Stellar Cyber’s AI-driven incident correlation increases attack detection efficiency

Stellar Cyber announced a major leap to boost security analyst efficiency to identify attacks earlier. The new incident correlation technology utilizes advanced GraphML algorithms to automatically group and consolidate large volumes of alerts and events into a much smaller number of highly precise and actionable incidents. The advancement gives security analysts far more actionable information about how and where attacks are occurring, and which are the most severe.

Stellar Cyber incident correlation

“Stellar Cyber’s initial interface aimed to increase security analyst efficiency by presenting a lot of critical information in an easy-to-read format, but the AI-powered incident correlation represents a leap by orders of magnitude,” said Rik Turner, Principal Analyst at Omdia. “The new approach uses the company’s machine learning algorithms to automatically group and prioritize events, avoiding the pitfalls of a flood of minimally productive alerts. Now analysts can see the source and progression of attacks more quickly and take action to curtail them in a timely fashion.”

Shifting from being alert-based to incident-based dramatically improves the efficacy of a detection by combining a group of related alerts and events for far higher levels of accuracy and intelligence. The approach minimizes the problem of an overwhelming number of individual alerts with a high proportion of false positives.

This capability enables an order-of-magnitude efficiency improvement by dramatically reducing the manual work and number of cases for security analysts. The breakthrough approach prioritizes incidents by providing greater detail and better context and through automatic scoring. Both Mean Time to Detection (MTTD) and Mean Time to Resolution (MTTR) decline significantly, reducing the potential risk from modern cyberattacks.

“Stellar Cyber’s new AI-driven incident correlation alert grouping capability makes it far easier for our teams to prioritize collections of alerts that point to an attack. Attacks that might have taken days or weeks to discover are now obvious in minutes,” states Presley Prescott, founder and CTO of LOEPRE, a Stellar Cyber partner and OEM based in Germany.

Supercharged analyst productivity

For the security operations leader, the new functionalities in Stellar Cyber 4.0 set a new standard for higher efficiency, better efficacy and improved analyst performance. The platform now incorporates the new Loop interface of the XDR Kill Chain, which combines a creative, more realistic kill chain with advancements over the MITRE ATT&CK framework to clearly point out attack issues and advise exact steps to remediate them. The platform’s multi-site, multi-tenant architecture makes it easy to manage security on a departmental or individual customer basis.

In a typical security tool, alerts are presented as equals, and there may be dozens or hundreds of them coming in every hour. Using advanced GraphML machine learning algorithms, the Open XDR platform enables security analysts to focus on a smaller number of incidents that are vastly more comprehensive, accurate and meaningful, rather than a large volume of alerts with broad variance of fidelity and importance. Now analysts can work with incidents instead of alerts to get a fast and complete picture of attacks. This effectively reduces the number of things an analyst must track and manage, enabling the analyst to respond more quickly and effectively.

“Businesses of all sizes are facing increasingly complex threats and at the same time experiencing a shortage of skilled staff positions to help respond to these issues,” said Fleming Shi, CTO at Barracuda. “At Barracuda, we protect and support our customers for life. Integrating our innovative security products with platforms such as Stellar Cyber’s Open XDR provides Barracuda customers with the ability to add detection and response to their current investments.”

False positive alerts have caused chronic alert fatigue and reduced efficiency of security teams and the ability to find attacks early. By combining many related alerts and events into a cohesive incident, the accuracy of a detection can be improved by orders of magnitude. This also allows the security analysts to spot potential threats otherwise missed as multiple lower-priority events can raise the priority of an incident, which gets security analysts’ attention.

“Clearly, security analysts have needed a new way to look at data, not as individual alerts but as actual attack incidents, so they can more easily prevent attackers from gaining a large foothold in the infrastructure,” said Sam Jones, VP of Product Management at Stellar Cyber. “Purpose-built for XDR, our AI-powered incident correlation makes that idea a reality.”

Don't miss