MaxPatrol

MaxPatrol has the power of the XSpider vulnerability scanner at its core. The monitoring mechanisms present in XSpider have been enhanced and extended with database security and system verification modules. Information on the state of network security and possible threats is always up-to-the-minute, thanks to the combination in a single product of network and system scanners with database and web app verification mechanisms.

The high-performance network scanner in MaxPatrol quickly and effectively detects network nodes and open ports, and identifies operating systems and server applications. Because of the system's distributed architecture, the scanner module can be located close to scan objects for maximum bandwidth efficiency.

Heuristic analysis pinpoints vulnerabilities in network services and apps. MaxPatrol requires a minimum of privileges for penetration testing, replicating the conditions that a real-life hacker would have to face when attempting to access the network. Expertly designed smart algorithms and vulnerability detection mechanisms, which have been proven in independent testing, carefully recreate the likely actions of actual attackers. This identifies errors in system configuration and allows detecting new, currently unknown vulnerabilities in network applications.

With remote access, the scanning module can perform a deep scan of device vulnerabilities at the OS and application level. This method is a resource-efficient way of getting a comprehensive security overview and analyzing settings that cannot otherwise be tested by pentesting.

The knowledge base includes system verification checks for common Windows, Linux, and Unix operating systems. Verification checks also cover network devices such as routers, switches, and firewalls (including Cisco IOS, Cisco PIX, and Cisco ASA).

Unlike traditional system scanners, MaxPatrol does not require deploying software modules on network devices. This simplifies protection and reduces the total cost of ownership. All verification checks are performed remotely via built-in remote administration mechanisms. When multiple protocols are supported by a device (such as Telnet and SSH), MaxPatrol selects the most secure method to ensure that sensitive data is protected at all times.

Assessing Protection Level

• Proactive protection of corporate resources with automatic infosec monitoring
• Automated verification of compliance with industry and international standards
• Evaluation of IT and infosec effectiveness via extensible set of security metrics and KPIs
• Reduced costs for audits, protection level evaluation, and preparation of IT/infosec projects
• Automated inventory, vulnerability management, verification of security policy compliance, and change monitoring
• 360º analysis of complex systems, including Cisco equipment; Windows, Linux, and Unix systems; Microsoft SQL and Oracle databases; network applications, and in-house web services
• Built-in support for key standards: SOX, PCI DSS, NSA, NIST, CIS
• Maximum process automation: lower labor costs and faster reaction to protection changes
• Knowledge base maintained by professional, industry-recognized consultants

Deployment Scenarios

MaxPatrol is designed to perform optimally in diverse situations. Below are a few possible deployment scenarios:

Increasing Maturity

At a certain stage, the existing level of the infosec management system at an organization no longer meets the business requirements. The information system can be upgraded on an evolutionary path or in accordance with a pre-defined plan. But in either case, advancing to the next level of maturity requires serious preparation. One such transition is implementation of international and industry standards.

Most IT and infosec standards are based on a set of problem areas or protection mechanisms that affect both business processes and the technical aspects of the infrastructure that will need to be upgraded.

Viewing this task in terms of the Deming cycle (Plan-Do-Check-Act), organizations must:

• Determine the requirements for the new information infrastructure
• Examine the current situation and compare it to the requirements
• Develop measures to improve compliance
• Correct non-compliance

MaxPatrol is a natural fit at each of these stages. The extensive knowledge base of standards and vulnerabilities helps to articulate IT requirements in actionable language at the level of systems and applications. Clients can take advantage of the knowledge base as well as develop their own requirements for IT systems and infosec monitoring processes.

Compliance lists can be customized, which transforms the maturity improvement process into a manageable series of stages in which teams can more easily concentrate on key tasks. Detailed descriptions of issues and resolution recommendations accelerate the process of fixing non-compliance. Retrospective reports and key performance indicators (KPIs) play a vital role in assessing progress in the infosec management journey.

By using MaxPatrol, companies gain across the board:

• By formulating information infrastructure requirements
• By formalizing and automating system audit processes
• By rapidly implementing technical standards
• By using objective quantitative metrics (KPIs) to assess project progress

Mergers and Acquisitions

Mergers and acquisitions often lead to an unintentional weakening in the information security stance. Integrating IT systems at different levels, based on different approaches and infrastructures, is never a pain-free process. Infosec and IT teams are often tasked with "dragging up" an outside system to an acceptable level of security with maximum speed. Whether fully overhauling the infrastructure, or merely bridging the systems without significant changes, there are a lot of choices to make. And when doing so, identifying the main pain points, evaluating readiness, and tracking project progress are key.

Pentesting and auditing mechanisms in MaxPatrol give a timely view of the state of IT and infosec at the company—and even better, identify the most vulnerable devices and systems. Information about system resources can be automatically collected and updated, providing support for all of the company's other projects. Compliance monitoring gives an easy-to-understand overview of how the current situation is compliant or non-compliant with configuration and protection requirements. With change monitoring and analysis, management always has its finger on the pulse of project progress.

How MaxPatrol strengthens the merger/acquisition process:

• Maintain up-to-date information on system assets
• Conduct technical audits
• Get technical and administration information
• Implement IT/infosec standards rapidly
• Use objective quantitative metrics (KPIs) to assess project progress

An Evolutionary Approach to Reaching the Next Level

Many companies have reached a high level of maturity in their IT and infosec management systems. More and more companies are attaining and maintaining compliance with strict industry standards.

Process improvement is vital for any management system. IT and information security are no exception. The first step to improvement is having accurate and up-to-date information on the current state of information infrastructure.

MaxPatrol enables automating many routine inventory, audit, compliance verification, and change monitoring tasks. Automation of regular processes reduces the expenses associated with ongoing operations. Better still, these processes can now be performed much more often, which means that the information needed for system management is more up-to-date. Automation can be dozens or even hundreds of times more efficient compared to performing these tasks manually.

MaxPatrol analytics help to set performance metrics for information security. Watch issue counts fall over time thanks to use of accurate, bias-free data on vulnerabilities and compliance issues.

MaxPatrol gives clients:

• Formalized, automated system audit processes
• Significant time savings and more efficient monitoring/change management processes
• Clear-cut reproducible results, instead of subjective personal judgments
• Objective key performance indicators (KPIs) for gauging system effectiveness

MaxPatrol Architecture: Security

Data Protection

Encryption is used for transmitting and storing important information, such as usernames and access privileges, in order to protect confidentiality and data integrity. Certified implementations of cryptographic algorithms are available to choose from.

Traffic is protected with digital certificates and industry-standard SSL/TLS for high compatibility and robust protection. Integration with existing public-key infrastructure (PKI) is supported.

Access Control

Monitor information security at various levels of the system hierarchy, including the administrator level, IT/infosec manager level, and IT Director level. Each system user can be assigned a list of allowed tasks and permissions for specific objects. This could mean that a web server administrator is delegated rights to change the scanning profile, run protection scans of certain servers, and view the results, while being forbidden to change the scope of scanning. Meanwhile, a web app developer would be allowed only to view scan results.

Permissions can be assigned at the MaxPatrol Server or MaxPatrol Consolidator level. This granular approach allows adapting access controls to the needs of any corporate structure.