Unifying security across multi-cloud / hybrid cloud environments

We live in a multi-cloud world, and the enterprise challenge is to deliver tight security across public, private and hybrid clouds as well as virtualized infrastructure. With public cloud services like AWS, Azure and GCP becoming popular choices for applications, sensitive data such as customer or subscriber information become highly attractive targets for malicious actors, and weaknesses in on-premises cloud or virtualization security leave companies more susceptible to attacks.

On premises, virtual environments have become the new norm for deploying servers, but the challenge of security visibility in this environment still exists. Deploying too many security tools in a virtual environment will consume too many resources, and sending every single packet out to external security tools will have I/O and CPU utilization issues. Because of these problems, organizations are constantly challenged with how to scale security across virtual infrastructures offered by VMWare, KVM and HyperV as well as Docker containers.

Stellar Cyber’s Interflow™  technology foundational to the Starlight platform solves these problems. By deploying software-based agents in cloud instances or using a single data collector off of the mirror port of a virtual switch on premises, packets are collected and converted to metadata in real time. The reduction of packets to metadata can result in a 100-to-1 savings of network bandwidth and improves performance by sending a reduced yet complete amount of data to a distributed, data processor, security analyzer and machine learning engine.

The result? Stellar Cyber’s Starlight platform detects and responds to attacks throughout your network in minutes, whether on premises or in the cloud. It uses advanced detection, analysis and response mechanisms to weed out false positives so security analysts can focus on real threats, allowing them to respond in minutes rather than hours or days.

Explore Starlight's Response Applications

Respond Capabilities

Starlight enables admins to respond to any incident immediately inside the platform.

It might be blocking the source or destination of the incident on the firewall until the investigation has concluded or taking a permanent action.

Starlight also integrates with other Security Orchestration, Automation and Response (SOAR) tools such as Demisto (Palo Alto Networks) and Phantom Cyber (Splunk) to trigger a response playbook.

Case Management

Starlight provides a built-in case management system to enable workflows and ensure nothing gets lost during an investigation.

Admins can create cases from events, escalate tickets to others, and close cases when results are determined. All changes to cases are recorded for audit purposes as well.

Starlight also offers built-in integration with top tier security research partners to escalate a case for outsourced investigation.

Firewall Controller

Starlight delivers patent pending technology that turns the platform into a firewall controller. Any piece of information that platform records can be used to trigger a firewall policy. Administrators simply write a query and instruction the module to take firewall action if the query returns results. An example of its use could be, an administrator wanting to block all traffic coming from North Korea that has a source IP address reputation of being a Brute-Forcer.

The firewalls that are currently supported are: Palo Alto Networks, Fortinet, Checkpoint, Cisco, Hillstone, Sophos and AWS.

Features:

  • Deployment in pubic cloud, on premises, VMWare, KVM, Hyper-V and container environments
  • Full visibility of user logins and activities
  • Full visibility of command executions and processes on your servers
  • Full visibility of services running on the servers
    • Deployment integration with virtual environment or container orchestration tools
    • Rapid detection of data exfiltration and other exploits from your servers