Firewall Traffic Analysis (FTA)

As one of the native capabilities of Stellar Cyber's
intelligent security operations platform

Network detection and response (NDR) has a long history, evolving out of network security and network traffic analysis (NTA). The historical definition of network security is to use a perimeter firewall and Intrusion Prevention System (IPS) to screen traffic coming into the network, but as IT technology and security technology have evolved due to modern attacks leveraging more complex approaches, the definition is much broader now.

As one of the native capabilities of Stellar Cyber's intelligent security operations platform

NDR detects suspicious events that other network security tools
are missing, improving MTTI over 8x

The Right Data With Accurate Cybersecurity Analysis

  • Collect the right network security L2-L7 metadata and files for > 4,000 network applications from packets
  • Collect traffic data including NGFW logs, and network devices NetFlow and IPFix
  • Normalize and enrich the data from many sources to build rich context for accurate security analysis
  • Build actionable, searchable and readable Interflow™ records stored in a single, efficient big data lake
  • Maintain high data availability through buffering, replication, redundancy, and years of configurable long term storage
  • Provide 360 degree visibility for both north/south and east/west traffic, traffic inside public cloud, and traffic between containers

The Right Data With Accurate Cybersecurity Analysis

  • Apply machine learning, both supervised and unsupervised, and deep learning to analyze Interflow™ records in real time
  • Advance signature-based detections with machine learning to improve fidelity.
  • Integrate advanced persistent threat (APT) and malware detection to provide a unified detection across the kill chain
  • Tightly integrate and correlate with EDR, CDR, Vulnerability scanning, IoC, etc. on a single Open XDR platform
  • Trigger automatic responses through direct NGFW, EDR and Active Directory integration, through SOAR integration or through incumbent SIEM systems
  • Threat hunting via flexible global text search – manually or through automation

Automated Firewall Detection and Response

Firewall Traffic Analysis (FTA) Application 3-minute overview
Stellar Cyber’s Open XDR Security Platform.

Automated Firewall Detection and Response

Firewall Traffic Analysis (FTA) Application 3-minute overview — Stellar Cyber’s Open XDR Security Platform.

Network Detection And Response (NDR)

NDR detects suspicious events that other network security tools are missing

MSSP Case Studies

Read why MSSPs from around the Globe
choose Stellar Cyber’s Open XDR

 

What People Are Saying

Key Features

Network detection and response

Data Beyond Raw
Packets

Network Detection and Response (NDR, or NTA) addresses the labor/false alert data security analysis challenge by enabling IT security staff to weed out low- or no-value data in network packets, to better qualify and funnel alarms with threat intelligence and advanced security analytics, and to reduce data storage. Read More >>
Stellar Cyber’s NDR application helps get the data right and helps drive extended detection and response (XDR) thinking. Collect, analyze and store metadata from network traffic at scale by dramatically reducing the data volume while providing ample evidence for advanced detection and forensic analysis. The integrated and advanced deep-packet inspection (DPI) engine can identify 4,000+ network applications, extract network security metadata from these applications, and reassemble files. The right amount of metadata, including DNS domain names, URLs, SQL queries, etc. are extracted. Stellar Cyber’s NDR can also take network security information from existing devices like logs from NGFW as well as NetFlow or IPFix. Stellar Cyber’s Interflow enriches the metadata with information from a variety of sources including DHCP/DNS traffic, logs for host names and domain names, identity provider (IDP) such as Active Directory, Office365 or Okta for usernames, Threat Intelligence, Geolocations, and vulnerability scan results. Pervasive visibility of lateral malware movement throughout the network is critical part of IT security. In addition to monitoring north/south traffic that crosses the enterprise perimeter, NDR monitors east/west communications and/or cloud-based applications through strategically-placed physical or virtual network sensors or agents/containers on servers << Show Less
SIEM alternatives

Detection at
Scale

Stellar Cyber NDR is a distributed cybersecurity system with a family of sensors and a centralized data processor and management system. It also encompasses a distributed detection system with multiple processing stages to improve system performance and scalability. Network security through NDR begins by performing necessary detections such IP/port scan, DNS tunneling, and flooding at the data collection stage. Read More >>

As an additional benefit of Stellar Cyber’s Open XDR platform, Internet security is enhanced by having an integrated intrusion detection system (IDS) application processes network traffic before machine learning to predictably produce high-fidelity alerts. Stellar Cyber’s NDR application delivers real-time detection and threat hunting/investigation through a data lake with searchable indexed big data. Stellar Cyber performs real-time and historic network security analysis by leveraging both supervised and unsupervised machine learning as well as deep learning for advanced detection without signatures. Each integrated detection is purpose- built with the right machine learning model for its use case, rather than one model for all detections. Stellar Cyber’s security researchers and data scientists constantly tune the models for more detections and improvement of existing detections.

