Category: Stellar Cyber

Stellar Cyber, the innovator of Open XDR, today announced that RSM US – the leading provider of professional services to the middle market – is leveraging the Stellar Cyber Open XDR platform to unify, expand and control the cybersecurity defenses across its Global MSSP Client Network.

RSM US operates a global managed security operations service, known as RSM Defense, which offers around-the-clock threat detection, response and intelligence services to its clients. As an MSSP, RSM Defense Director and Threat Operations leader Todd Willoughby’s team amassed a collection of discrete client data sources that focus on individual aspects of security, each with a separate console. RSM Defense integrated Stellar Cyber’s Open XDR platform into the MSSP model’s workflow because it unifies those tools and provides SIEM, NDR, UEBA and TPA tools in one comprehensive platform.

“Stellar Cyber is taking a different approach to what’s been offered in the market over the last 15 years,” said Willoughby. “Instead of just putting out just one tool, they are addressing the challenge of delivering a complete view of security events across our clients’ infrastructure under one pane of glass; and because it’s an open platform, integrating clients’ new or existing EDR and other security tools and data sources is a non-issue.”

Other advantages Willoughby found are the platform’s machine learning capabilities and robust, out-of-the-box detection rulesets, which enable him to level the playing field between newer and more skilled security analysts, making them all fully productive. “Great senior cybersecurity analysts are tough to find – even if you can find one, they can cost the business upwards of $150,000 a year, and most clients can’t afford that,” he said.

“Enterprises and MSSPs providing cybersecurity protection for multiple sites or customers need solutions that put them in control with a single pane of visibility, automatic data correlation and analysis, and rapid, bi-directional integrations to client security stack tools,” said Steve Garrison, SVP Marketing at Stellar Cyber. “Our platform delivers on those promises like no other solution in the market.”

About Stellar Cyber

Stellar Cyber’s Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity. The company is based in Silicon Valley. For more information, contact https://stellarcyber.ai.

About RSM

RSM is the leading provider of professional services to the middle market. The clients RSM serves are the engine of global commerce and economic growth, and RSM is focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business landscape. RSM’s purpose is to instill confidence in a world of change, empowering clients and people to realize their full potential. RSM US LLP is the U.S. member of RSM International, a global network of independent assurance, tax and consulting firms with 57,000 people in 120 countries. For more information, visit Security monitoring and response | Services | RSM US.

The post RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients appeared first on Cybersecurity Insiders.

Every security tool vendor talks about detection and response, so what makes NDR so special, and how does it relate to XDR / Open XDR?

NDR is special because it focuses on the nerve center of an organization’s IT infrastructure: the network. Wireless or wired device, endpoint or server, application, user or cloud – all are connected to the network, and the network never lies. It’s the foundation of truth about what’s happening in the IT infrastructure.

Network Detection & Response

NDR solutions use non-signature-based techniques (for example, machine learning or other analytical techniques) for unknown attacks alongside quality signature-based techniques (for example threat intelligence fused in-line for alerts) for known attacks to detect suspicious traffic or activities. NDR can ingest data from dedicated sensors, existing firewalls, IPS/IDS, metadata like NetFlow, or any other network data source, assuming strategic placement of sensors and/or other network telemetry. Both north/south traffic and east/west traffic should be monitored and traffic in both physical and virtual environments should be monitored. All data is collected and stored in a centralized data lake with an advanced AI engine to detect suspicious traffic patterns and raise alerts.

Once alerts are triggered, the analyst or NDR solution must respond. Response is the critical counterpart to detections and is fundamental to NDR. Automatic responses such sending commands to a firewall to drop suspicious traffic or to an EDR tool to quarantine an affected endpoint, or manual responses such as providing threat hunting or incident investigation tools are common elements of NDR.

So how does XDR relate to all this? In our view, NDR and XDR are not an either/or proposition. In fact, our Open XDR Platform incorporates NDR functionality natively, along with next-generation SIEM, threat intelligence and many other functions necessary for security operations. Using our dedicated sensors or integrations with existing security tools like firewalls, our platform captures and analyzes network traffic along with server logs, user information, endpoint data and many other data types to give security analysts a 360-degree view of their entire security infrastructure, along with the ability to respond quickly.

Our AI engine analyzes data from all sources across the IT infrastructure for anomalies and unknown threats (including NDR for network traffic), and correlates and combines related alerts into incidents. Those incidents are presented in our Loop dashboard interface in order of risk priority. This way, analysts are no longer chasing down every individual alert like swatting away so many flies, but can focus their attention on actual complex attacks – where they are occurring, how they’re occurring, and what to do about them, in a very efficient manner. And in many cases, our Open XDR Platform responds automatically by triggering actions in a firewall or EDR system, for example.

The result of natively incorporating NDR as part of XDR  is that our platform captures the real truth about what’s happening in your IT infrastructure, presents actionable information clearly with context and in order of priority, and allows analysts to counteract actual attacks instead of chasing hundreds or thousands of individual alerts each day. By combining NDR and Open XDR, we make security fun and effective again!

The post NDR vs. Open XDR – What’s the difference? appeared first on Cybersecurity Insiders.