MaxPatrol SIEM now processes up to 60,000 EPS

Positive Technologies has released version 6.2 of MaxPatrol SIEM. Having the increased data processing speed (up to 60,000 EPS 1), it allows carrying out investigations more quickly for all installations and distributing the stages of event collection and their subsequent processing between several MaxPatrol SIEM systems.

The features of the new version of MaxPatrol SIEM will be especially useful for organizations with large geographically distributed infrastructures.

Alexey Andreev, Managing Director, Positive Technologies, says:

"MaxPatrol SIEM detects information security incidents in the largest Russian companies. Such organizations have a need to ensure cybersecurity not only in the head office, but also in their branches. To help companies to cover their entire hierarchical infrastructures, we are systematically increasing the performance of MaxPatrol SIEM. Within one year, we've managed to speed up processing by 50%."

To increase the performance of the event storage and reduce hardware costs, users of MaxPatrol SIEM 6.2 can switch to a hybrid data storage scheme. In this case, the latest daily indices will be written to high-speed SSDs and, over time, will be gradually overwritten to more affordable hard disk drives, thus increasing the speed of event processing while simultaneously executing search queries.

In version 6.2, MaxPatrol SIEM users can quickly detect signs of attacks on the infrastructure of the entire enterprise. To do this, the head office operator has access to a distributed event search, which allows filtering the events at all subordinate units at once and see the overall picture of the information security. Previously, users could only search for events within individual installations. Now events at all units are available for grouping, aggregation, displaying on widgets, and issuing reports on them.

Setting up a distributed event search in an infrastructure with two subordinate branches

In organizations with a complex branched structure, it may be necessary to distribute the stages of event collection and subsequent event processing between several MaxPatrol SIEM systems, for example, to process events using different sets of normalization rules or ensure optimal load distribution between the servers. Starting with version 6.2, users can use several MaxPatrol SIEM systems to process the same event stream: one system will carry out centralized event collection, and others, subsequent event processing.

Starting with the previous version, MaxPatrol SIEM supports installation on Debian 10, and, starting with version 6.2 (24.1), Debian 9 is no longer supported.

To try out the new version of MaxPatrol SIEM, you can order a free pilot. To upgrade to MaxPatrol SIEM 6.2, contact Positive Technologies partners or technical support.

  1. Events per second