Stellar Cyber’s user interface improves security analysis by enabling analysts’ to  tune the machine learning model as well, by labeling the event via thumbing up or thumbing down a specific ML-driven detection result. And all integrated applications, including both NDR and machine learning IDS and malware detection, are aligned to the cyber kill chain, driving up productivity and reducing training time. << Show Less

Automated SOC

Response at Your
Discretion

Stellar Cyber’s NDR application supports both automatic and manual responses. It can directly block attacks by dropping suspicious traffic on NGFW, disabling affected users on Active Directory, containing compromised endpoints via EDR, or any actions through Restful APIs or flexible scripts. Stellar Cyber’s NDR also supports integration with other SOARs like Phantom, Demisto, Swimlane and more.
Read More >>
With a built-in Data Streaming app, both data and security detections can be sent to incumbent SIEMs like Splunk. They can also be sent to any custom tools through Restful APIs or ticketing tools through email. Stellar Cyber has a built-in, very powerful reporting and alerting engine with both pre-canned reports for compliance and customizable reports tailored to individual requirements. Thinking proactively, Stellar Cyber has a powerful automated threat hunting application built-in with a large number of pre-built threat hunting libraries. For example, when a login such as SSH/RDP/FTP from an unexpected country and/or unexpected time window is detected, a firewall action response can be automatically triggered. << Show Less
User Behavior Analytics

Designed Around
AI

Sensors, collected data, threat intelligence and data storage technologies all support AI which drives detection and response outcomes.

Key Features

Network detection and response

Data Beyond Raw
Packets

Network Detection and Response (NDR, or NTA) addresses the labor/false alert data security analysis challenge by enabling IT security staff to weed out low- or no-value data in network packets, to better qualify and funnel alarms with threat intelligence and advanced security analytics, and to reduce data storage. Read More >>
Stellar Cyber’s NDR application helps get the data right and helps drive extended detection and response (XDR) thinking. Collect, analyze and store metadata from network traffic at scale by dramatically reducing the data volume while providing ample evidence for advanced detection and forensic analysis. The integrated and advanced deep-packet inspection (DPI) engine can identify 4,000+ network applications, extract network security metadata from these applications, and reassemble files. The right amount of metadata, including DNS domain names, URLs, SQL queries, etc. are extracted. Stellar Cyber’s NDR can also take network security information from existing devices like logs from NGFW as well as NetFlow or IPFix. Stellar Cyber’s Interflow enriches the metadata with information from a variety of sources including DHCP/DNS traffic, logs for host names and domain names, identity provider (IDP) such as Active Directory, Office365 or Okta for usernames, Threat Intelligence, Geolocations, and vulnerability scan results. Pervasive visibility of lateral malware movement throughout the network is critical part of IT security. In addition to monitoring north/south traffic that crosses the enterprise perimeter, NDR monitors east/west communications and/or cloud-based applications through strategically-placed physical or virtual network sensors or agents/containers on servers << Show Less
SIEM alternatives

Detection at
Scale

Stellar Cyber NDR is a distributed cybersecurity system with a family of sensors and a centralized data processor and management system. It also encompasses a distributed detection system with multiple processing stages to improve system performance and scalability. Network security through NDR begins by performing necessary detections such IP/port scan, DNS tunneling, and flooding at the data collection stage. Read More >>
As an additional benefit of Stellar Cyber’s Open XDR platform, Internet security is enhanced by having an integrated intrusion detection system (IDS) application processes network traffic before machine learning to predictably produce high-fidelity alerts. Stellar Cyber’s NDR application delivers real-time detection and threat hunting/investigation through a data lake with searchable indexed big data. Stellar Cyber performs real-time and historic network security analysis by leveraging both supervised and unsupervised machine learning as well as deep learning for advanced detection without signatures. Each integrated detection is purpose- built with the right machine learning model for its use case, rather than one model for all detections. Stellar Cyber’s security researchers and data scientists constantly tune the models for more detections and improvement of existing detections.
Stellar Cyber’s user interface improves security analysis by enabling analysts’ to  tune the machine learning model as well, by labeling the event via thumbing up or thumbing down a specific ML-driven detection result. And all integrated applications, including both NDR and machine learning IDS and malware detection, are aligned to the cyber kill chain, driving up productivity and reducing training time. << Show Less
Automated SOC

Response at Your
Discretion

Stellar Cyber’s NDR application supports both automatic and manual responses. It can directly block attacks by dropping suspicious traffic on NGFW, disabling affected users on Active Directory, containing compromised endpoints via EDR, or any actions through Restful APIs or flexible scripts. Stellar Cyber’s NDR also supports integration with other SOARs like Phantom, Demisto, Swimlane and more.
Read More >>
With a built-in Data Streaming app, both data and security detections can be sent to incumbent SIEMs like Splunk. They can also be sent to any custom tools through Restful APIs or ticketing tools through email. Stellar Cyber has a built-in, very powerful reporting and alerting engine with both pre-canned reports for compliance and customizable reports tailored to individual requirements. Thinking proactively, Stellar Cyber has a powerful automated threat hunting application built-in with a large number of pre-built threat hunting libraries. For example, when a login such as SSH/RDP/FTP from an unexpected country and/or unexpected time window is detected, a firewall action response can be automatically triggered. << Show Less
User Behavior Analytics

Designed Around
AI

Sensors, collected data, threat intelligence and data storage technologies all support AI which drives detection and response outcomes.