Security provider Stellar Cyber, with the first Open-XDR platform, today announced its new Firewall Traffic Analysis (FTA) Application, which supercharges firewalls by analyzing their data to spot undetected anomalies. With this new App, security analysts get an automated assistant to detect firewall misconfigurations, malicious users and abnormal traffic to gain new value from firewall data, improving analyst productivity typically over 20x. The FTA Application supports firewalls from many vendors including Cisco, Check Point, Fortinet, Palo Alto Networks and Sophos (see “Stellar Cyber Partners with Check Point Software Technologies to Provide Automated Orchestration, Visibility and Response”).
Firewalls have limited resources in terms of processing power and storage size, so they have limited intelligence and they are usually optimized only for policy enforcement. Stellar Cyber’s Open-XDR platform can cost-effectively store firewall traffic logs for forensics, compliance and threat hunting. The new FTA App leverages additional sets of enriched data such as Threat Intelligence, geolocation, username and host name to create better context for the data. It also leverages advanced machine learning and big data analytics in conjunction with other detections to fuse context into the data. This process in effect adds a second set of eyes uncovering additional cyberthreats and anomalies, from firewall misconfigurations to Command and Control (command & control) Domain Generation Algorithms (DGA) and data exfiltration like DNS tunneling to malware detection such as ransomware. The App also leverages closed-loop automated workflow to block attackers through firewall APIs.
“Firewalls are relatively passive because they have a limited processing capability and apply a static set of rules to traffic,” said Iker Simsir, Principal Product Manager at Stellar Cyber. “Our FTA App delivers the automated intelligence of our Starlight platform to provide important new insights from firewall data and run through machine learning to elevate to the next level of security analysis.”
Helpful Stellar Cyber links
About Stellar Cyber
Stellar Cyber makes Starlight, the only comprehensive security platform providing maximum protection of applications and data wherever they reside and automatically responding to attacks wherever they occur. Starlight tightly integrates dozens of security applications from an App Store and presents results in an intuitive dashboard to supercharge analyst productivity by slashing attack response times to seconds or minutes. Starlight deploys easily on premises, in public clouds or with service providers. Stellar Cyber is based in Silicon Valley and is backed by Valley Capital Partners, Northern Light Venture Capital, SIG and other investors. For more information, contact https://stellarcyber.ai.