every
year 200+
security audits
of corporate systems
Visionary 2017
200+
detected zero-day
WAF Magic Quadrant

vulnerabilities

years of research and expertise detected zero-day vulnerabilities in

15 30+
Mobile Telco

zero-day vulnerabilities in SCADA security researches of mobile and web

150+ 500+ applications
Our customers
MaxPatrol 8
Security and Compliance Control
Our statistics

An amateur hacker can access every second system

73% 96% 87% 73%

Perimeter protection Standard Incidents became Attacks did not require

does not prevent solutions successful because of high qualification from
penetration serious errors hackers
could prevent attacks in configuration

Source: Positive Research 2017

Why infrastructure is vulnerable

Weak passwords
Third-party
software

Insecure wireless
networks
Errors in settings of:
• network equipment
• perimeter protection systems
Web application • web applications
errors • databases
MaxPatrol 8: solution

Inventory
1 configuration control

Complex
2 security assessment

Automation
3 of compliance control

Reports for technical specialists

4 and managers
Product of the year

5 Knowledge base updated daily

Vulnerability Management
according to Cyber Security Awards 2016
MaxPatrol 8
Use cases
Functions of the system

Database Applications

Wireless and ERP systems

VOIP networks

Network Web applications

infrastructure and
systems Compliance control
Security control

PCI, ISO, etc. Corporate policies

Changes control Key indicators
of effectiveness

Managers Auditors
Knowledge base
• Reducing human errors due • Complex tool for security
to automation assessment
• KPI reports from different • Supports main international
business units standards
• Compliance with internal Infosec specialists IT specialists • Configurable reports
standards
• Data on the current security • Vulnerability detection • Easy to implement
level • Compliance management • IT resources inventory
• Policy compliance control • Recommendations on fixing
• Vulnerability elimination control • Reports on updates
Additional scenarios

ERP ICS TELECOM

NetWeaverTM

R/3

R/3
ENTERPRISE
MaxPatrol 8 for SCADA

MaxPatrol has built-in checks for specialized network

equipment, such as Cisco Connected Grid, supports
Modbus, S7, DNP3, IEC104 and other industrial protocols.

The knowledge base contains more than 30,000 checks on

vulnerabilities and security requirements for HMI/SCADA,
PLC, RTU from leading manufacturers: Siemens,
Schneider Electric, Rockwell Automation, ABB.
MaxPatrol 8 for SAP

COMPLIANCE WITH TECHNICAL INVENTORY OF SYSTEM COMPONENTS

REQUIREMENTS

 For application layer  SAP application servers

 For system layer  DBMS servers
 For network layer  workstations
 For user layer  network equipment
 protection tools

DETECTION AND ELIMINATION OF ANALYSIS OF SYSTEM

TECHNICAL VULNERABILITIES CONFIGURATIONS AND COMPONENTS

 SAP R/3 and SAP R/3 Enterprise  system parameters

 SAP NetWeaver AS ABAP  business modules (ERP, HR, MM)
 SAP NetWeaver AS JAVA  SAP system services
 SAP business modules  encryption settings
 SAPRouter  RFC connections not in use
 account status and critical privileges
Supported systems

systems
1000+ that are compatible with MaxPatrol 8

Operating systems Databases

Network equipment Infrastructure

applications

Virtualization
solutions Desktop applications

Security tools
ViPNet
Flowchart

RESOURCES REPORTING
PCI DSS, ISO 27001,
Desktop Operating v
applications systems MANAGEMENT

• Search for vulnerabilities

Network PENTEST • Network scanning ANALYTICAL
DBMS
equipment • Web application audit
• DBMS scanning
• System checks
TECHNICAL
• Configuration analysis
SAP WEB AUDIT
• Software analysis
• Inventory

• Control of compliance  Standard compliance

Virtual
VPN
COMPLIANCE 1
with standards
environment
 Asset inventory
 Dynamics of changes
Vulnerability and Corporate standards
ICS Antivirus
software knowledge  Vulnerability data
base
Pentest mode

• Black-box analysis

• Detect vulnerabilities:
• by analyzing messages (banners)

• by using exploit-like behaviour

• by using heuristic methods

• Web application analysis

• Password brute-forcing

• Network services diagnostics

Pentest mode
Audit mode

• Does not require to install the agent

• Uses standard remote access protocols

• Hardware and software inventory
• Check for security updates
• Detection of vulnerabilities and configuration
errors
• Configuration analysis
• Account control
• Change control
Audit mode
Audit mode
Compliance mode

• More than 150 built-in standards

• Automatic determination of compliance with

applicable standards

• Support of high-level standards and requirements of regulators:

• Banking information security standard
• PCI DSS
• ISO 27001/27002

• Monitoring implementation of internal

corporate rules
Compliance mode
Compliance mode
Change control

Differential reports. Notifications about changes in the infrastrucrure

Password
1
change

Modification of
2
access control lists

Changes in
3
checksums of
files
MaxPatrol – Dynamic Scheduling

Dynamic Scheduling

• If a scanning must be performed on 2nd of

each month

• Available time slot

- Mon ~ Fri
00:00 ~ 02:00 (Scanning)
02:00 ~ 04:00 (No scan) – System backup
05:00 ~ 06:00 (Scanning)
06:00 ~ 12:00 (No scan) – Office hour
12:00 ~ 13:00 (Scanning)
13:00 ~ 19:00 (No scan) – Office hour
19:00 ~ 24:00 (Scanning)

- Sat ~ Sun
00:00 ~ 02:00 (Scanning)
02:00 ~ 04:00 (No scan) – System backup
05:00 ~ 24:00 (Scanning)

• You can specify date and time to scan

• If the scanning is not finished in the specified time,
then MP pauses the scan and resumes at next
allowable time

→ Minimize System Impact

Integrated opportunity

• Asset management

• Help-desk systems

• Risk management

• Patch management

• SIM/SIEM

• IDM
MaxPatrol 8 architecture

COMPONENTS

MP Server

MP Scanner

MP Consolidator

MP Console

MP Mobile Server

MP Local Update Server

Offline scanner

The offline scanner component is intended

for scanning hosts isolated from the local
network.

It allows performing a full scan of Windows

systems in the pentest, audit, compliance,
forensic modes.

The scanning offline module is supplied on a

special USB drive.
Built-in reports
Online portal
Online portal: detailed visualization
MaxPatrol 8 advantages

Automation of Regular assessment of

vulnerability detection KPI efficiency of IT and IS
and elimination departments

Information security Increasing the

standards for information system
information systems security level
and applications

Optimization of Reducing financial

protection tools usage costs
Thank You!

ptsecurity.com