As menace complexity will increase and the boundaries of a corporation have all however disappeared, safety groups are extra challenged than ever to ship constant safety outcomes. One firm aiming to assist safety groups meet this problem is Stellar Cyber.
Stellar Cyber claims to handle the wants of MSSPs by offering capabilities usually present in NG-SIEM, NDR, and SOAR merchandise of their Open XDR platform, managed with a single license. In response to Stellar Cyber, this consolidation means quicker safety analyst ramp time and buyer onboarding with far much less manually intensive duties required. Stellar Cyber presently counts 20+ of the highest MSSP suppliers as prospects, offering safety for over 3 million belongings. As well as, stellar Cyber claims after deployment, customers see as much as 20x quicker imply time to reply (MTTR), a daring declare.
We not too long ago took a more in-depth have a look at the Stellar Cyber Safety Operations Platform.
Earlier than we start
Earlier than digging into the platform, right here are some things MSSPs ought to learn about Stellar Cyber:
- Works with any EDR: Stellar Cyber might be categorised as an Open XDR because it delivers visibility throughout your buyer’s environments; nevertheless, it isn’t an extension of an EDR product. Conversely, Stellar Cyber gives pre-built integrations to any main EDR distributors which means your prospects can use no matter EDR they need in the event you use Stellar Cyber.
- It is Multi-Tenant: Stellar Cyber is a multi-tenant resolution which means that your buyer’s information won’t be commingled, enabling you to supply your providers in areas particularly involved about information privateness. Additional, this multi-tenancy method can drive higher analyst-to-customer ratios. In sure conditions, work finished for one buyer will be utilized to a different with zero lack of information integrity.
To facilitate this product assessment, the workforce at Stellar Cyber gave us entry to the cloud-based model of their product, so after a quick product walkthrough delivered by a Stellar Cyber help particular person, we logged into the product.
Responding to an Incident from the Residence web page
That is the preliminary display you see when logging into Stellar Cyber. You’ll anticipate to see many parts on the analyst dwelling display, comparable to high incidents and riskiest belongings. An attention-grabbing piece on this display is what Stellar Cyber calls the Open XDR Kill Chain. By clicking on any phase of the kill chain, you’ll be able to entry the threats related to that portion of the assault chain. For instance, I clicked on “Preliminary Makes an attempt” to entry this display.
Right here I can see these alerts with the stage “Preliminary Makes an attempt” set by Stellar Cyber robotically. Additional down the rabbit gap, I see extra details about the alert after I click on “View” on any of the alerts. Initially, I used to be introduced with some abstract graphs, then scrolling down the display a bit, I noticed a “extra data” hyperlink, so I clicked it and bought this in return.
Right here I can learn in regards to the incident, dig into the small print, and assessment the uncooked information behind this incident in addition to the JSON, which I can conveniently copy to a clipboard if essential.
Right here is the place I assumed issues bought a bit extra attention-grabbing. Whereas the presentation of the info in Stellar Cyber is straightforward to know and logical, the product’s true energy was not evident to me till I clicked on the “Actions” button on the display above.
As you’ll be able to see, I can take my response actions proper from this display, comparable to “add a filter, set off an e-mail, or take exterior motion. Clicking on exterior motion, I get one other picklist. After I click on on Endpoint, I get an extended checklist of choices from include host to shutdown host.
When clicking on an motion, like include host, a configuration dialog shows the place I can choose the connector to make use of, the goal of the motion, and every other choices required to provoke the motion chosen. So, in abstract, I can see how safety analysts, particularly junior ones, will discover this workflow very helpful in that they will a) simply dig into the small print of an incident from the house display, b) assessment much more particulars by going deeper into the info, and c) take a remediation motion from this display with out writing any scripts or tinkering with a code.
For MSSPs, I may see onboarding new analysts to work on this view initially to familiarize them with the platform whereas nonetheless serving to meet customer support degree agreements. Nonetheless, my intestine tells me that there’s far more to find out about this Stellar Cyber platform so let’s have a look at if there’s one other path to investigating incidents.
Now as an alternative of clicking on the Open XDR Kill Chain, I’m going to click on on the menu merchandise “Incidents” and get this display in return.
After I clicked on the carrot within the blue circle, it expanded a filtering checklist that enabled me to hone in on a selected sort of incident. Since I’m in exploratory mode, I am going on to the small print button to see what I can discover on this element view.
Now I can see how this incident occurred and propagated throughout a number of belongings. Additional, I can robotically see the recordsdata, processes, customers, and providers related to the incident. There are alternative ways to view this information as effectively. For instance, I may swap to the timeline view to get a readable historical past of this incident, like under:
After I click on on the small “i,” I get to a well-known display.
I do know the story from right here, which is sweet.
So, in abstract, I can see that analysts who’re used to working from an inventory of alerts could like to start out their investigations from the incidents web page. For MSSPs, this view can be helpful because it exhibits all incidents throughout all tenants in a single view. After all, you’ll be able to restrict this view by analysts, prospects, and so forth.
Menace Searching and Response Actions in Stellar Cyber
By this time, I’m satisfied Stellar Cyber gives an attention-grabbing method for MSSPs seeking to streamline their safety operations. Frankly, at this level in my assessment, I have not needed to write any particular scripts or do something apart from clicking some hyperlinks and scrolling round some screens to hypothetically reply to some nasty alerts, which isn’t the norm for these kind of merchandise.
Earlier than singing the praises of Stellar Cyber too extremely, I wished to try a few different said options, Menace Searching and response actions (aka SOAR). Let’s begin with menace searching. After I click on on “Menace Searching” from the menu, I’m introduced with this display.
Whereas these stats are attention-grabbing, I’m searching for actionable menace h; that is the place I see the search dialog field on the highest proper. I sort in login and spot the stats change dynamically. Scrolling down the display, I additionally see an inventory of alerts that has been filtered base on my search time period. Right here I see the acquainted “extra data” choice, so I do know the place that can take me.
I additionally observed one thing known as “correlation search” beneath the search dialog field. After I click on that, my display modifications to this.
I can load a saved question or add a brand new question. Clicking the add question, I see this question builder. This allows me to go looking basically any information Stellar Cyber shops to theoretically discover threats that went unnoticed. I may entry the menace searching library to entry beforehand saved queries.
You can even create response actions that can run robotically if the question you create returns any matches.
So, in abstract, Stellar Cyber gives a easy menace searching platform that does not require you to construct your personal ELK stack or be an influence scripter. For MSSPs, I can see this being a pleasant worth add they will provide prospects when rising threats are found within the wild.
Stellar Cyber is a stable safety operations platform with many options for the MSSP consumer. If you’re out there for a brand new SecOps platform, it’s price looking at what Stellar Cyber has to supply.