Stellar Cyber’s Novel XDR Kill Chain™ Puts the “Kill” Back to Disrupt Cyber Attacks
Revamps MITRE ATT&CK framework and integrates with Open XDR platform to bring new efficiencies to security operations teams
“Today’s cyberattacks don’t often proceed in a linear fashion, so alerts on aspects of those attacks don’t directly point to evidence of an overall attack,” said Zeus Kerravala at ZKResearch. “By combining alerts into actual incidents, Stellar Cyber becomes the first Open XDR platform to clearly identify attacks, their sources and how to remediate them.”
Stellar Cyber has incorporated its XDR Kill Chain into the new version 4.0 of its Open XDR platform. It is the first platform on the market to integrate a kill chain that is purpose-built for XDR, increasing the ability of security analyst teams to spot quickly both internal and external attacks as well full attack progressions. The new version enables both enterprises and MSPs/MSSPs/MDRs to make powerful new advancements in security team efficiency and boost the effectiveness of cybersecurity protection, detection and response.
“XDR platforms collect a lot of data from across an organization’s entire infrastructure, and this really calls for a new cyber kill chain that can consider the broad visibility and more accurately map to today’s attack methodologies.” said Rik Turner, Principal Analyst at Omdia. “Stellar Cyber is known for aggregating data without restriction, while also addressing detection and monitoring gaps, so incorporating this Novel XDR Kill Chain will direct security teams with findings that are meaningful, prioritized and actionable.”
These new features leverage more than four years of ongoing research and development, during which Stellar Cyber has become the leading Open XDR platform. Unlike other platforms, Stellar Cyber can ingest data from any popular security tools as well as utilizing its own sensors and agents. The platform normalizes disparate data sets so they can be automatically evaluated and correlated by its advanced AI engine and then prioritizes threats for immediate attention by security analysts. The platform can also respond to incidents quickly through a tight integration with many existing security tools.
“As a top 100 MSSP, we run an in-house SOC-as-a-Service function for our customers, and due to our large size, we are a target for hackers,” said Joe Morin, CEO of CyFlare. “Stellar Cyber is the only product we trust to help us manage our risk and costs with its new XDR Kill Chain, ensuring we efficiently combat threats across our customer base.”
Enhanced Risk Reduction:
For CISOs, Stellar Cyber 4.0 reduces the risk of attack damage even more than previous versions. Every corporation is subject to attacks, so the issue is not to avoid them, but to detect them early and defeat them. This requires seeing attack behaviors as early as possible in the cyber kill chain and responding to them as quickly as possible.
The existing cyber kill chain was invented many years ago when attacks were dominated by malware. Today, malware is just one of the many attack weapons, and high-value attacks typically employ multiple tactics that are directed by an attacker. Although detailed, the MITRE ATT&CK framework has become a more popular model, but it places the primary focus on endpoints. The resulting perspective is both limited while also very detailed with many tactics and techniques involved with a single aspect of attacks.
Stellar Cyber’s XDR Kill Chain delivers a breakthrough in enterprise security risk reduction by combining the high-level view of attack progression and the detailed tactics and techniques used in each attack. It is the first new kill chain invented in years and designed specifically to take advantage of powerful XDR detections, where attackers can target any point in the infrastructure. The XDR Kill Chain features a loop which prioritizes detections into five phases: initial attempts, persistent foothold, exploration, propagation and exfiltration /impact.
The model captures the progression of complex attacks so that incidents appear in the context of the five-phase kill chain so analysts can easily understand their priority without getting lost in details. This allows analysts to easily see attacks as they happen and respond to the most emergent or urgent needs first. The Stellar Cyber platform also incorporates commonly used MITRE ATT&CK framework for detailed analysis. It not only maps the existing tactics and techniques into the five phases of the kill chain but also adds new tactics and techniques beyond the MITRE ATT&CK framework. The loop interface also clearly shows external versus internal attacks which helps analysts know exactly where to look to stop attackers.
“By creating a new attack model that puts ‘kill’ back into the concept of kill chain and integrates it with our Open XDR platform, we decisively shift the odds of security teams being on the losing end of a cyberattack,” said Sam Jones, VP of Product Management of Stellar Cyber. “In addition, with the XDR Kill Chain woven into our platform, customers can improve their risk management, increase analyst productivity and lower costs now more than ever.”
Version 4.0 of the Stellar Cyber platform is currently in general availability.
Open XDR vs. XDR:
While standard eXtended Detection and Response (XDR) platforms require vendor lock-in and abandonment of existing security tools, Stellar Cyber’s unique Open XDR platform works seamlessly with existing EDR, SIEM, UEBA, NDR, and any other solutions to preserve investments. In addition, Stellar Cyber’s platform significantly enhances those investments by ingesting data, normalizing and enriching the data, inspecting and correlating it into fewer and higher-fidelity incidents. The platform utilizes advanced graph ML, AI-driven analytics, and automatic responses to complex threats. Only Stellar Cyber’s Open XDR delivers these benefits.
About Stellar Cyber:
Stellar Cyber’s Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating incidents across the entire attack surface, delivering high-fidelity alerts, and responding to threats automatically through AI and machine learning. Our intelligent, next-gen security operations platform greatly reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. Typically, our platform delivers a 8X improvement in MTTD and an 20X improvement in MTTR. The company is based in Silicon Valley. For more information, contact https://stellarcyber.ai.