Stellar Cyber’s History & Innovations

Stellar Cyber was founded in 2015 by Aimei Wei (Senior VP of Engineering) on a mission to transform security operations

Aimei has worked in cybersecurity for many years with companies like Cisco and Nortel. Through this experience, she knew there was a cybersecurity information overload problem happening in every medium-to-large company’s IT department.

Aimei first invented a family of cybersecurity sensors suited for a variety of customer environments. Unlike most other cybersecurity sensors, these sensors index security metadata at ingestion, ensuring from the beginning that there is a means to normalize and make correlations. Deep-packet-inspection (DPI) at ingestion ensures that only needed metadata is kept, which greatly reduces storage costs. Today, Stellar Cyber’s Collection Engines deliver visibility across cloud, SaaS, applications, users, endpoints and network.

Stellar Cyber's Innovations

Stellar Cyber’s History & Innovations
network traffic analysis

The solution had to be deployable anywhere, so the team designed a cloud native platform with a passion to deliver a user-friendly interactive dashboard. With a dashboard that follows the Lockheed Martin kill chain and aligns with NIST’s and MITRE’s frameworks, cybersecurity analysts can intuitively work as they move from collecting the right data, detecting events, investigating those incidents and then responding to high-risk events.

Rather than building separate tools for separate types of cybersecurity attacks or targets, the Stellar Cyber team created a single-license Open XDR platform that includes tightly integrated natively supported capabilities. Just as customers expect smartphones to integrate dozens of apps under one interface, they expect applications that function together in the workplace under a single dashboard that helps them work more efficiently—breaking through the siloed tools they worked with in the past.

To drive SIEM and SOC performance, Stellar Cyber’s Open XDR system leverages both unsupervised and supervised machine learning, including deep learning for many advanced analytics such as network traffic security (NTA), user and entity behavior analysis (UEBA) and endpoint analysis (EBA). Different machine learning models are used to address different use cases.

Today, our three teams (security research, data science and machine learning) work closely together to solve each use case. For example, deep learning is used for DNS-related cybersecurity detections such as DGA and DNS tunneling. Time Series Analysis is used for many NTA anomaly detections. Graph ML is used for many UBA detections such as impossible user travel. Our machine learning is explainable with evidence.

To date, the Stellar Cyber platform is the only Open XDR security operations platform. We believe that tightly integrated native capabilities, the ability to process data inputs from all existing security tools, and AI-driven responses to correlate detections are the future of cybersecurity and network security.