XDR Kill Chain Design
Older kill chains like the Lockheed Martin Cyber Kill Chain are outdated, but newer frameworks like MITRE ATT&CK, while powerful, do not fully characterize attacks in a way that an XDR platform requires. The XDR Kill Chain solves these problems and is purpose-built for XDR.
XDR Malware
Covers all malware-related detections
XDR Network Behavior Analytics (NBA)
Covers network anomaly detections
XDR Intel
Covers all threat intelligence-related detections
XDR Endpoint Behavior Analytics (EBA)
Covers all host-based anomaly detections
XDR User Behavior Analytics (UBA)
Covers user anomaly detections
XDR Sensor Behavior Analytics (SBA)
Covers injection anomaly detections
on the operational side
Key Features
Stellar Cyber has a number of features that collect data, take
response through source tools and send data to other systems.
Intuitive To Understand
Five top-level stages wrap dozens of MITRE ATT&CK’s tactics and hundreds of detailed techniques so security analysts can better mentally position alerts in the broader context of risk and attacks.
Delineates External vs. Internal Alerts
Alerts that represent activity via external actors vs. internal actors significantly affect prioritization. The XDR Kill Chain tags alerts accordingly to make it easy to understand context and generate Incidents more effectively.
Map Your Own Alert Types
User defined Automated Threat Hunting alerts can be mapped onto the XDR Kill Chain so that organization specific alerts can live alongside out-of-the-box Stellar Cyber alerts.
Tagging
Stages, Tactics and Techniques are often not enough to make the most productive use of a kill chain. The XDR Kill Chain comes with robust tagging functionality built in so analysts can further organize alerts for prioritization.