The industry is awash in cybersecurity tools that focus on specific parts of the infrastructure. There’s EDR (endpoint detection and response) for endpoints, NDR (network detection and response) for network traffic and so on. Palo Alto Networks (@PaloAltoNtwks), Trend Micro (@TrendMicro) and LogRythm (@LogRhythm) all talk to “XDR” (extended detection and response in IT infrastructure) to pull together all of those disparate solutions into one. @Ovum [1] and @zkerravala [2] also published blogs on the idea of XDR.
We think XDR is a great idea and the future of security, too, but we think it should be a completely open solution that doesn’t require vendor lock-in, hence, Open XDR. Here are three characteristics that make Starlight’s Open XDR platform a superior solution for cybersecurity across infrastructure.
The Data – Collecting the Right Information
Data is the foundation of XDR. Without the right data, both basic forensics and advanced analytics through machine learning will have challenges. For example, is your EDR the best of breed to provide the firstline defense for you and generate the right data for the XDR? For another example, are your regular firewall traffic logs (without adequate application metadata) enough for the network detection and response?
Starlight has agents and sensors that specifically collect data from any part of the infrastructure – cloud, servers, VMs, containers, applications, users or endpoints – but you don’t want your analysts drowning in a lake of “justdata.” That’s where our Interflow™ technology comes in – it collects and fuses data from variety of sources, builds a record of eventswith actionable contextual information, weeds out false positives and noise through advanced analytics and deliversonly the high-fidelity alerts through our intuitive console. Interflow records are readable, searchable and exportable so you can easily accelerate detection.
Starlight’s differentiation:
- Purpose-built container, agent and network sensors extract the right data with a powerful Deep Packet Inspection (DPI) engine for NDR / NTA and more
- It collects data from best-of-breed security applications like Crowdstrike EDR, Sophos Endpoint Security, etc.
- It collects data pervasively from both heterogeneous environments as well as from any part of the infrastructure including cloud
- It fuses data from many different sources to create contextual, readable, searchable and actionable JSON records
The Openness – Be Open About It
Starlight’s family of sensors and agents work in heterogeneous environments across the network, endpoints, applications and cloud. Its powerful log aggregation and parsing framework supports logs from many existing security applications. You don’t need to replace your existing EDR or firewall to deploy Starlight because it works with best-of-breed tools like Check Point’s or Palo Alto Networks’ firewalls, Crowdstrike’s EDR, OKTA’s SSO, Tenable’s Vulnerability Risk Management, etc. Other XDR solutions may force you to toss out your existing investments and use these tools from the XDR vendor.
Starlight’s differentiation:
- It allows the user to use the best-of-breed security applications for their environment or for their budget
- It saves the user from vendor lock-in and allows them to switch security applications at their discretion
- It protects the user’s existing investment by using their existing applications as the data source for XDR
- It allows for future extensibility for any potential new security applications
The Apps – Tightly-integrated Ones
Finally, Starlight is the only XDR platform that comes with a library of tightly-integrated cybersecurity apps so your analysts can drill down into the sources of alerts. Analysts can choose NTA, machine learning-powered IDS, malware detection, threat-hunting, data streaming, or nearly two dozen other apps and access them through Starlight’s intuitive dashboard. In effect, your analysts can create their own custom cybersecurity workbenches to maximize productivity and slash threat detection, investigation and response time.
Starlight’s differentiation:
- It includes a core set of over 24 apps across the entire cyber kill chain
- Its advanced analytics reduce the noise and produce high-fidelity alerts
- Its micro-service architecture is built for scalability and availability
- It includes multi-tenancy support for easy management and data isolation in large complex organizations
Open to Anything, Anywhere
Starlight can be deployed on premises, in public clouds or in service provider networks. Our built-in multi-tenancy support makes it easy for enterprises to support distributed environments, and for MSPs orMSSPs offering MDR to drive new revenues through managed security services. Options to deploy onpremises or in a local cloud ensure data protection and privacy. Moreover, our open APIs allow Starlight to interact with other tools such as legacy SIEMs in the cybersecurity ecosystem, allowing you to continue using existing solutions.
XDR is an idea whose time has come, but it’s not going to go mainstream unless the platform can collect the right data, support existing solutions, and provide an array of apps that drive higher analyst productivity. Starlight’s Open XDR platform checks all these boxes.
[1] 2019 Trends to Watch: Cybersecurity
[2] EDR is dead! Long live XDR!
