Universal EDR is Industry’s First Open, High-Fidelity XDR Technology to Unify and Amplify Data from Any and All EDRs
Through a tight, bidirectional data flow, optimized data pathways and integrated resource assessment—such as monitoring for container builds and changes, Kubernetes execution and server activities interacting with endpoints—the Stellar Cyber platform preserves investments in EDRs and enables organizations to find attack activity early to prevent or minimize damage. In addition to optimizing individual EDRs’ data for faster, earlier detection of attacks, Universal EDR adds precision to an EDR’s own alerts.
“With this announcement, Stellar Cyber can enable enterprises and MSSPs to retain investments in and increase the value of any existing EDR tool within an XDR environment,” said Jon Oltsik, Senior Principal Analyst and ESG Fellow. “Users can now enhance their favorite EDR tools with full integration into an XDR platform, combining their EDR data with telemetry from other security tools and obtaining greater visibility.”
Stellar Cyber’s Universal EDR delivers ready-to-consume EDR integration and data optimization without requiring the customer to complete manual integration, significantly speeding time to value. At the same time, Stellar Cyber enriches existing EDR security tools, allowing SOC teams to act more quickly on findings from existing EDRs or enhancing that data with other critical alert data from other key systems (SIEM/NDR, etc.).
Universal EDR incorporates four key advancements:
- It collects complete data sets from any EDR tool and creates bidirectional communication to and from the Open XDR platform through APIs, enabling flexible and preferred response via the customer’s existing tools and workflow.
- It incorporates EDR-specific alert processing pathways to standardize data output and ensure high-fidelity detections by removing the noise of these alerts.
- It automatically processes and correlates data from all tools in the security stack, including EDR, to provide better context for accurate diagnosis and timely response.
- It dynamically discovers asset information from EDR data and combines it with asset information from a variety of other data sources to provide comprehensive asset management and UEBA analytics.
“Some XDR vendors can do one-way or even two-way integrations between their core platform and third-party EDR products, but that’s not really enough to ensure accurate detection and response – it requires careful study and treatment of EDR alert and event data with critical enrichment to evolve from simply alerting to truly informing. In addition, as environments change and evolve, a company may need more EDR integrations,” said Sam Jones, VP of Product Management at Stellar Cyber. “With Universal EDR, our platform performs automated integration, customized data processing, and event correlation to deliver the best detections and faster responses regardless of which EDR product is being used.”
Custom Alert Pathways Precisely Match Each EDR:
Stellar Cyber’s real-time EDR data processing uses three different types of alert pathway to closely align with the way each EDR operates and the level of noise it produces:
- Passthrough Enrichment — all alerts are passed directly from the EDR after normalization and enrichment to the Open XDR Platform and mapped to MITRE ATT&CK context and identification as needed to aid investigations.
- Deduplication — Machine Learning (ML) is used to identify source EDR alerts that are related and part of the same activity, and to generate a single alert within the Open XDR platform to improve prioritization and response speed. Some EDRs produce a number of alerts for the same event, causing extreme alert fatigue and reducing precision and efficiency.
- Machine Learning Alerts — EDR events and alerts are processed via different ML models that generate high-fidelity alerts within the Open XDR platform through automated data correlation and weak signal escalation to enable faster responses.
The Stellar Cyber Open XDR Platform automatically applies these pathways for each EDR tool. For example, EDR 1 might have 10% Passthrough Enrichment, 50% Deduplication, and 40% Machine Learning Alerts, while for EDR 2 those ratios could be 0%, 80%, and 20% respectively.
“For a company that doesn’t build an in-house EDR, we find ourselves at the leading edge of endpoint-based security research,” said Aimei Wei, Founder and CTO at Stellar Cyber. “This gives our customers full confidence that they can integrate their EDR of choice and get outstanding results through the Stellar Cyber Open XDR platform.”
Resources:
About Stellar Cyber:
Stellar Cyber’s Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Our XDR Kill Chain™, aligned with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. Typically, our platform delivers an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, contact http://stellarcyber.ai.
###
Stellar Cyber Contact:
Charlie Rubin
Story PR
+1 510-908-3356
[email protected]
END