MaxPatrol VM 2.0: automated standards compliance management and high-speed delivery of trending vulnerability data within 12 hours

The new version of MaxPatrol VM (2.0) has received a host compliance control (НСС) module for automated scanning of network hosts for compliance with security standard. The system provides the full cycle of vulnerability management (VM) and receives information about new trending vulnerabilities within 12 hours.

A key feature of the new MaxPatrol VM is the HCC. The newly added module will help companies to harden their infrastructures through automated compliance management. If a host ceases to be compliant, the HCC will help to determine the time when this happened and the causes, and provide recommendations on fixing the problem.

"HCC verdicts, combined with MaxPatrol VM’s asset management technology, help to instantly receive data on the level of IT infrastructure compliance with cybersecurity standards. That information can be monitored in real time, with no repeat scans of the infrastructure required. Compare this with previous-generation systems, vulnerability scanners, which took several hours to several days to do this. We also added advanced options for prioritizing infrastructure requirements," comments Yury Shkodin, vice director of the Positive Technologies Expert Security Center (PT ESC).

The HCC module scans the IT infrastructure for compliance with cybersecurity standards while considering PT Essentials requirements, for example, for Linux systems, such as the Russian operating systems ALT Linux, Astra Linux, and RED OS, Cisco network devices, Windows Desktop and Windows Server, Docker, VMware, and Oracle databases. The PT Essentials standards were developed by Positive Technologies experts with result-oriented cybersecurity in mind.

MaxPatrol VM 2.0 considers FSTEC recommendations on vulnerabilities prioritization as appropriate to the threat level: base and temporal metrics, and impact on information systems functioning.

A key advantage of MaxPatrol VM is fast delivery of information about trending vulnerabilities. "We estimate the average time that it takes a malicious actor to create an exploit1 for a trending vulnerability at 24 hours. Once an exploit is ready, the trending vulnerability reduces the time to compromise a company to an average of 45 minutes. It is critical to act before the attacker does, so our job is to deliver information about these flaws to the system within 12 hours. Along with the expertise, the users receive recommendations on remediating the vulnerability," says Anna Tsybina, MaxPatrol VM growth and promotion manager at Positive Technologies.

MaxPatrol VM 2.0 comes with around 80 most frequently used PDQL queries2 available out of the box. This will simplify operators’ jobs and save their time by sparing them the need to write the expressions.

  1. An exploit is an application, piece of code, or series of instructions that take advantage of vulnerabilities in software and are used for attacks on the system.
  2. The Positive Data Query Language (PDQL) is a language developed by Positive Technologies for writing knowledge base queries when processing events, incidents, dynamically updated groups of assets, and tabular lists.