Nearly each vendor, from electronic mail gateway corporations to builders of risk intelligence platforms, is positioning themselves as an XDR participant. However sadly, the noise round XDR makes it tougher for patrons to seek out options that is likely to be proper for them or, extra importantly, keep away from ones that do not meet their wants.
Stellar Cyber delivers an Open XDR resolution that permits organizations to make use of no matter safety instruments they want of their safety stack, feeding alerts and logs into Stellar Cyber. Stellar Cyber’s “Open” method means their platform can work with any product. Consequently, a safety staff could make modifications with out questioning if the Stellar Cyber Open XDR platform will nonetheless work.
Stellar Cyber deal with the wants of lean enterprise safety groups by offering capabilities sometimes present in NG-SIEM, NDR, and SOAR merchandise of their Open XDR platform, managed by a single license. This consolidation allows prospects to get rid of safety stack complexity.
Stellar Cyber providers prospects in all main industries, with prospects throughout Europe, Asia, Australia, Japan, South Korea, and Africa, offering safety for over 3 million property. As well as, Stellar Cyber claims after deployment, customers see as much as 20x quicker imply time to reply (MTTR), a daring declare.
Responding to an Incident from the House web page
When logging into Stellar Cyber, the preliminary display screen is the analyst dwelling display screen, displaying stats resembling high incidents and riskiest property. An fascinating piece on this display screen is what Stellar Cyber calls the Open XDR Kill Chain. Clicking on any phase of the kill chain, resembling “Preliminary Makes an attempt,” exhibits threats related to that portion of the assault chain.
For instance, the person can see these alerts with the stage “Preliminary Makes an attempt” set by Stellar Cyber routinely. The person can see extra details about the alert by clicking on “View” on any of the alerts. Then, scrolling down the display screen, the person can click on the “extra data” hyperlink to see extra details about the chosen alert.
Right here a person can learn in regards to the incident, evaluate the small print, and see the uncooked information behind this incident and the JSON, which is copiable to a clipboard if vital. As well as, by clicking the “Actions” button, the person can see different highly effective platform options.
The person can take response actions from this display screen, resembling “add a filter, set off an electronic mail, or take exterior motion. Clicking on exterior motion exhibits an extra picklist. The person can click on on Endpoint to see the motion choices from include host to shutdown host.
When clicking on an motion, like include host, a configuration dialog shows the place the person can choose the connector to make use of, the goal of the motion, and some other choices required to provoke the motion chosen. In abstract, safety analysts, particularly junior ones, will discover this workflow very helpful in that they’ll a) shortly evaluate particulars of an incident from the house display screen, b) see much more particulars by going additional into the information, and c) take a remediation motion from this display screen with out writing any scripts or code.
The enterprise will help onboard new analysts by having them work on this view to familiarize them with the platform, dealing with low-priority incidents so different analysts can work on the extra vital incidents.
Exploring Incidents
As an alternative of clicking on the Open XDR Kill Chain, if the person clicks “Incidents,” the display screen beneath is proven.
When the person clicks on the carrot within the blue circle, a filtering record allows a person to hone in on a particular sort of incident. The person can go on to the small print button to see what’s on this element view.
The person can see how this incident occurred and propagated throughout a number of property. Additional, the person can routinely see the information, processes, customers, and providers related to the incident. So, for instance, the person may change to the timeline view to get a readable historical past of this incident.
And click on the small “i” to get to the element display screen proven beforehand.
In abstract, analysts who’re used to working from an inventory of alerts could like to begin their investigations from the incidents web page. This view can also be helpful because it routinely exhibits all alerts related to this incident in a single view.
Risk Searching in Stellar Cyber
Customers can provoke a risk hunt from the display screen above. The stats on the display screen change dynamically by typing in a time period, resembling “login,” within the search dialog. Then, scrolling down the display screen, customers can see an inventory of alerts filtered based mostly on the search time period.
Customers can create a “correlation search” underneath the search dialog field.
Customers can load a saved question or add a brand new question. Clicking the add question, the person can see this question builder. This builder allows a search throughout the Stellar Cyber datastores for threats that went unnoticed. Right here the person may also entry the risk searching library.
Lastly, the person can create response actions that routinely execute if the question returns matches.
In abstract, Stellar Cyber provides a easy threat-hunting platform that does not require customers to construct their very own ELK stack or be an influence scripter. This characteristic is a straightforward method so as to add a threat-hunting factor to a safety staff with out hiring a senior risk hunter.
Conclusion
Stellar Cyber is a stable safety operations platform with many options that would assist a safety staff enhance productiveness. If available in the market for a brand new SecOps platform and open to adopting (in complete or half) a brand new method to safety, it’s price taking a look at what Stellar Cyber provides. To study extra about Stellar Cyber, attempt the 5-minute product tour.
