Stellar Cyber’s Interflow™ is designed to build actionable records with rich context for any set of related security events
Interflow was designed by Stellar Cyber engineers with the goal to capture network packets, files and server logs in an effort to output a dataset to other tools that is richer than Netflow (too little), significantly lighter weight than PCAP (too big) and fused with context (just right) such as host name, user information, Threat Intelligence and geolocation.
Interflow starts at ingestion through the broadest suite of sensors and agents to literally collect all data from anything, or anywhere data and applications reside–on the network, servers, containers, physical and virtual hosts, on premises, in public clouds and with service providers.
Stellar Cyber’s Starlight is the only comprehensive open detection and response (Open-XDR) security platform that provides maximum protection of applications and data because of Interflow.
Interflow normalizes security data shared between integrated applications and third-party applications, driving single-pane-of-glass visibility and control across security toolsets.
- How Stellar Cyber’s Interflow Works
Stellar Cyber processes the right data creating an actionable, searchable and exportable record — called Interflow. Interflow normalizes security data shared between integrated applications and third-party tools.
Building Actionable Records
Starlight efficiently collects and processes network, server and application data from any environment. Our distributed intelligent data collectors process the data streams at the source, preserving and augmenting critical information while dramatically reducing the amount of data that needs to be delivered to the next level in the platform. Collectors deploy in any environment – on bare metal, native operating systems, VMs and containers.
Application identification, data reduction, correlation, and breach detection start at the source. Our big data processor then further enriches the data with context digested from many sources, such as threat intelligence, geo-location, domain name, user name, and event logs. During enrichment processing, breach detection is also performed and the results are immediately fed back to the system for other real-time detections.
Scalable Breach Detection
Our intelligent data collectors are purely software-based, with extremely low memory footprints and computing requirements. They can perform local detection of threat events, instantaneous layer 7 application identification with just one packet, as well as correlation locally. Our big data processor’s carefully-crafted intelligence identifies threats during data ingestion and post data storage by leveraging the right machine models. This provides unprecedented scale and enables deployments in anything from autonomous machines to global public clouds.
High Fidelity Alerts
Stellar Cyber data processor uses automation to cut through the noise and deliver only high-quality, high-confidence, actionable alerts. Using Multi-Level Machine-Learning (ML-ML), the system applies cascaded threat models to the rich data from collectors and intelligence feeds. The system is self learning, boosting the productivity and efficiency of security analysts in both real-time breach detection and historical forensic analysis.
Fastest Time To Detect
The industry average to detect a major cyber breach is about 200 days and carries an average cost of $6 million dollars to identify a breach. According to industry reports, it has been found that 53% of the breaches were discovered by an external source. Stellar Cyber has developed unique data collection techniques and automation reduces the time to detect a breach from months to minutes which ultimately reduces the cost to identify a breach from millions of dollars to hundreds of dollars in human costs.