Stellar Cyber introduced a realistic XDR Kill Chain to serve as a new model, addressing the current realities of cyberattacks and focus efforts to stop an attack early and quickly.
The new version builds on the MITRE ATT&CK framework to reflect the iterative approach of attackers and the likelihood of attacking any point or multiple points of an organization’s attack surface. The XDR Kill Chain serves as a blueprint for “killing” or stopping an attack, rather than just as model to portray single-dimensional attack progression.
“Today’s cyberattacks don’t often proceed in a linear fashion, so alerts on aspects of those attacks don’t directly point to evidence of an overall attack,” said Zeus Kerravala at ZK Research. “By combining alerts into actual incidents, Stellar Cyber becomes the first Open XDR platform to clearly identify attacks, their sources and how to remediate them.”
Stellar Cyber has incorporated its XDR Kill Chain into the new version 4.0 of its Open XDR platform. It is the first platform on the market to integrate a kill chain that is purpose-built for XDR, increasing the ability of security analyst teams to spot quickly both internal and external attacks as well full attack progressions. The new version enables both enterprises and MSPs/MSSPs/MDRs to make powerful new advancements in security team efficiency and boost the effectiveness of cybersecurity protection, detection and response.
“XDR platforms collect a lot of data from across an organization’s entire infrastructure, and this really calls for a new cyber kill chain that can consider the broad visibility and more accurately map to today’s attack methodologies,” said Rik Turner, Principal Analyst at Omdia. “Stellar Cyber is known for aggregating data without restriction, while also addressing detection and monitoring gaps, so incorporating this Novel XDR Kill Chain will direct security teams with findings that are meaningful, prioritized and actionable.”
These new features leverage more than four years of ongoing research and development, during which Stellar Cyber has become the leading Open XDR platform. Unlike other platforms, Stellar Cyber can ingest data from any popular security tools as well as utilizing its own sensors and agents. The platform normalizes disparate data sets so they can be automatically evaluated and correlated by its advanced AI engine and then prioritizes threats for immediate attention by security analysts. The platform can also respond to incidents quickly through a tight integration with many existing security tools.
“As a top 100 MSSP, we run an in-house SOC-as-a-Service function for our customers, and due to our large size, we are a target for hackers,” said Joe Morin, CEO of CyFlare. “Stellar Cyber is the only product we trust to help us manage our risk and costs with its new XDR Kill Chain, ensuring we efficiently combat threats across our customer base.”
Enhanced risk reduction
For CISOs, Stellar Cyber 4.0 reduces the risk of attack damage even more than previous versions. Every corporation is subject to attacks, so the issue is not to avoid them, but to detect them early and defeat them. This requires seeing attack behaviors as early as possible in the cyber kill chain and responding to them as quickly as possible.
The existing cyber kill chain was invented many years ago when attacks were dominated by malware. Today, malware is just one of the many attack weapons, and high-value attacks typically employ multiple tactics that are directed by an attacker. Although detailed, the MITRE ATT&CK framework has become a more popular model, but it places the primary focus on endpoints. The resulting perspective is both limited while also very detailed with many tactics and techniques involved with a single aspect of attacks.
Stellar Cyber’s XDR Kill Chain delivers a breakthrough in enterprise security risk reduction by combining the high-level view of attack progression and the detailed tactics and techniques used in each attack. It is the first new kill chain invented in years and designed specifically to take advantage of powerful XDR detections, where attackers can target any point in the infrastructure. The XDR Kill Chain features a loop which prioritizes detections into five phases: initial attempts, persistent foothold, exploration, propagation and exfiltration /impact.
The model captures the progression of complex attacks so that incidents appear in the context of the five-phase kill chain so analysts can easily understand their priority without getting lost in details. This allows analysts to easily see attacks as they happen and respond to the most emergent or urgent needs first.
The Stellar Cyber platform also incorporates the commonly used MITRE ATT&CK framework for detailed analysis. It not only maps the existing tactics and techniques into the five phases of the kill chain but also adds new tactics and techniques beyond the MITRE ATT&CK framework. The loop interface also clearly shows external versus internal attacks which helps analysts know exactly where to look to stop attackers.
“By creating a new attack model that puts ‘kill’ back into the concept of kill chain and integrates it with our Open XDR platform, we decisively shift the odds of security teams being on the losing end of a cyberattack,” said Sam Jones, VP of Product Management of Stellar Cyber. “In addition, with the XDR Kill Chain woven into our platform, customers can improve their risk management, increase analyst productivity and lower costs now more than ever.”
Version 4.0 of the Stellar Cyber platform is currently in general availability.