A Single Powerful Intelligent SOC Platform
Empower Security Analysts
Detects unknown threats and abnormal behaviors via advanced techniques like AI
1000s of pre-built detections without the need for manually-defined rules
Accelerate investigation, threat hunting and forensics via contextual and actionable data
Open system for customization in visualization, threat hunting, reporting, etc.
20+ tightly-integrated security applications like Compliance, NTA, UBA, IDS, APT
Detect, investigate and respond to cyber threats in minutes, not days
Grow with Data
Curate multiple data sources, i.e., network traffic, logs, files, threat intelligence
Powerful log parser for easy ingestion of any third-party data
Scalable big data infrastructure with microservice architecture for massive volume
Flexible deployment scenarios for on-prem, in cloud or by MSSP
Pervasive visibility across the entire enterprise, from endpoints to network to cloud
A family of sensors and collectors for data collection in a heterogenous environment
Key Features
More than just logs
Like legacy SIEM, log data is one of the data sources for the Starlight Open XDR platform with a powerful log parser for easy ingestion of log data from any third party. It helps customers with heterogeneous environments with different endpoints and different first-line security defenders such as firewalls and EDRs.
However, unlike legacy SIEM, Starlight supports varieties of data sources, especially with strong support for network traffic for NDR functions as well as many other detection functions like IDS and malware detection.
The data from different sources are normalized, and more importantly fused together to create contextual information about the users and assets (host names instead of IP addresses), location, time, commands, threats, vulnerabilities, etc. The contextual and actionable data accelerates investigation, threat hunting and forensics
Beyond simple queries
Like legacy SIEM, Starlight has a data lake for big data to store collected data. It has built-in tools for visualization of the data, for alerting and reporting, etc. As an open system, it also allows for customization of all these tools. However, the data lake is built on scalable microservice architecture for massive data volumes through clustering. It allows for quick searches of the data in a human-readable format.
Unlike legacy SIEM, Starlight has 20+ tightly-integrated security applications which are built as part of the platform. The applications include NTA, UBA, IDS, malware detection, threat hunting, and asset management, to name a few. It has detection across the entire kill chain. This helps security analysts detect, investigate and respond to cyber threats in minutes instead of days.
Beyond manual rules
Like legacy SIEM, as an open system, Starlight allows analysts to define their own rules to do threat hunting. It also has lots of pre-defined rules to enable less experienced analysts to be more productive. All of these rules can be automated.
Unlike legacy SIEM, Starlight leverages advanced techniques like machine learning for detection of unknown threats and abnormal behaviors without any rules or signatures. The User Behavior Analysis (UBA) app collects and fuses user-relevant data from a variety of data sources such as network traffic, Active Directory logs, and applications like Office365, and baselines users’ typical behavior to detect anomalous activities.
Starlight’s NTA application performs real-time and historic analysis by leveraging both supervised and unsupervised machine learning. Each detection is purpose-built with the right supervised or unsupervised machine learning model for its use case. Our security researchers and data scientists constantly tune the machine learning model for more detections and improvement of existing ones.
More than one site
Starlight supports multiple deployment scenarios for on-premises, in the cloud or by MSSPs/MDRs. Customers can choose the best scenario that meets their needs. With a family of sensors, Starlight provides full visibility into both hybrid cloud and cross cloud environments including container-based environments.
As an open system, Starlight can ingest data from many existing security tools such as EDR from Crowdstrike and SentinelOne; Firewall from Checkpoint, Palo Alto Networks and Fortinet; CASB from BitGlass; and Cloud from AWS to Azure to GCP. This provides pervasive visibility across the entire enterprise from endpoints to network to cloud
