Công Ty Cổ Phần Công Nghệ Nessar Việt Nam - Nessar

Logo
Vi

Next Gen SIEM Application

AnyConv.com__2020-03-26_14-19-27

A Single Powerful Intelligent SOC Platform

Empower Security Analysts

Grow with Data

More than just logs

Like legacy SIEM, log data is one of the data sources for the Starlight Open XDR platform with a powerful log parser for easy ingestion of log data from any third party. It helps customers with heterogeneous environments with different endpoints and different first-line security defenders such as firewalls and EDRs.

However, unlike legacy SIEM, Starlight supports varieties of data sources, especially with strong support for network traffic for NDR functions as well as many other detection functions like IDS and malware detection.

The data from different sources are normalized, and more importantly fused together to create contextual information about the users and assets (host names instead of IP addresses), location, time, commands, threats, vulnerabilities, etc. The contextual and actionable data accelerates investigation, threat hunting and forensics

Beyond simple queries

Like legacy SIEM, Starlight has a data lake for big data to store collected data. It has built-in tools for visualization of the data, for alerting and reporting, etc. As an open system, it also allows for customization of all these tools. However, the data lake is built on scalable microservice architecture for massive data volumes through clustering. It allows for quick searches of the data in a human-readable format.

Unlike legacy SIEM, Starlight has 20+ tightly-integrated security applications which are built as part of the platform. The applications include NTA, UBA, IDS, malware detection, threat hunting, and asset management, to name a few. It has detection across the entire kill chain. This helps security analysts detect, investigate and respond to cyber threats in minutes instead of days.

Beyond manual rules

Like legacy SIEM, as an open system, Starlight allows analysts to define their own rules to do threat hunting. It also has lots of pre-defined rules to enable less experienced analysts to be more productive. All of these rules can be automated.

Unlike legacy SIEM, Starlight leverages advanced techniques like machine learning for detection of unknown threats and abnormal behaviors without any rules or signatures. The User Behavior Analysis (UBA) app collects and fuses user-relevant data from a variety of data sources such as network traffic, Active Directory logs, and applications like Office365, and baselines users’ typical behavior to detect anomalous activities.

Starlight’s NTA application performs real-time and historic analysis by leveraging both supervised and unsupervised machine learning. Each detection is purpose-built with the right supervised or unsupervised machine learning model for its use case. Our security researchers and data scientists constantly tune the machine learning model for more detections and improvement of existing ones.

More than one site

Starlight supports multiple deployment scenarios for on-premises, in the cloud or by MSSPs/MDRs. Customers can choose the best scenario that meets their needs. With a family of sensors, Starlight provides full visibility into both hybrid cloud and cross cloud environments including container-based environments.

As an open system, Starlight can ingest data from many existing security tools such as EDR from Crowdstrike and SentinelOne; Firewall from Checkpoint, Palo Alto Networks and Fortinet; CASB from BitGlass; and Cloud from AWS to Azure to GCP. This provides pervasive visibility across the entire enterprise from endpoints to network to cloud

Giải pháp liên quan