Stellar Cyber’s History & Innovations

Stellar Cyber was founded in 2015 by Aimei Wei (Senior VP of Engineering) to transform security operations

Aimei has been working in cybersecurity for many years with companies like Cisco and Nortel. Through this experience, she knew there was a cybersecurity information overload problem happening in every medium-to-large company’s IT department.

Aimei first invented a family of cybersecurity sensors suited for a variety of customer environments. Unlike most other cybersecurity sensors, these sensors index security metadata at ingestion, ensuring from the beginning that there is a means to normalize and make correlations. Deep-packet-inspection (DPI) at ingestion ensures that only needed metadata is kept, which greatly reduces storage costs. Today, Stellar Cyber’s Collection Engines deliver visibility across cloud, SaaS, applications, users, endpoints and network.

Stellar Cyber's Innovations

Stellar Cyber’s History & Innovations
network traffic analysis

The solution had to be deployable anywhere, so they realized they needed a
microservices-based platform that was container-ready, and they built a user-friendly GUI.

With a GUI that follows the Lockheed Martin kill chain and aligns with NIST’s and MITRE’s frameworks, cybersecurity analysts can intuitively work as they move from collecting the right data, detecting events, investigating those incidents and then responding to high-risk events. The solution can be deployed on-premises or in the cloud.

Rather than building separate tools for separate types of cybersecurity attacks or targets, the Stellar Cyber team created a single-license Open XDR platform that includes tightly integrated natively supported capabilities. Just as customers expect smartphones to integrate dozens of apps under one interface, they expect applications that function together in the workplace under a GUI that helps them work more efficiently—breaking through the siloed tools they worked with in the past.

To drive SOC performance, Stellar Cyber’s Open XDR system leverages both unsupervised and supervised machine learning, including deep learning for many advanced analytics such as network traffic security (NTA), user and entity behavior analysis (UEBA) and endpoint analysis (EBA). Different machine learning models are used to address different use cases.

Our three teams (security research, data science and machine learning) work closely together to solve each use case. For example, deep learning is used for DNS-related cybersecurity detections such as DGA and DNS tunneling. Time Series Analysis is used for many NTA anomaly detections. Graph ML is used for many UBA detections such as impossible user travel. Our machine learning is explainable with evidence.

In addition, we recognize that each environment is different; it is important to allow the end user to label their data. For example, the end user may know which server is doing vulnerability scanning and they should be able to label it. We also have adaptive learning to allow the end user to have input to our machine learning model to improve the detection fidelity.

To date, the Stellar Cyber platform is the only Open XDR security operations platform. We believe that tightly integrated native capabilities and AI-driven responses to correlate detections are the future of cybersecurity and network security.


The Three Phases of Cyber Security

network traffic analysis for cybersecurity