Starlight delivers the broadest security data collection engine – physical, virtual, container, cloud – to ensure you see the whole picture. Starlight’s data processing pipeline curates all security data to weed out unimportant events.

The sensors and agents transform raw data into Interflow records and send it to a centralized data processor and data lake that deduplicates, correlates, enriches, indexes and stores the data that it receives. Once this data is received, it then runs complex analytics on the dataset to identify high fidelity breach events. Starlight has 18 tightly-integrated security applications — the first security App Store — that share data on one platform and features built-in analytics that leverage machine learning to eliminate alert noise and improve the accuracy of detecting critical security events. With this methodology, organizations can gain human work force efficiencies by augmenting security operations teams with big data analytics and artificial intelligence.

Starlight’s Capabilities

• Capture the right data. Starlight eliminates blind spots through its unique set of data collectors that include agent sensors, network sensors, security sensors and deception sensors. These sensors can be deployed as software, hardware appliances or virtual appliances and can be collected from any environment. The sensors collect packets, files & logs and transforms the data collected into a proprietary Interflow data set that is reduced and fused data.

• Detect the real threats. Once data has been collected, reduced and given context, Starlight runs advanced machine learning algorithms on the new and improved data set in order to detect higher fidelity security events. With this methodology of getting the data set right before applying detection techniques, Starlight solves the age-old problem of garbage in, garbage out. Security Analysts benefit with this approach by chasing down less false alarms.

• Pinpoint problems. Starlight’s Interflow data is the foundation for security investigation and threat hunting. Because Interflow fuses contextual data into packet and log records, security analysts have a single record that can be looked at when trying to prove that a detection is accurate and actionable. When looking for evidence for security detections, analysts no longer have to mentally try and stitch together data from packets and logs make sense of things.

• Respond automatically. Starlight delivers a variety of response actions once security events have been detected. The system can generate email or slack alerts, send PDF reports, submit data to SOAR tools such as Demisto and Phantom Cyber and even manually or automatically instructing firewalls to take appropriate response actions such as blocking an IP address or redirecting a user to a captive portal for further authentication.

Business Benefits

• Automatically uncover cyberattacks — expose and prioritize endpoint, network, user threats and compliance violations with actionable data.
• Satisfy business requirements — extensible reporting with unlimited data and visualization possibilities.
• Stop alert fatigue and attrition — validate security alerts in minutes, improving analyst productivity and morale by reducing the backlog.
• Reduce business impact and risk through reduced mean time to identify (MTTI) and mean time to contain (MTTC) — combine precise attack detection with rapid alert triage to drastically cut dwell time without requiring years of experience.
• Increase ROI from current investments — solve all your security needs through tightly-integrated applications while using existing infrastructure as sources and enforcement points.