The Silicon Review
“Application-based, intelligent and open platform, Starlight is the first automated detection and response Open-XDR security platform.”
Globally, the number of cyberattacks has increased at an alarming rate. Statistics suggests that larger the business, the more likely it will experience an attack. However, this does not mean that smaller enterprises are immune to cyberattacks. No business that has an online presence is free from cyberattack, and legal, financial and physical implications from the attack can have drastic effects on the business.
Every business that has an online presence must invest in cybersecurity measures, which include uncovering breaches, scrubbing thousands of daily firewall logs, ransomware protection, and helping the organization see complex cyberattacks more proactively. Stellar Cyber is a cybersecurity firm based in Santa Clara, California that was founded in 2015 to help customers address these issues. Stellar Cyber’s Starlight is the world’s first open detection/response (Open-XDR) platform, automatically connecting dots throughout the entire security infrastructure and proactively responding to attacks wherever they occur. Starlight is application-based and integrates with existing security infrastructure such as firewalls, vulnerability management tools, CASB tools and EDR infrastructure, delivering a single pane of glass presenting results in an intuitive dashboard to supercharge analyst productivity by over 20X.
In conversation with Changming Liu, CEO and Co-founder of Stellar Cyber
Q. Can you tell us about your products in brief?
Stellar Cyber’s Starlight Open-XDR platform is a comprehensive open system that delivers pervasive protection from complex cyberattacks anywhere applications and data reside. Starlight Open-XDR helps customers collect and present the right data so that they are more empowered to avoid security data overload and alert fatigue. Since Starlight can be deployed anywhere, is application-based, intelligent, integrates with anything and filters down to the right data , it helps customers regardless of their cloud posture: on-premises, in public clouds, and with service providers, and also provides visibility into SaaS infrastructure such as Office365.
Q. What are some of the significant challenges you faced in initial years? How did you overcome them?
The founders knew that in security there is a data problem. Organizations have dozens of siloed tools and as a result siloed data. It is therefore difficult to correlate common events or related events. Stellar Cyber’s founders first invented a family of seven sensors and agents suited for a variety of customer environments. These sensors index security metadata at ingestion, ensuring from the beginning that there is a means to normalize and make correlations. Deep-packet-inspection (DPI) at ingestion ensures only needed metadata is kept, which reduces storage costs. The solution had to be deployable anywhere, so they realized they needed a micro services-based platform that is container-ready, and they built a user-friendly GUI. With a GUI that follows the Lockheed Martin kill chain and also aligns with NIST’s and MITRE’s frameworks, security analysts can work intuitively as they move from collecting the right data, detecting events, investigating those incidents and then responding to high-risk events. The Starlight Open-XDR platform is application-based because customers now expect app environments in the workplace along with a GUI to help them work more efficiently–similar to what they have at home on their iPhone or Android smartphones. And app-based means the security metadata is shared across all apps, helping analysts break through the siloed tools they worked with in the past.
Q. How do you gather insights to update your offerings?
Deception sensors are deployed globally by Stellar Cyber to allow them to get hacked, and our data science team learns and builds machine learning and deep learning techniques to leverage what we know to thwart behavior that we see coming. Customers also deploy deception sensors in their environments for sandboxing. Customers and partners who use, install and deliver services with our software – both enterprises and managed security service providers (MSSPs) – all give us ideas about how to improve Starlight Open-XDR, both in terms of usability and new functionality.
Q. There are other major players in this segment. How do distinguish your services/ stand out from the rest?
We are part of an emerging new category called XDR – anywhere (X) detection (D) and response (R), which reflects the idea that an enterprise attack surface is no longer a single point. It is anywhere, from within, from outside, or from host-to-host attacks. Palo Alto Networks is building their platform, Cortex, through acquisitions (LightCyberis one example). As a startup, Stellar Cyber had the XDR vision from day one and built an Open-XDR platform as we intend to attract a thriving ecosystem. Many customers do not want a rip-and-replace story; they want to augment what they have and make it better. Industry analyst firms Enterprise Strategy Group (ESG) and Ovum track the new XDR category.
Q. How do you deal with the “never ending change” in digital transformation?
Q. What is the contribution of AI and machine learning to cybersecurity?
These are techniques that help humans scale by parsing the chaff from the wheat, or finding the needle in the haystack. Also, to automatically connect dots and correlate multiple attacks that by themselves look okay, you need machine learning to help see those connections. These multi-pronged attacks are more common than what current siloed tools see. For example, a firewall won’t help you see that a server is being attacked by a user who stole an email account from one of your employees.
Q. How do you market your products?
Customers want to reduce risk without disruption. To that end, we have a partner ecosystem. Open-XDR is about a community of tools working together. We integrate with all security infrastructure, and have over 100 integrations. We also partner more formally when we want to create an automated response with a partner – such as with Check Point and Tenable. Once we see a detection, we can help respond automatically. For mid-market and smaller companies, we sell through the booming MSSP channel.
Q. Do you have any new services ready to be launched?
Yes, we are expanding both detections into SaaS apps and Entity (asset) visibility.
Q. What are your trajectories for the next 5 years?
Our plans are to form more partnerships in the CASB, firewall, and vulnerability spaces and expand more globally.
Changming Liu, CEO and Co-founder of Stellar Cyber
Changming’s security career started at NetScreen, he is also the Founder of AeroHive. Changming learned that you need great tech and a great GUI – users expect more than just tech today. That is his passion as he leads Stellar Cyber. This is his second start up as the founding CEO.