How Stellar Cyber
Works
Explore the Platform in 5 minutes
End-to-End Detection and Response
Ingest and
Normalize Data
Stellar Cyber can ingest data from any security, IT, system, or productivity product you have deployed.
Centralized Threat
Detection
Sensor-Driven
Threat Detection
Stellar Cyber Sensors can be deployed to the far reaches of your environments with embedded threat- detection capabilities.
AI-Enabled
Investigation
Automated
Response
Ingest and Normalize Data
Stellar Cyber ingests data from API-based connectors (cloud or on-prem), or from streaming log sources via protocols like Syslog. On-prem data sources can be captured because of Stellar Cyber’s Sensors, which can be deployed physically or virtually to hook into those environments. Data, regardless of its origin, gets normalized into a standard data model. Common fields like source IP, timestamp, or logon type are always standardized when possible to make workflows easy. Third-party specific data is kept in a vendor data namespace. Data is also enriched with geolocation and asset context to increase the value of all telemetry.
Centralized Threat Detection
Stellar Cyber uses several methods to root out potential threats:
- Easy-to-find sources of known bad are found through rules in Stellar Cyber, with new and updated rules being shipped continuously to all customers, sourced from our internal detection team as well as open communities like SigmaHQ.
- Harder-to-find sources of known bad are identified using supervised machine learning detection. Stellar Cyber’s security research team develops models based on publically available or internally generated datasets and continuously monitors model performance across the fleet.
- Unknown and zero-day threats are uncovered using unsupervised machine learning techniques. These models look for anomalous behavior indicative of a threat. These models baseline over several weeks on a per-customer/per-tenant basis.
Sensor Driven Threat Detection
Stellar Cyber’s sensors not only collect logs from cloud and on-prem sources, they also create visibility and deploy network-based detections to the edge. Sensors package together Deep Packet Inspection (DPI), Intrusion Detection System (IDS), and Malware Sandbox into a single configurable software package.
AI-Enabled Investigations
Correlation across detections and other data signals occurs through a GraphML-based AI that aids analysts by automatically assembling related data points. The AI determines connection strength between discrete events that can be sourced from any data source, based on property, temporal, and behavioral similarities. This AI is trained on real-world data generated by Stellar Cyber and is continuously improved with its operational exposure.
Automated Response
Users have complete customizability over the context, conditions, and output of playbooks. Playbooks can be deployed globally or on a per-tenant basis. Use any out-of-the box playbook for a standard response, or create a custom playbook for taking action back into an Endpoint Detection & Response (EDR) tool, calling a webhook, or simply sending an email.
Explore Our Easy-to-Use Platform
Data Onboarding and Management Made Easy
Ensuring that you have the data you need to identify threats is the first step in any successful security program. See how we make it easy.
Working with Alerts
& Incidents
Investigating alerts manually is no longer feasible. See how Stellar Cyber makes working with Alerts and Cases faster than ever before.
Automated Threat Hunting
and Response
The threats you don't see are the ones that can hurt you the most. See how Stellar Cyber automates threat hunting and response.
