Security provider Stellar Cyber, with the first Open-XDR security application platform, announced that it has added a new “Data Streaming” Application to its Starlight platform.
This App slashes the cost of using an existing SIEM by reducing and optimizing the data fed to it, and ensuring that only high-fidelity, actionable events reach the SIEM instead of oceans of data.
With a stand-alone SIEM, customers are used to dumping everything in it in the hope that they will catch all known threats by querying that data, but this data can overwhelm a SIEM and lead to hours or days of frustration as analysts weed through data to find actionable threats.
Starlight’s Data Streaming Application uses machine learning and advanced analytics to determine which events are actually security related events and forwards them to the SIEM so analysts can query the reduced data and achieve superior threat-fighting results.
In this way, Starlight’s automated detection and response mechanisms improve the value of a SIEM while also reducing its cost, since the cost is typically based on data volume.
Stellar Cyber’s “Interflow” technology reduces, enriches and correlates original data including security information such as Threat Intelligence, location information such as Geo location, user name, hostname, domain names, or machine learning results like DGA, port-scan, etc.
The context from Interflow, as exportable and searchable JSON files, provides details analysts need to quickly reach conclusions. Interflow processed data from Starlight can be fed to the existing SIEM to improve both analyst and SIEM efficiency.
“By itself, a SIEM is a passive (and massive) repository of log information that must be laboriously queried to identify threats,” said Ilker Simsir, Principal Product Manager at Stellar Cyber.
“Our Data Streaming App reduces the volume of data in a SIEM by feeding it only actionable, high-fidelity events so analysts can be much more productive with their queries.”