As cyberattacks get more sophisticated, Changming Liu, CEO and Co-founder at Stellar Cyber, talks about how its platform addresses the complexity of cyberattacks and why it’s essential for organisations to have high-speed, high-fidelity threat detection and automated response across the entire attack surface.
How do enterprises achieve the required security and agility from the latest tools in a way that will positively impact their business operation?
Companies spend millions on securing their infrastructure, but attacks are increasing and growing more sophisticated every day. Analysts are besieged with alerts, many of which are meaningless, and it takes days, weeks, or months to discover some complex attacks. Stellar Cyber addresses this problem by aggregating alerts into incidents and prioritising them to be easy to spot.
Traditional siloed approaches to security leverage one or two dozen discrete tools, each with its own console, and it is left to analyst teams to correlate alerts to discover an attack manually. The concept of XDR, which we translate as Everything Detection and Response, is to pull data from all security tools into a central dashboard and analytical engine, correlate that data, and up-level thousands of alerts into a dozen or so incidents. This process makes analysts much more productive and enables them to spot and deal with attacks much more quickly.
Most businesses are working remotely. How has the shift to remote working impacted cybersecurity?
Remote working has blown up the traditional concept of the Security Operations Centre, typically a windowless room with a dozen or more oversized monitors and rows of security analysts watching them and responding. Now, analysts work from home or in distributed global locations, so enterprises need to use distributed, web-enabled security tools to support this new environment.
What are some of the industrial sectors that Stellar Cyber caters to?
We reduce enterprise risk more cost-effectively. We reach our customers through channels, distribution, resellers and managed security service providers (MSSP).
Our platform benefits all kinds of businesses, including manufacturing companies such as Gepp, financial services and regional banks such as the Government Savings Bank of Thailand, higher education institutions such as the University of Zurich and government agencies such as Indonesia’s tax department.
What are the applications, or rather opportunities, you seek to have with your product?
Simply put, modern attacks are causing customers to react, re-prioritise budgets and reflect and challenge best practices that seem to be breaking down. If the weekly major breaches are not enough evidence of that, our rapid growth demonstrates that we see a clear need.
The use cases that help us shine are seeing the early stages of a ransomware attack using our powerful AI engine or seeing an attack through a SaaS application such as Microsoft 365. Security today is a big data problem, analytics matter, and you need them in real-time. Stellar Cyber helps teams see patterns in the noise faster and more cost-effectively than any traditional solution.
With the advancement of digitisation in businesses worldwide, how are cyber threats becoming more sophisticated?
Increasing digitisation increases the number of attack vectors in an organisation. After all, you can’t hack a manual typewriter. Our platform addresses the increasing frequency and complexity of cyberattacks by pulling all data into one intuitive dashboard, automatically analysing that data, and in many cases, automatically responding to threats through legacy security systems such as firewalls.
In terms of security intelligence, what should cybersecurity companies do to protect Customer Identity Information?
Customer identity information is no more or less important than financial or intellectual property. The answer is always the same – gain more visibility into your digital systems, monitor closely for anomalous behaviour, and respond quickly to block attacks in progress.
Stellar Cyber integrated third-party threat intelligence feeds into its everything detection and response (XDR) platform. Tell us about it.
We coined the idea of Open XDR because we integrate data from existing, third-party security tools and telemetry into our platform’s analysis of cyber threats — this ensures customers retain investments.
We first normalise all data (standardising its format) upon ingestion by our platform, which allows our AI engine to evaluate it properly. The AI engine automatically hunts for threats, prioritises them by order of severity, and indicates where threats are located and what to do about them. In many cases, our platform interacts directly with third-party tools to block threats. For example, if our platform detects malicious activity through a particular firewall port, it can command the firewall to block that port.
What is that one leadership motto you live by?
Focus on building a strong culture of transparency, meritocracy and teamwork.