Stellar Cyber
The Case for Open XDR – X Means Everything
The current model for cybersecurity is broken. It consists of acquiring and deploying a lot of stand-alone tools, each with its own console, to analyze logs or traffic and detect anomalies that could be threats. In this model, it’s up to each security analyst to communicate with other analysts to determine whether each tool’s individual detection (each […]
Cyberthreats Go Sideways
The cyber threats are going sideways. Here I’m not talking about Sideways, the 2004 movie starring Paul Giamatti and Thomas Hayden Church that made Pinot Noir famous while the pair traveled through Santa Barbara County wine country in seven days. Rather, I’m talking about cyberattacks that work through lateral movement through your network infrastructure. No one wants to get famous because […]
XDR Delivers Significant Performance Improvement over SIEM
In every SOC environment, there are two key metrics that demonstrate efficiency and effectiveness: Mean Time to Detection (MTTD) and Mean Time to Remediation (MTTR). The risk and exposure from any cyber threat can be reduced significantly by improving these metrics. Stellar Cyber recently completed a study with its MSP and MSSP partners, to determine how much our Open […]
Was SUNBURST really a Zero-day attack?
Most companies affected by the SolarWinds attack learned about it from the Department of Homeland Security. Wouldn’t it have been better for them to have learned from their MSP/MSSP before DHS came calling? With Stellar Cyber, you would have known right away. The reason this breach was so successful was that the attackers leveraged a trusted source – the software […]
A Single PAIN of Glass
Recently we wrote on open extended detection and response (XDR) platform and the problems it helps solve. In case you didn’t read it, the topic was data fatigue. With more than 1500 security vendors with thousands of point products solving point solutions – understaffed and under-skilled security teams are at a huge disadvantage. Add to […]
SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis
On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and trojanized SolarWinds Orion business software updates in order to distribute backdoor malware called SUNBURST. Because of the popularity of SolarWinds, the attacks have affected multiple government agencies and many Fortune 500 companies. It also appeared in […]
Red Team / Blue Team Testing – The Big Picture
Ever since offensive security testing began, we have expected that the test or simulation will find something. Even if a pen tester doesn’t uncover an issue, the best ones can always achieve success through phishing or social engineering of your organization’s employees. In the same way, Red Team-Blue Team exercises highlight the near impossibility of foiling a motivated attacker […]
Leverage the Tools and Telemetry You Trust
The industry is at a pivotal point. With the pandemic driving up work-from-home and forcing hybrid work environments as well as many applications moving to the cloud, cybersecurity professionals are challenging best practices and once-thought foundational assumptions. Is a platform with tightly integrated native capabilities the right foundation for the future security instead of siloed […]
Myth Buster: Data Fatigue is Not Real
The noise is real. Of that, we can agree. It started way back in history – whoops, wrong topic (shout out to all of you who know that lyric). Basic packet captures – the final arbiter of proof, started all this and has continued nonstop until this very day. Every security analyst worth his/her salt […]
How to connect all the dots in a complex threat landscape
Originally published in Security infowatch As the volume of cyberattacks grows, security analysts have become overwhelmed. To address this issue, developers are showing more interest in using Machine Learning (ML) to automate threat-hunting. In fact, researchers have tried to implement ML in cybersecurity solutions since the late 1980s, but progress has been slow. Today, ML is […]