Stellar Cyber’s Interflow™ is designed to build readable, searchable and actionable records with rich context for any set of collected data
Interflow was designed by Stellar Cyber engineers with the goal to capture network packets, security tools’ logs and application data in an effort to output a dataset that is richer than Netflow (too light), significantly lighter weight than PCAP (too heavy) and fused with rich context (just right) such as host name, user information, Threat Intelligence, geolocation, etc.
Interflow starts at ingestion of security infrastructure data through the broadest suite of sensors, collectors and forwarders to literally collect all data from anything, or anywhere data and applications reside–on the network, servers, containers, physical end points and virtual hosts, on premises, in public clouds and with service providers.
Interflow normalizes collected data, fuses the additional context into it and shares them among highly integrated applications as well as third-party applications, driving single-pane-of-glass visibility and control across the entire IT infrastructure. The right data with context enables better detection and easy-to-understand results for security teams.
Stellar Cyber is the only intelligent next gen security operations platform powered by open eXtended Detection and Response (Open XDR) that provides high-speed high-fidelity threat detection across the entire attack surface because of Interflow.
- How Stellar Cyber’s Interflow Works
Stellar Cyber processes the right data creating an actionable, searchable and exportable record — called Interflow. Interflow normalizes security data shared between integrated applications and third-party tools.
Building Actionable Records
360 Degree Data Ingestion
Stellar Cyber efficiently collects and processes network, server and application data from any security infrastructure environment. Our distributed intelligent data collectors process the data streams at the source, preserving and augmenting critical information while dramatically reducing the amount of data that needs to be delivered to the next level in the platform. Collectors deploy in any environment – on bare metal, native operating systems, VMs and containers.
Application identification, data reduction, correlation, and breach detection start at the source. Our big data processor then further enriches the data with context digested from many sources, such as threat intelligence, geo-location, domain name, user name, and event logs. During enrichment processing, breach detection is also performed and the results are immediately fed back to the system for other real-time detections.
Scalable Breach Detection
Our intelligent data collectors are purely software-based, with extremely low memory footprints and computing requirements. They can perform local detection of threat events, instantaneous layer 7 application identification with just one packet, as well as correlation locally. Our big data processor’s carefully-crafted intelligence identifies threats during data ingestion and post data storage by leveraging the right machine models. This provides unprecedented scale and enables deployments in anything from autonomous machines to global public clouds.
High Fidelity Alerts
Stellar Cyber data processor uses automation to cut through the noise and deliver only high-quality, high-confidence, actionable alerts. Using Multi-Level Machine-Learning (ML-ML), the system applies cascaded threat models to the rich data from collectors and intelligence feeds. The system is self learning, boosting the productivity and efficiency of security analysts in both real-time breach detection and historical forensic analysis.
Fastest Time To Detect
The industry average to detect a major cyber breach is about 200 days and carries an average cost of $6 million dollars to identify a breach. According to industry reports, it has been found that 53% of the breaches were discovered by an external source. Stellar Cyber’s open extended detection and response (Open XDR) platform delivers unique data collection techniques and automation reduces the time to detect a breach from months to minutes which ultimately reduces the cost to identify a breach from millions of dollars to hundreds of dollars in human costs.