Security provider Stellar Cyber, with the first Open-XDR security application platform, today announced that it has added a new “Data Streaming” Application to its Starlight platform. This App slashes the cost of using an existing SIEM by reducing and optimizing the data fed to it, and ensuring that only high-fidelity, actionable events reach the SIEM instead of oceans of data.
With a stand-alone SIEM, customers are used to dumping everything in it in the hope that they will catch all known threats by querying that data, but this data can overwhelm a SIEM and lead to hours or days of frustration as analysts weed through data to find actionable threats.
Starlight’s Data Streaming Application uses machine learning and advanced analytics to determine which events are actually security related events and forwards them to the SIEM so analysts can query the reduced data and achieve superior threat-fighting results. In this way, Starlight’s automated detection and response mechanisms improve the value of a SIEM while also reducing its cost, since the cost is typically based on data volume.
Stellar Cyber’s “Interflow” technology reduces, enriches and correlates original data including security information such as Threat Intelligence, location information such as Geo location, user name, hostname, domain names, or machine learning results like DGA, port-scan, etc. The context from Interflow, as exportable and searchable JSON files, provides details analysts need to quickly reach conclusions. Interflow processed data from Starlight can be fed to the existing SIEM to improve both analyst and SIEM efficiency.
“By itself, a SIEM is a passive (and massive) repository of log information that must be laboriously queried to identify threats,” said Ilker Simsir, Principal Product Manager at Stellar Cyber. “Our Data Streaming App reduces the volume of data in a SIEM by feeding it only actionable, high-fidelity events so analysts can be much more productive with their queries.”
Helpful Stellar Cyber links
About Stellar Cyber
Stellar Cyber makes Starlight, the world’s first open detection/response (Open-XDR) platform which connects the dots throughout the entire security infrastructure and automatically responds to attacks wherever they occur. Starlight ingests data from any data source and integrates dozens of security applications from an App Store and presents results in an intuitive dashboard to supercharge analyst productivity by slashing attack response times to seconds or minutes. Starlight deploys easily on premises, at the edge or in public clouds, and is delivering comprehensive security for enterprises and managed security service providers. Stellar Cyber is based in Silicon Valley and is backed by Valley Capital Partners, Northern Light Venture Capital, SIG and other investors. For more information, contact https://stellarcyber.ai.