Indeed PAM Integration with MaxPatrol SIEM

ayshakhatunasha

Indeed and Positive Technologies are pleased to announce the successful completion of work on ensuring compatibility between Indeed PAM and MaxPatrol SIEM: MaxPatrol SIEM now supports virtual phone number service Indeed PAM as an event source.

The connector  for receiving via syslog and normalizing Indeed PAM events in MaxPatrol SIEM is published on the official Positive Technologies resource, available for download and use without any virtual phone number service additional payments. The connector was developed by Positive Technologies as part of an appeal for expert support for a new source.

A modern corporate information security system is a whole complex of security tools designed to ensure the highest level of practical cybersecurity. Therefore, maximum efficiency can only be achieved when all the products used reinforce each other and are perfectly integrated.

One of the key components of a modern security system is a solution for monitoring information security events and identifying incidents. This class of products is commonly called Security Information & Event Management (SIEM).

These solutions provide centralized collection, storage, and deep analysis of logs to identify anomalies, incidents, and cyberattacks.



Technological partnership and integration with domestic information security solutions is one of the key development vectors for us. We believe that only a systematic approach to market development and synergy in the work of domestic vendors will allow us to achieve the necessary level of information security for Russian companies.


Our companies intend to develop relations and are set for no less productive cooperation in the future. We continue to work on the integration of our products and ensuring their compatibility to effectively protect our customers.

Andrey Laptev, Head of Product Development at Indid.
SIEM products process logs generated by technical means, not just security tools. If you analyze only the latter, it is extremely difficult to identify the actions of modern cybercriminals. Without comparing results from different systems and finding correlations between them, it is almost impossible to detect a cyberattack.

Corporate IT systems are developing at a rapid pace, so the specialists who ensure the smooth operation of corporate business services play a much more important role today than before. Moreover, the volume of tasks in the IT sphere has grown so much over the past decade that even the largest holdings are forced to either involve outsourcing companies or allow system administrators to work remotely. And this makes it much easier for cybercriminals to penetrate the IT infrastructure of companies, for example, by compromising administrative accounts. Doing this in such conditions is very simple: you don’t even need to overcome complex security systems - it is enough to hack the contractor’s IT system or the personal workstation of a remote administrator. Therefore, one of the few ways to effectively neutralize the described threat is to implement a special solution for monitoring the actions of privileged users, that is, a Privileged Access Management (PAM) class product. Indeed PAM,

the company's solution, records in the event log the actions of PAM administrators and users, such as changing access policies, granting and revoking permissions to access target resources, changing PAM user roles, changing secrets of accounts stored in PAM, connections to target resources, etc.

MaxPatrol SIEM is a product of Positive Technologies, which is rightfully considered the leader among domestic SIEM systems. Unlike other SIEMs, MaxPatrol SIEM provides the ability to automatically monitor devices in the network, including detecting the emergence of new shadow segments. Built-in expertise allows you to start identifying incidents in the shortest possible time without additional investments in setting up and refining the system.


Benefits of integrating solutions:

Indeed PAM, unlike some other products in its class, transmits event logs and text logs via the Syslog protocol in real time - that is, during an active remote connection, and not after it is terminated. This allows the SIEM solution to extremely quickly identify incidents and anomalies related to the actions of privileged users in order to localize and respond to incidents as quickly as possible.

The joint use of Indeed PAM and MaxPatrol SIEM products, in particular, helps to minimize the consequences of cyber attacks targeting personal data bases. As we wrote earlier in the article, such attacks* have been occurring quite frequently in Russia lately.

Both products are included in the register of Russian software, which allows organizations to effectively use domestic solutions to protect against modern attacks in accordance with the requirements of regulatory authorities.