Stellar Cyber’s Open XDR Eases Big Cybersecurity Data Storage Woes


Storing metadata and offering flexible storage options sets Stellar Cyber’s platform apart

Stellar Cyber, an innovator of Open XDR, the only intelligent, next-gen security operations platform, announced that its open and highly flexible approach to the long-term storage of large volumes of security data eases concerns about storage complexity and costs seen in legacy SIEMs or some proprietary XDR solutions used by security operations centres.

Cybersecurity is essentially a data problem, with best practices necessitating capturing and retaining all available data to properly evaluate potential threats and keep an audit trail for future investigations. This approach causes skyrocketing storage costs and makes it much more difficult to identify real attacks because analysts often can’t see the forest for the trees with massive amounts of data. Voluminous data also makes forensics and threat hunting almost impossible on some legacy SIEMs due to poor query performance. 

Stellar Cyber’s intelligent SOC platform is more efficient, storing only security-relevant metadata in a scalable, elastic data lake, which reduces the amount of storage needed and makes it easier to identify anomalies more quickly. Once it collects the metadata, Stellar Cyber’s AI-powered analytical engine evaluates it and alerts analysts to even the most complex attacks.

‘We were having a real problem storing data from a traditional SIEM,’ said Joe Morin, CEO of CyFlare. ‘Stellar Cyber’s metadata parsing and flexible storage options save us money on resources while making our analysts more efficient.’

Flexible Storage Designed for Scalability and Efficiency

Most SIEM products not only force collection and storage of irrelevant data, but they don’t offer any flexibility in what, how or where data is stored. With Stellar Cyber, users have many choices through its Open XDR platform. They can pick the right data to be collected, customise data retention time by type of data (on a per-tenant basis in a multi-tenancy environment), choose whether data is kept in hot or cold storage, and pick where to house cold storage (on-premises with a NAS or JBOD system or in the cloud) to further save on costs.

‘Scaling storage is a top complaint by legacy SIEM users – the SIEM sucks up all the data, but then you have to store it somewhere,’ said Zeus Kerravala, principal analyst at ZK Research. ‘Stellar Cyber’s platform keeps only the relevant data for security analysis and then gives users a lot of options for how and where it’s stored.’

Stellar Cyber’s fast forensic analysis and threat-hunting capabilities are built on top of its scalable elastic data lake, which is designed for storing large volumes of data with fast search performance on a cloud-native, microservice architecture. The collected data is normalised, enriched in real-time with context, correlated, and can be searched quickly by any data field or any combination of fields. Data is automatically evaluated for anomalies by the platform’s AI-powered detection engine, and analysts can use pre-built or home-grown threat-hunting playbooks to ferret out threats wherever they reside.

‘Data storage is a major challenge for users of security systems, particularly legacy SIEMs,’ said Steve Garrison, VP of Marketing at Stellar Cyber. ‘We thought through this issue when designing our Open XDR platform, and now offer a number of ways in which customers can optimise their storage to improve efficiency and save costs.’

Open XDR vs. XDR

While standard XDR platforms enforce vendor lock-in and abandonment of existing security tools, Stellar Cyber’s unique Open XDR platform works seamlessly with existing EDR, SIEM, UEBA, NTA, and other solutions to preserve their investments. In addition, Stellar Cyber’s platform enhances those investments by ingesting their data, normalising and correlating it, applying AI-driven analytics to inspect it, and automatically responding to complex threats. Only Stellar Cyber’s Open XDR delivers these benefits.