As one of the native capabilities of Stellar Cyber's intelligent security operations platform
Machine learning improves fidelity
- Leverage existing Firewall investments to collect network security, internet security and cloud security data without deploying dedicated sensors
- Apply Machine Learning to Firewall data in order to see any anomalies
- Detect potential Firewall policy mis-configurations, compromised and malicious users and their abnormal traffic to/from the Internet
- Firewall traffic logs are transformed into Interflow™ records through normalization and enrichment helping to deliver open extended detection and response (Open XDR).
- Fuse context with threat intelligence improving security analysis reveal additional detections such as Geo Fencing or communication with known malicious actors across security infrastructure
- Cost-effectively store firewall traffic logs for forensics and threat hunting
- Leverage closed-loop automated workflow to block attackers through Firewall APIs
Second set of cybersecurity eyes
- Dedicated Stellar Cyber security sensors deployed behind the Firewall detect what’s missed
- Deep packet inspection (DPI) engines integrated in these security sensors generates richer set of meta data
- Detect potential Firewall policy misconfigurations
- Integrated NTA and UBA detections also provide a rich workbench for comprehensive security analysis
- Detect DGA and DNS tunneling through machine learning and additional detection’s across the cyber kill chain, such as Ransomware
- Leverage closed-loop automated workflow to block attackers through Firewall APIs accross security infrastructure
Open XDR Security Platform
High-speed high-fidelity threat detection across the entire attack surface
“Stellar Cyber’s unification of security tools used at the Central Informatics Department of the University of Zurich into a single integrated platform will help us to take an important step forward… More >>
- Automated Firewall Detection and Response
Firewall Traffic Analysis (FTA) Application 3-minute overview — Stellar Cyber’s Open XDR Security Platform.
Firewalls are for Enforcement
Firewalls are the first line of defense in any network security framework. The primary purpose is to inspect network traffic in real time and determine whether to allow or block specific traffic based on a set of security rules defined by administrators. The traffic volume can be significant and legacy Firewalls have limited resources in terms of processing power and storage size. Thus the Firewall has limited intelligence itself and it is usually optimized only for policy enforcement. A comprehensive cybersecurity platform is needed to increase protection.
Firewall Traffic Analysis [FTA]
Stellar Cyber aggregates, parses and normalizes traffic log data from multiple Firewalls, which can be from different vendors such as Check Point, Palo Alto Networks, Fortinet, and Sophos. Interflow records create context for these logs by fusing together many other data sources like Threat Intelligence, geolocations, host or domain names, and user names. Both real-time and historical advanced security analysis of contextual data are performed through machine learning. Read More >>
Stellar Cyber is an open extended detection and response (Open XDR) SOC platform architected with container-based micro-services and a data lake for big data. It processes and stores large amount of Firewall logs turned Interflow records, and scales for more processing power and available storage capacity. As part of security analysis, perform Google like search on Interflow records for forensics and threat hunting. Respond to detected advanced threats by blocking attackers’ IP through API calls to Firewalls. These interactions can be done either manually or automatically.