Automatically consolidates alerts into incidents and prioritizes them to significantly improve attack detection efficiency and efficacy
Stellar Cyber, the innovator of Open XDR – the only intelligent, next-gen security operations platform – today announced a major leap to boost security analyst efficiency to identify attacks earlier. The new incident correlation technology utilizes advanced GraphML algorithms to automatically group and consolidate large volumes of alerts and events into a much smaller number of highly precise and actionable incidents. The advancement gives security analysts far more actionable information about how and where attacks are occurring, and which are the most severe.
“Stellar Cyber’s initial interface aimed to increase security analyst efficiency by presenting a lot of critical information in an easy-to-read format, but the AI-powered incident correlation represents a leap by orders of magnitude,” said Rik Turner, Principal Analyst at Omdia. “The new approach uses the company’s machine learning algorithms to automatically group and prioritize events, avoiding the pitfalls of a flood of minimally productive alerts. Now analysts can see the source and progression of attacks more quickly and take action to curtail them in a timely fashion.”
Shifting from being alert-based to incident-based dramatically improves the efficacy of a detection by combining a group of related alerts and events for far higher levels of accuracy and intelligence. The approach minimizes the problem of an overwhelming number of individual alerts with a high proportion of false positives. This capability enables an order-of-magnitude efficiency improvement by dramatically reducing the manual work and number of cases for security analysts. The breakthrough approach prioritizes incidents by providing greater detail and better context and through automatic scoring. Both Mean Time to Detection (MTTD) and Mean Time to Resolution (MTTR) decline significantly, reducing the potential risk from modern cyberattacks.
“Stellar Cyber's new AI-driven incident correlation alert grouping capability makes it far easier for our teams to prioritize collections of alerts that point to an attack. Attacks that might have taken days or weeks to discover are now obvious in minutes,” states Presley Prescott, founder and CTO of LOEPRE, a Stellar Cyber partner and OEM based in Germany.
Supercharged Analyst Productivity
For the security operations leader, the new functionalities in Stellar Cyber 4.0 set a new standard for higher efficiency, better efficacy and improved analyst performance. The platform now incorporates the new Loop interface of the XDR Kill Chain, which combines a creative, more realistic kill chain with advancements over the MITRE ATT&CK framework to clearly point out attack issues and advise exact steps to remediate them. The platform’s multi-site, multi-tenant architecture makes it easy to manage security on a departmental or individual customer basis.
In a typical security tool, alerts are presented as equals, and there may be dozens or hundreds of them coming in every hour. Using advanced GraphML machine learning algorithms, the Open XDR platform enables security analysts to focus on a smaller number of incidents that are vastly more comprehensive, accurate and meaningful, rather than a large volume of alerts with broad variance of fidelity and importance. Now analysts can work with incidents instead of alerts to get a fast and complete picture of attacks. This effectively reduces the number of things an analyst must track and manage, enabling the analyst to respond more quickly and effectively.
“Businesses of all sizes are facing increasingly complex threats and at the same time experiencing a shortage of skilled staff positions to help respond to these issues,” said Fleming Shi, CTO at Barracuda. “At Barracuda, we protect and support our customers for life. Integrating our innovative security products with Stellar Cyber’s Open XDR Platform provides Barracuda customers with the ability to add detection and response to their current investments.”
False positive alerts have caused chronic alert fatigue and reduced efficiency of security teams and the ability to find attacks early. By combining many related alerts and events into a cohesive incident, the accuracy of a detection can be improved by orders of magnitude. This also allows the security analysts to spot potential threats otherwise missed as multiple lower-priority events can raise the priority of an incident, which gets security analysts’ attention.
“Clearly, security analysts have needed a new way to look at data, not as individual alerts but as actual attack incidents, so they can more easily prevent attackers from gaining a large foothold in the infrastructure,” said Sam Jones, VP of Product Management at Stellar Cyber. “Purpose-built for XDR, our AI-powered incident correlation makes that idea a reality.”
Open XDR vs. XDR
While standard eXtended Detection and Response (XDR) platforms enforce vendor lock-in and abandonment of existing security tools, Stellar Cyber’s unique Open XDR platform works seamlessly with existing EDR, SIEM, UEBA, NDR, and other solutions to preserve investments. In addition, Stellar Cyber’s platform significantly enhances those investments by ingesting data, normalizing and enriching the data, inspecting and correlating it into fewer and higher-fidelity incidents through advanced AI/ML, applying AI-driven analytics to inspect it, and automatically responding to complex threats. In addition, the platform can deploy an unlimited number of lightweight, automatically managed sensors to cover any gaps in attack surface monitoring. Only Stellar Cyber’s Open XDR delivers these benefits.
About Stellar Cyber
Stellar Cyber’s Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Our XDR Kill Chain, fully compatible with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. Typically, our platform delivers a 20X improvement in MTTD and an 8X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.