Supercharge Firewalls with intelligence through machine learning, built-in threat intelligence and integrated applications

Supercharge Firewalls

  • Leverage existing Firewall investments to collect security data without deploying dedicated sensors
  • Apply Machine Learning to Firewall data in order to see any anomalies
  • Detect potential Firewall policy mis-configurations, compromised and malicious users and their abnormal traffic to/from the Internet
  • Firewall traffic logs are transformed into Interflow™ records through normalization and enrichment.
  • Fuse context with threat intelligence and reveal additional detection’s such as Geo Fencing or communication with known malicious actors
  • Cost-effectively store firewall traffic logs for forensics and threat hunting
  • Leverage closed-loop automated workflow to block attackers through Firewall APIs

Second set of eyes

  • Dedicated Stellar Cyber security sensors deployed behind the Firewall detect what’s missed
  • Deep packet inspection (DPI) engines integrated in these security sensors generates richer set of meta data
  • Detect potential Firewall policy misconfigurations
  • Integrated NTA and UBA detections also provide a rich workbench for security personnel
  • Detect DGA and DNS tunneling through machine learning and additional detection’s across the cyber kill chain, such as Ransomware
  • Leverage closed-loop automated workflow to block attackers through Firewall APIs

Firewalls are the first line of defense in any network security framework. The primary purpose is to inspect network traffic in real time and determine whether to allow or block specific traffic based on a set of security rules defined by administrators. The traffic volume can be significant and legacy Firewalls have limited resources in terms of processing power and storage size. Thus the Firewall has limited intelligence itself and it is usually optimized only for policy enforcement.

Starlight aggregates, parses and normalizes traffic log data from multiple Firewalls, which can be from different vendors such as Check Point, Palo Alto Networks, Fortinet, and Sophos. Interflow records create context for these logs by fusing together many other data sources like Threat Intelligence, Geolocations, host or domain names, and user names. Both real-time and historical advanced analysis of contextual data are performed through machine learning.

Starlight performs anomaly detection through machine learning including deep learning. Starlight can detect mis-configuration of Firewalls, which can be deadly. One reason that CapitalOne was hacked was because of Firewall misconfigurations. Starlight can expand Firewall rules into dimensions such as geo-location, reputation, hostnames, etc. besides IP address and user names.

Starlight is a software application architected with container-based micro-services and a data lake for big data. It processes and stores large amount of Firewall logs turned Interflow records, and scales for more processing power and available storage capacity. Security analysts can perform Google like search on Interflow records for forensics and threat hunting. Respond to detected advanced threats by blocking attackers’ IP through API calls to Firewalls. These interactions can be done either manually or automatically.