One of the challenges security teams face is managing the vast quantity of data required to identify threats effectively. While each new security control deployed brings new capabilities intended to improve security posture, it also brings with it another set of data to manage. Most organizations deploy a SIEM to consolidate data for analysis; a task easier said than done. Once deployed, the SIEM becomes the backbone of the security stack where, hopefully, that vast amount of data turns into workable investigation-ready cases for security analysts. Moreover, many times, the data management capabilities of the SIEM are leveraged by other groups within the organization, turning the SIEM into the central data repository to meet many non-security-related use cases.
While the data management aspects of the SIEM can provide value beyond security, the security capabilities saddle the security team with far too many manually intensive processes they must own to get the desired results. Unfortunately, since other organizations often rely on the SIEM, the security team “takes one for the team” and deals with their sub-optimal security capabilities. With the introduction of our support for Bring Your Own Data Lake (BYODL), security teams can adopt the Stellar Cyber Open XDR Platform to manage their security operations without disrupting any other business units relying on the current SIEM deployment.
How Stellar Cyber BYODL Key Capabilities
Here are the key capabilities that support Stellar Cyber BYODL
- Data Collection and Processing: Ability to collect raw security event data from various sources, including network devices, endpoints, and applications. Once collected, normalized, enriched, and easily shared with the external data lake.
- Synchronization: Real-time and on-demand data synchronization ensures the external data lake is up-to-date. On-demand synchronization is handy if the connection to the external data lake is temporarily lost. In this case, the Stellar Cyber Open XDR platform will buffer and sync the data as soon as possible.
- Detection and Correlation Results Export and Synchronization: You can export Stellar Cyber’s detection and correlation results to the external data lake for further analysis and reporting.
- Multi-tenancy Support: The user can select a specific tenant and export its data to the external data lake’s corresponding tenant.
- Data Access and Querying of Data Lake: An external data lake will be transparent to the user and have no discernable performance impact when generating reports, conducting threat hunts, or performing any other investigation task.
- Ease of Use: The Open XDR platform’s streamlined user interface makes managing external data lake configuration simple.
Currently Support Data Lakes
The initial release of BYODL supports the following data lakes:
- Amazon Web Services S3
- Splunk
- Elastic
- Snowflake
To learn more about taking advantage of this new feature, reach out and set up a meeting with a Stellar Cyber cybersecurity expert.
Closing Thoughts
To learn more about Bring Your Own Data Lake, read the companion blog and set up a meeting with a Stellar Cyber cybersecurity expert.