From Dev, to Q/A and Production: Stellar Cyber's Container Sensor ensures visibility throughout the CI / CD pipeline
Bridge Containers, VMs & Baremetal
- Comprehensive security data covering network, VM/container, application, command, process, file and user metadata
- Easy deployment & integration with Kubernetes and OpenShift
- CentOS, Ubuntu, Red Hat and Docker compatible
Multi-Cloud, Hybrid Cloud
- Detection and response across the entire cybersecurity kill chain anywhere data and applications reside
- Centralized management of on premises, public cloud and service provider workloads
- Multi-tier, role-based access for administrators and tenant users, giving the SOC team visibility and control of development environments
Containers are on the rise as Cloud Native and Digital Transformation initiatives take off. Not all existing security infrastructure can help you secure them. Whether you are using containers on premises or in public cloud environments, Stellar Cyber can help.
IT organizations can deploy Stellar Cyber’s Container Sensor as a privileged Docker container that can monitor network traffic flows to, from and between containers as well as identify over 4,000+ network applications that may be in use by containers. Beyond monitoring traffic, Stellar Cyber’s Interflow™ technology is integral to how the container solution can monitor the commands executed, processes launched and the files that are touched on the host serving the containers as well as within the container itself.
In addition to monitoring, the solution also detects breach attempts in real time. Rapid deployment is also a key feature and container monitoring can be centrally managed and pushed out to over 100,000 containers with the click of a button.
Starlight’s dashboard provides an overview of the entire cybersecurity kill chain and is based on a defense-in depth security design.
From reconnaissance to exfiltration, suspicious communications to internal and external actors, Starlight gives real time visibility of threat progression as it happens.
Starlight studies each data point to remove the noise and show only high fidelity, scored attacks and anomalies. Admins do not need to deal with thousands of noisy alerts but only a handful, relevant events on their dashboard.
Starlight’s panoramic view provides high fidelity attack and anomaly visibility of compromised or targeted assets and external bad actors, and correlates data across the cybersecurity kill chain.
Admins can easily trace the attacks that have taken place on an asset and identify which bad actors have contributed to the compromise. Starlight also gives admins the ability to locate where bad actors are coming from. With the single click of a button an admin can drill down to see the details of security events and determine the reason of behind an event.
Starlight is the most open and easy to understand, so use, security analytics platform in the world with huge difference…
Advanced Threat Detection
Starlight’s Advanced Threat Detection view provides full picture of attacks and anomalies within a selected time period and categorizes them across the cybersecurity kill chain. As an example, an admin can quickly identify how many login failures have occurred on an assets in comparison to how many of them are anomalous login failures (less than 1%) and critical (even less). This is useful because all login failures are not necessarily malicious. In this screen shot here, you will notice over 35 thousands login failures captured but only 29 of them are anomalous and only 2 of them are critical. By combining this hyper-precision and prioritization with open, contextual data, Starlight enables admins to make the right decision at the right time with peace of mind.
Starlight’s defense-in depth design enables admins to catch malware downloads and allows them to see which machines have downloaded known and zero day malware.
From this view admin can quickly identify where the malicious activity is coming from through geo-location awareness, along with visibility into other relevant information like the MD5 hash of a file, its name and reputation. Lateral movement can also be spotted quickly to see the propagation of malware within the environment.
Starlight provides separate views for communications that are anomalies within the environment breaks the views down into relevant detection categories.
It includes a view where admins can find high fidelity firewall alerts thanks to its industry first and only ML-Firewall (TM) component. Stellar Cyber innovated machine learning on firewall data, to get rid of firewall log noise to provide a cleaner view of what is important and needs attention.
Starlight innovated the machine learned IDS feature. ML-IDS is a new design when compared to traditional Intrusion Detection Systems.
By combining best of bread IDS technology with machine learning, Starlight dramatically improves the elimination of IDS noise and false positives.