Stellar Cyber, a provider of threat detection and response technology spanning multiple domains of enterprise infrastructure, has launched a capability for cloud environments to complement the endpoint and network dimensions already addressed by its Starlight platform. It calls it cloud detection and response (CDR), a term Omdia has championed for a while.
XDR covers endpoint, network, and cloud
The vendor refers to Starlight as an Open-XDR platform, adopting the parlance that Omdia coined in 2018, referring to a spectrum of detection and response technologies for endpoint (EDR), network (NDR), and other areas, eventually including cloud. NDR is sometimes referred to as network traffic analysis (NTA), but Omdia sees the latter as a subset of NDR, in that traffic analysis is necessary to detect threats, but NDR adds the critically important response capability that enables organizations to also mitigate threats. NTA was developed earlier for the purpose of network performance monitoring rather than as a security function. Indeed, a number of NTA vendors, such as Gigamon, Netscout, and ExtraHop, have expanded into NDR in recent years, to align with the direction of the security market and expand their target audience from network operations to security teams.
Since we began talking about an XDR continuum two years ago, several vendors have adopted the term: Palo Alto Networks, Trend Micro, and LogRhythm are some who now refer to part of their portfolios as XDR technologies. Stellar Cyber added the “open” prefix to accentuate the non-proprietary nature of its offering, in that it purports that it can draw on data from any source and enforce policy and remediation through any security tool available (firewalls, CASB, DLP, NAC, and so on) from any vendor.
Stellar Cyber offers automatic response capabilities built into its platform, with integrations with Check Point firewalls and Tenable vulnerability management, enabling it to trigger the blocking of a malicious IP address or to raise a ServiceNow ticket. For more advanced response functionality, it partners with various security orchestration, automation, and response (SOAR) vendors.
Starlight CDR App addresses SaaS, IaaS, and PaaS
Indeed, as more enterprises and vendors alike turn to the cloud, naturally that is the next logical place for XDR technology to be applied. Omdia had already anticipated the need for the term cloud detection and response, or CDR (albeit tentatively, given that the acronym already exists in the telecom world, where it stands for “call data record”).
Stellar Cyber has bitten the bullet with its nomenclature, however, launching the CDR App as part of Starlight Open-XDR. It works in software-as-a-service (SaaS) environments such as Office 365 and Salesforce, but also in the infrastructure- and platform-as-a-service (IaaS and PaaS) modes of delivering cloud computing.
The CDR App collects, transforms, and stores events from cloud-based applications and applies machine learning techniques to detect various types of attacks, such as account takeover. It also leverages the native APIs offered by the cloud service providers like AWS (the VPC Traffic Monitoring feature) and Azure (vTAP) for capturing cloud traffic data. And of course, customers using the full Starlight suite of products can aggregate events from the EDR capability with network, and now cloud, data for visibility across their infrastructure.
On the Radar: Stellar Cyber offers XDR with built-in traffic analysis, SIEM, and automated response, INT005-000099 (March 2020)
“Trend Micro starts to flesh out its XDR story,” INT005-000026 (August 2019)
“Palo Alto Networks Cortex XDR spans endpoint, network, and the cloud for detection and response,” INT003-000351 (April 2019)
Rik Turner, Principal Analyst, Cybersecurity