In detection and response, bidirectional integrations between security products, let alone unidirectional integrations, are not enough. There needs to be true cohesion amongst the entire security stack; otherwise, security operators are left with piles of data and endless API endpoints to figure out how to wire together. This is more important with Endpoint Detection & Response (EDR) products than with any other component of the enterprise security stack.
For example, you might be forwarding all events and alerts from your EDR to your Security Information and Event Management (SIEM), and within your Security Orchestration and Response (SOAR) you have several playbooks deployed to take automatic actions back through your EDR. This is worlds better than where detection and response was 10 years ago, but today it is not enough.
To demonstrate it is not enough, consider these three operational questions. First, how is your EDR data automatically working in unison with other telemetry to provide the most complete context? If it’s not doing this, you are going to be too slow and miss things. Second, are your EDR alerts fully trusted in the sense that they are high-fidelity and low-noise? Third, do you have a single vendor EDR reliably deployed across every endpoint? This is seldom the case from our field-based observations. Unless an enterprise has perfect responses to these questions, it is easy to see how difficult it can be to achieve a consistent approach to detection and response.
Stellar Cyber has been integrating with EDRs since our inception, and today we are thrilled to announce the industry’s first approach to Universal EDR. Deploy one or many EDRs, of any vendor, and Stellar Cyber supercharges those EDRs to ensure the most pervasive XDR outcome.
Stellar Cyber pulls this off as an Open XDR Platform: we do not embed any specific EDR within our platform. Stellar Cyber integrates with the best-in-breed EDRs on the market, to connect the dots and improve underlying fidelity. The first technical step to accomplish this, but not the endgame, is to have a robust bidirectional integration – collect data and respond through an API. However, as mentioned upfront, this is hardly enough, nor is it even unique.
Built on these bidirectional integrations, and a robust data normalization pipeline, Stellar Cyber has developed a way to process and correlate EDR data with all other telemetry across the attack surface. This unlocks an EDR’s greatest potential because it is strengthened by what every other security product sees. Furthermore, we have also developed processing pathways to ensure the highest fidelity alerts regardless of the EDR being integrated. Tactically, it means each EDR’s data is processed a little differently to ensure low-noise output and a standardized output. Bring any EDR to the table, and Stellar Cyber has the intelligence to not only supercharge it through correlation and improved fidelity, but to have it work alongside other EDRs or endpoint products. This is Universal EDR.
As an Open XDR Platform that defends the entire attack surface, we must integrate with all critical security products and tools (and beyond them to things like SaaS) across the enterprise. Our internal framework for thinking about these integrations is one of Levels, as depicted by the figure below.
Another way of phrasing this announcement is that we have Level 5 integration support for all major EDRs. For our customers, this means advancements in detections, and new supported EDRs are readily available. For prospective customers or those learning about Stellar Cyber, whatever EDR or EDRs you bring to the table, we not only support them, but we make them better while ensuring a level of fidelity regardless of your investment decisions. Put simply, turn your EDR into XDR in hours.
This capability for Stellar Cyber not only represents advancements for detection and response but also displays the true intent of Open XDR: Interoperability and future proofing. That’s what a great security platform is all about.
