Stellar Cyber understands the importance of the existing security infrastructure you have built and invested in over the years
We also understand the flexibility you would like to have to choose the best new security tools for your ever-changing IT infrastructure.
Stellar Cyber open eXtended Detection and Response (Open XDR) is an open Intelligent SOC that acts as a hub for both your existing and new security solutions, aggregating their data and producing a clear, highly accurate, and effective threat landscape under a single pane of glass.
Stellar Cyber integrates with any security solution in many different ways through its log forwarders, connectors, SOAR, Data Streaming and open APIs, delivering an open XDR capability that leverages your current and new investments.
Open XDR Security Platform
High-speed high-fidelity threat detection across the entire attack surface
“We needed a cutting-edge solution for our team to better protect EBSCO’s very diverse portfolio of affiliates and divisions globally… More >>
Log forwarders collect, aggregate, parse, normalize and enrich logs from hundreds of existing security applications such as firewalls, IAMs, WAFs, EDRs etc. They support various format including standard log format, CEF format, etc. New log parsers can be added any time without interrupting your existing services
Connectors collect, aggregate, parse, normalize and enrich data from applications through their APIs. Connectors ensure visibility into Software-as-a-Service applications or service provider environments including: AWS CloudTrail, Office365, G-Suite, OKTA, vulnerability management, Active Directory, EDRs, SNMP, etc. They also help consolidate information such as asset information from your EDR onto our XDR platform.
Threat Intelligence Feeds
Although our Open XDR has build-in threat intelligence, it also allows our customers to import their favorite threat intelligence feeds through STIX-TAXII.
The built-in SOAR functionality of Open XDR allows security analysts take direct actions on the platform without switching to another platform. By leveraging APIs provided by your existing security tools, our SOAR can interact with firewalls to block attacking IP addresses, disable users via the Active Director, disconnect an endpoint device from the network via EDR, or trigger a vulnerability scan, to name a few. It allows security analysts to define powerful playbooks so that any combination of these responses can be automated based on one or multiple conditions. This helps improve the response time to an attack and reduce the risk.
Data Streaming is another built-in application of our Open XDR platform. It allows the smooth integration between our Open XDR with your existing SIEM tool. It can either stream the raw data with fused context or (the high-fidelity and easy-to-understand/contextual detection results or both) to the SIEM tool through the API interface provided by the SIEM tool.
Our Open XDR platform provides a rich set of restful APIs to allow access to the data stored in our data lake. These APIs have been used for successful integration with third-party SOAR tools like Phantom, Demisto, Swimlane and Siemplify etc.
- Leverage broadest security data collection engine – physical, virtual, container, cloud, end points – see the whole picture
- Transform data through normalization, enrichment and correlation to actionable records stored in a single data lake.
- Open APIs deliver easy integration with existing firewalls, SIEMs, SOARs and EDRs – ensuring the Open XDR Ecosystem maximizes return on existing investments
- Analyze all network traffic, variety of logs via single AI-engine — with one single platform that intelligently pieces together complex attacks and triggers responses
- Centralized management and control makes deployment fast and easy
- Tight integration extends your existing investment and future expansion