Open XDR specialist Stellar Cyber is incorporating four distinct technologies — machine learning (ML), graph ML, generative AI and hyper-automation — all in a single, unified platform with the purpose of improving threat detection and reducing response time.
Stellar Cyber’s launch of its Multi-Layer AI capability this week effectively applies AI at multiple steps in the detection, correlation and response process to reduce alert volume, prioritize and correlate threats, counsel analysts and respond automatically, according to the company.
“We have always focused on using AI in our platform, and we have led our SecOps platform competitors in this area since 2018,” Aimei Wei, founder and Chief Technology Officer of Stellar Cyber, told MSSP Alert. “Our Multi-Factor AI is an industry first because it leverages four different types of AI in one platform. We’re the only ones who do that. “
Stellar Cyber’s aim is to make AI consumable and easy to buy. Wei notes that this is an important distinction for MSSPs because it makes detection and response much faster and easier.
“We have all these AI variants in one platform and that is key and a huge differentiator in our view,” Wei said. “It drives a better profit-and-loss or margin outcome for MSSPs. It’s an important distinction for MSSPs because it makes detection and response much faster and easier, which makes them more competitive. By making their teams much more productive, it also improves their margins.”
How Multi-Layer AI Improves Security
Managing torrents of data from dozens of cybersecurity tools takes a lot of time. That’s why most major data breaches have taken months to discover, according to Stellar Cyber. Therefore, successfully responding to cyberattacks is about visibility combined with the ability to act on it quickly.
To gain needed visibility, Stellar Cyber collects data from the entire attack surface, including endpoints, networks, identity management systems, software-as-a-service, vulnerability assessments, and the cloud. As each security tool stores data in its own format, the Stellar Cyber platform automatically transforms data through normalization into a single format and enriched with context so it can be effectively used by AI.
Here’s how Stellar Cyber uses Multi-Layer AI to speed detection and responses:
- Detection AI. The platform’s ML-based AI evaluates 10-100TB/day of data and automatically detects common threats. This converts terabytes of data to thousands of alerts per day.
- Correlation AI. The platform’s graph ML technology spots correlations between two or more alert signals, weak or strong, assembling them into contextual cases that identify impacted and potentially impacted assets. This process converts thousands of alerts into hundreds of manageable cases per day, reducing analysts’ workloads.
- Copilot AI. The platform’s genAI implementation, AI Investigator, speeds complex threat analysis by providing instant responses to analysts’ questions, further reducing the number of analyst decisions to less than a hundred per day cutting threat response times.
- Hyper Automation AI (in forthcoming releases). The platform uses ML to change the state of external systems to address known attack techniques like phishing. For example, the Stellar Cyber platform can use hyperautomation to automatically analyze phishing emails through AI.
Stellar Cyber pioneered the use of AI in a SecOps platform with the debut of its Open XDR platform in 2018, and now advances its platform’s capabilities through Multi-Layer AI.
“Analysts were so buried in alerts that they couldn’t tell the real ones from the false ones, and it could take months to see and respond to the real threats,” said Steve Garrison, Steller Cyber’s senior vice president of Marketing. “That’s why we baked AI into our SecOps platform from day one, and why we are continuing to leverage it in all forms as we move forward.”
Stellar Cyber Delivers Data Lake Security for Splunk and More
Stellar Cyber recently expanded its Open XDR platform to secure data where it lives, in data lakes — something the company is calling "bring your own data lake." Data lakes and cloud data storage are essential as organizations embrace AI.
Stellar Cyber's integration allows organizations that have standardized their data storage framework on Splunk, Snowflake, Elastic or AWS security data lake to incorporate the Stellar Cyber Open XDR platform into their security framework.
Explaining the inspiration behind BYODL, Wei believes that customers want the flexibility to seamlessly integrate their existing data lakes with advanced security platforms and without the cost and hassle of data migrations.
“Without the ‘bring your own data lake’ capability, customers often face high costs and disruptions from migrating data to new platforms,” Wei said. “They deal with complex integration challenges, increased storage expenses and inefficiencies in their security workflows. Additionally, the lack of seamless data integration can lead to lower data quality, resulting in more false positives and less accurate threat detection."