Starlight 3.1 leverages AI and ML for automated threat hunting

Security professionals have long struggled with cyber defense activities like manual threat detection and extreme firewall noise – until now.

Security analytics provider Stellar Cyber announced Starlight 3.1, the first Unified Security Analytics Platform that leverages artificial intelligence (AI) and machine learning (ML) for automated threat hunting and advanced breach detection, enabling businesses to not only rapidly detect and contain emerging threats, but also to reap significant savings in time, costs, and human capital.

With soaring demand from MSSPs, VARs, and mid- to large-sized companies, Stellar Cyber is also experiencing “hockey stick” growth and now serves more than 100 customers worldwide.

“At Stellar Cyber, we hear a shared lament from companies of all sizes and industries: they can’t afford to be the next Equifax, and they are tired of wasting countless hours in manual detection and defense activities,” said Stellar Cyber CPO John Peterson. “The launch of data- and AI-driven Starlight is a timely unified solution that allows organizations to automatically detect and thwart attacks on their critical data systems before damage is done or data is lost. Our recent months of rapid customer traction validates the timeliness and need.”

With Starlight, the SOC command center, security administrators will have faster, better, and more accurate detection and response. An all-in-one platform for pervasive data collection, breach detection, investigation, and response (CDIR), Starlight delivers the following new capabilities in the 3.1 release, ranking it as one of the most robust security analytics platforms in the market today.

Automated threat hunting

An industry first, this revolutionary capability automates the way administrators search for and respond to threats. Instead of running the same queries manually every time, administrators can create queries and rules that automatically execute on set schedules and automatically trigger response actions such as emailing of alerts and initiating direct firewall blocking actions.

Firewall machine learning

Starlight 3.1 is the only product to apply machine learning to firewall data, eliminating event noise and providing visibility for high-fidelity firewall anomalies. Administrators can not only focus on relevant deny events but can now also gain higher-level visibility of the overall firewall policy use. While machine learning is difficult to achieve without overhauling the firewall infrastructure, Starlight enables this capability and allows administrators to send firewall log data for analysis, detection, and response to anomalous firewall actions and rule usage. Starlight works with major firewall providers including Palo Alto Networks, Fortinet, Checkpoint, Juniper, Hillstone, and AWS.

Improved breach detection

Starlight 3.1 is unique in its ability to correlate both intrusion attempt data from built-in machine learning intrusion detection systems (ML-IDS) and third party vulnerability scan data, providing the highest fidelity and most accurate breach detection data. Thus, administrators can better discover actual breaches vs. breach attempts or excessive false positives.

“We reviewed many solutions and are very happy to select Stellar Cyber’s Starlight to enhance our Security Operations Center’s maturity,” said John Graham, Global CISO at EBSCO, an enterprise customer of Stellar Cyber. “We needed a cutting-edge solution for our team to better protect EBSCO’s very diverse portfolio of businesses globally. The Starlight platform brings together advanced AI and machine learning to present our team with ‘real anomalies’ in an easy-to-understand and action format aligned to the cyber kill chain. In a very short time, the system has already, during proof of concept, shown effectiveness in removing normal non-threatening activities from those we should be focused on.”