Security provider Stellar Cyber, with the first Open-XDR platform, announced its new Firewall Traffic Analysis (FTA) Application, which supercharges firewalls by analyzing their data to spot undetected anomalies.
With this new App, security analysts get an automated assistant to detect firewall misconfigurations, malicious users and abnormal traffic to gain new value from firewall data, improving analyst productivity typically over 20x. The FTA Application supports firewalls from many vendors including Cisco, Check Point, Fortinet, Palo Alto Networks and Sophos.
Firewalls have limited resources in terms of processing power and storage size, so they have limited intelligence and they are usually optimized only for policy enforcement. Stellar Cyber’s Open-XDR platform can cost-effectively store firewall traffic logs for forensics, compliance and threat hunting.
The new FTA App leverages additional sets of enriched data such as Threat Intelligence, geolocation, username and host name to create better context for the data. It also leverages advanced machine learning and big data analytics in conjunction with other detections to fuse context into the data.
This process in effect adds a second set of eyes uncovering additional cyberthreats and anomalies, from firewall misconfigurations to Command and Control (command & control) Domain Generation Algorithms (DGA) and data exfiltration like DNS tunneling to malware detection such as ransomware.
The App also leverages closed-loop automated workflow to block attackers through firewall APIs.
“Firewalls are relatively passive because they have a limited processing capability and apply a static set of rules to traffic,” said Iker Simsir, Principal Product Manager at Stellar Cyber.
“Our FTA App delivers the automated intelligence of our Starlight platform to provide important new insights from firewall data and run through machine learning to elevate to the next level of security analysis.”