Tag Archives: Maxpatrol

MaxPatrol 8 installation process

Today I have a great opportunity to write about MaxPatrol 8. For me it is a very nostalgic experience. I worked for many year in Positive Technologies developing this product. And now I can write about it from the customer side.

MaxPatrol is still not very well known outside Russia and CIS, although this product available in English, and has even a Korean localization. So, why not to introduce this product to the readers of my blog? The other reason to write this post is a pretty common opinion, that MaxPatrol is very hard to install and use, and it is the main disadvantage of the product. In fact it is not true.

MaxPatrol 8 loading screen

MaxPatrol is not perfect like any other product. But it’s no more complex than any other enterprise level Vulnerability Management product. It’s my considered opinion after working with a number of other vulnerability and compliance assessment products. GUI may look unfamiliar from the first look, but you can quickly get used to it.

As for the functional capabilities, in some cases it is even difficult to compete with MaxPatrol. Here are the most interesting features:

  1. Advanced White Box assessment:
    • Extended OS inventory
    • Software license control
    • User control
    • Password recovery (hash brute-force)
    • Security checks for running services
  2. Advanced Compliance scanning capabilities
  3. Special assessment modules:
    • SAP ERP
    • SCADA
    • Core telecom networks
  4. Forensic mode – security incidents detection based on event logs analysis

The first blog post will be about MaxPatrol installation.

Continue reading

Gartner’s view on Vulnerability Management market

Not so long time ago Gartner’s report “Vulnerability Management an essential piece of the security puzzle” has become publicly available. Now you can read it for free by filling out a questionnaire on F-Secure website.

Gartner VM Market Guide

At the bottom of the document there is a reference to Gartner G00294756 from 05 December 2016. This document is quite fresh, especially for not very dynamic VM market ;-), and pretty expensive. Thanks for F-secure, we can read it now for free. If you are wondering why this anti-virus company is sponsoring Gartner VM reports: year ago they have bought Finnish VM vendor nScence, and I even did a small review of this product (F-Secure Radar Vulnerability Management solution, F-Secure Radar basic reporting, F-Secure Radar ticketing, F-Secure API for scanning).

Talking about the document, I would like, firstly, to thank Gartner. Do you know who writes most articles about VM? Of course, VM vendors. And we all understand that their main goal is to promote their own products. Reports of independent consulting firms, primarily IDC, Forrester and Gartner, allow us to get some balanced view from the side. It is very important.

Here I would like to comment some theses of the text.

Continue reading

QSC16: from Vulnerability Management to IT Visibility

I want to share my impressions of QSC16 conference, where recently I had pleasure to attend. This yearly conference is held in Munich for ten years already. I was there before only one time, in 2012. It made a great impression and this year was no worse.

My photo QSC16

First of all, I should write some words about the conference itself. QSC is an acronym for Qualys Security Conference. It is clear from the name that it is fully dedicated to Qualys products.

Who might be interested in such event?

Mainly, of course, current and potential users of Qualys products, partners, competitors (from own experience, they are not welcomed there ;-)) and, I think it is the smallest group, analysts of Vulnerability Management market and Vulnerability Assessment geeks, like me. For people, who are sincerely interested in VM market changes, road show of the global VM vendor with the biggest market share (is it right, Gartner?) is a precious information source. Here you can learn about real experiences in the use of Qualys products and hear about the company’s future plans.

BTW, if you are one of those, and we do not know each other, we should definitely have a talk. 😉

QSC Agenda

Why is this event important? Despite existing skepticism about mono-vendor conferences and roadshows, QSC is one of the few events in Europe dedicated to the VM, in the broad sense of the term, almost exclusively. All discussions are, of course, in the context of Qualys solutions and you won’t hear any real critics of the vendor, however questions raised there are relevant for the entire VM market.

Continue reading

PHDays VI: The Standoff

A week ago I was at PHDays (Positive Hack Days) 2016 conference. For those who don’t know, there are two main events for security practitioners in Russia: PHDays in May and ZeroNights in November. Day-Night. Like this play on words. =)

phdays_logo

So, it was my 6th PHDays. I visited them all. But on this one for a first time I was as an ordinary visitor and not from organizers side. To be honest, I have never participated in organizing of PHDays, and just seen the final result. So, nothing changed much for me. As usual, organization was at very high level. And it’s not just my opinion, but the opinion of many participants.

Sad things first. And they are likely sad only for me. You know my passion to vulnerability assessment/management systems and scanners. So, despite the fact that Positive Technologies are the organizers of this event and Maxpatrol is still their’s flagman product, it was hard to hear anything related to vulnerability assessment/risk assessment/threat intelligence on PHDays. Isn’t it strange? Could you imagine this at Qualys QSC or Tenable event? Nothing much about critical controls and IT compliance in general.

It’s clear that vulnerability assessment is not already in trends in Russia. All are crazy about SIEM and slightly less about Anti-APT and SCADA security. Sad, but true.

Anyway, I have seen many interesting presentations about honeypots, computer forensics, machine learning and security startups. I also visited a SIEM roundtable with representatives of Positive Technologies, First Russian SIEM (RuSIEM), ArcSight, IBM Qradar, Splunk, and Cisco Systems. More details under the cut.

Continue reading

Hello!

My photo

Thanks for visiting my website. Glad to see you here. My name is Alexander and I’m an Information Security Automation specialist. For 6 years I have actively participated in development of MaxPatrol and XSpider – the best known Vulnerability and Compliance Management products in Russia and CIS. Nowadays I am working at the biggest Internet/Mobile Company in Russia. I am responsible for precise automated vulnerability assessment of a huge and diverse IT-infrastructure and vulnerability intelligence.

Enthusiast for NIST/MITRE/CIS and OWASP open security standards and initiatives.

Also the head of OpenVAS Russia project.

OpenVAS Russia banner

Feel free to follow me or add me to your friend list at facebook, twitter, linkedin. Sometimes I publish videos on my youtube channel.

My email: me@avleonov.com