Detect What Others Miss – in Real Time

Our advanced AI Engine leverages the industry-leading machine learning algorithms for different scenarios and builds with strong security knowledge to detect sophisticated threats. It is your team of virtual security analysts working around the clock to detect and triage the unpredictable threats accurately in real time. This allows your analysts to stay ahead of attacks that bypass traditional rule-based detections or ordinary anomaly detections.


How Stellar Cyber AI works

Key Characteristics


Alert Fatigue is a serious problem. Not every anomaly is a security incident. Security analysts should stop sifting through countless anomalies and focus on the real threats. As a foundational benefit of open extended detection and response (Open XDR), our advanced AI engine leverages state-of-the-art machine learning algorithms to implement the best accuracy for detection. It analyzes time series and peer groups with unsupervised learning, performs complex behavior analysis through modeling relationships with Graph ML, and generalizes known attack patterns with supervised learning. It also correlates and builds context with advanced Graph ML, so that we can present the high priority attacks with rich context.

Real Time

It may take minutes for hackers to infiltrate your system and steal valuable information. You need virtual analysts to continuously work around the clock and detect threats in real time. Our advanced AI engines do machine learning inference in real time, provide detailed reasons and will not delay actions on any attacks or anomalies.


Our single advanced AI Engine powers Stellar Cyber’s Open XDR technology and works on various data sources after normalization regardless of data types such as logs or network traffic. When a new data source is ingested, all existing detections will be directly applied. For example, our machine learning can perform user behavior analysis based on behavior data from different data sources. Machine learning inference is natively embedded in our data processing pipeline without the need to send data outside. 


Every environment is different, and context is important to reduce noises. Our ML engine is constantly learning from your environment and adapting to it to reduce the low-priority anomalies. Our ML engine leverages advanced adaptive learning and works with your security analysts to personalize the results based on their preferences by receiving limited feedback, and learns anomalies verified by them.

Explainable and Actionable

The ultimate goal for detection is to take action to stop attacks and to keep your environment safe. We understand action-taking is a serious decision; security analysts need to fully understand the situation in order to make an informed decision regarding what is the best action to take. With the latest explainable AI, instead of being a black box, we build our advanced AI engine to provide human-friendly evidence and easy-to-digest-details from ML models to ease the decision-making. With that, security analysts can easily understand the reasons and evidence for any detection in order to block an attack with high confidence without mistakenly interrupting protected users or applications.