TECHNOLOGY
AI Engine
Battle Tested, Purpose-built, AI
Novel Alerts
Example alert types include:
- External Scanner Behavior Anomaly
- Internal RDP Brute Force Attack
- Internal SMB Username Enumeration
Automatically Correlated Incidents
Real-world incidents detected in Stellar Cyber:
- Darkside Ransomware attack
- Sunburst attack
Key Features
Accurate
Alert Fatigue is a serious problem. Not every anomaly is a security incident. security analyst should stop sifting through countless anomalies and focus on the real threats. Core to Open XDR , Stellar Cyber’s AI Engine leverages state-of-the-art machine learning algorithms to implement the best accuracy for detection.
Real Time
It may take minutes for hackers to infiltrate your system and steal valuable information. You need virtual security experts to continuously work around the clock and detect threats in real time. Stellar Cyber’s AI Engine performs ML inference in real time and provides detailed reasons for its output.
Unified
Our single advanced AI Engine powers Stellar Cyber’s Open XDR technology and works on various data sources after normalization regardless of data types such as logs or network traffic.
Adaptive
Stellar Cyber goes wherever you need it to go – on-premise, in the cloud or hybrid. Multi-tenancy is built in from the beginning to ensure flexible, secure operations for any organization. Multi-site allows data to stay resident in its own region to be compliant and scalable in complex operating environments.
Explainable And Actionable
The ultimate goal for detection is to take action to stop attacks and to keep your environment safe. Action-taking is a serious decision; security analyst need to fully understand the situation in order to make an informed decision regarding what is the best action to take. With the latest explainable AI, instead of being a black box, the AI Engine provides human-friendly evidence and easy-to-digest-details from ML models to ease decision-making. With that, a serious decision; security analyst can easily understand the reasons and evidence for any detection in order to block an attack with high confidence without mistakenly interrupting protected users or applications.