Pharmacy Chain Melodiya Zdorovya Strengthens Its Cyber Perimeter
The federal pharmacy chain Melodiya Zdorovya has deployed the MaxPatrol SIEM security monitoring system from Positive Technologies. The move creates a unified layer for detecting and managing cyber events across the company’s operations. The network includes more than 1,400 pharmacies, spanning from Moscow to the Far East.
Following deployment, MaxPatrol SIEM processes events from 300 assets, including servers, workstations, network equipment, remote access tools, and security systems. The company plans to extend coverage to its entire IT infrastructure.
This reflects a broader increase in digital maturity. Cybersecurity is becoming a core component of operational resilience. As attacks on domestic organizations and the healthcare sector continue to rise, this approach helps reduce the risk of disruptions, data leaks, and service outages. For customers, that translates into more stable pharmacy operations and stronger data protection.
The initiative also strengthens the position of domestic cybersecurity solutions in the market. Russian SIEM platforms are now used not only in the public sector but also in commercial retail. This aligns with a broader shift toward import substitution and the development of a national cybersecurity ecosystem.
A Reference Case for SIEM Adoption
The project represents a step toward establishing an industry standard. The use of SIEM in socially significant retail environments is becoming more common. The next phase includes connecting the full infrastructure, expanding custom correlation rules, and integrating the system with other security tools. Melodiya Zdorovya plans to adapt expert content to its internal processes and build in-house expertise.
The case also highlights the growing capabilities of MaxPatrol SIEM. The 2025 versions improved performance by 20%, reduced CPU load, and expanded the number of correlation rules from 483 to 1,687. This opens the door for large-scale deployments in major networked organizations, from retail and logistics to finance and industrial sectors.
The project may also support the expansion of Russian cybersecurity solutions into CIS markets. Positive Technologies is already in discussions in Belarus, Armenia, and Azerbaijan, and its certification by FSTEC enables use in government and high-security corporate systems. This increases its appeal to enterprise customers.
Centralized Threat Visibility
In 2024, Irkutskaya neftyanaya kompaniya deployed MaxPatrol SIEM to monitor around 1,700 nodes and meet requirements under Federal Law No. 187-FZ, with plans to extend coverage to industrial control system segments. This shows how Russian SIEM platforms are moving beyond traditional office IT environments. That same year, the IT Center of the Republic of Buryatia deployed MaxPatrol SIEM, PT NAD, and MaxPatrol VM to secure e-government systems. During the presidential election period, these systems helped mitigate more than 200 attack attempts, forming the basis of a regional monitoring center built on domestic technologies.
In 2025, MTS Bank selected MaxPatrol SIEM after pilot testing three domestic SIEM platforms. The effectiveness of its security operations center increased threefold. The platform is used to monitor mobile applications, web services, and corporate infrastructure, reflecting the demands of the financial sector for speed and accuracy in threat detection. That same year, Magnit deployed MaxPatrol SIEM for continuous monitoring of cybersecurity events and attack detection as part of a broader security architecture. Large retail operators are moving toward centralized, continuous threat monitoring.
Against this backdrop, the case fits into a wider trend. Since 2022, Russian organizations have accelerated the transition to local SIEM solutions. According to TAdviser and Positive Technologies, the main drivers behind replacing foreign systems include regulatory requirements (84%), risks tied to the lack of updates from vendors that exited the market (80%), and the rise in cyber incidents (65%).
Rising Investment in Incident Response
The deployment by Melodiya Zdorovya reflects a shift from discussion to implementation. The market is moving beyond debates over import substitution toward the practical use of domestic cybersecurity solutions in widely used and socially sensitive infrastructure.
Over the next two years, similar projects are expected to increase. The share of Russian SIEM systems is growing, while cyber threats continue to intensify. Positive Technologies estimates that by 2026, the number of successful attacks on Russian companies could increase by 30 to 35% compared with 2025. This is driving investment in monitoring and incident response across retail, finance, logistics, healthcare, and the public sector. Pharmacy retail is becoming part of a broader shift toward securing critical social infrastructure.
The solution can also serve as a reference for expansion into CIS markets, particularly when supported by measurable deployment outcomes. For international customers, key factors will include asset coverage, response time, reduction of false positives, system resilience under load, and integration with other cybersecurity tools.
