//ALPHA XDR TECHNOLOGIES
Be the Actual Administrator
Capture data from network, assets and containers
Integrations
Identify ongoing and past attacker activity in your environment, while improving your ability to respond effectively to future threats.
Sensors
Sensors are used to create visibility where it does not yet exist, or to simplify and consolidate telemetry collection with Alpha XDR. Capture data from network, assets and containers. All under the same license. Administered from the same platform.
Native Sensors for 360˚ Visibility: – Alpha XDR is designed with an open architecture to integrate with all common IT and security tools. However, sometimes the tools at an enterprise don’t cover the entire attack surface. Alpha XDR offers native sensor capability under the same license to create visibility where you need it the most. Simple, flexible deployment reduces costs and improves efficiency. Deploy as many sensors as you need.
Network Sensors: – Collect metadata from physical or virtual switches and aggregate logs. The Network Sensor performs Deep Packet Inspection (DPI) at line-rate speeds to decode payloads and create useful metadata. Additionally, the Network Sensor can function as a log forwarder to simplify integrations.
Security Sensors: – Collect metadata from physical or virtual switches, aggregate logs as well as detect intrusions and malware. The Security Sensor has all the functionality of the Network Sensor, as well as the ability to run signatures and extract files out of packet flows to inspect suspicious files.
Server Sensors: – Collect data running on Linux and Windows servers including traffic, commands, processes, file and application information. Sensors operate on Windows 98 and up, Ubuntu, CoreOS, Debian and Red Hat.
Interflow
Normalised, Enriched Data – A Data Fusion engine that makes your telemetry more valuable, automatically. Interflow is a normalized, enriched data model that allows IT and security tools to talk the same language so that you can detect and respond to every threat.
With Interflow, the security team can:
- Stop doing manual data munging – Interflow is produced automatically
- Reduce data volume – PCAP to Interflow data reduction can be up to two orders of magnitude
- Correlate across seemingly unrelated events – Standard key values make correlation easy
- Highly interpretable – Reduce analyst training time with easy-to-understand data
How it Works?
- Data is collected from everywhere, from Integrations and Alpha XDR sensors.
- Data is reduced and filtered depending on the Integration and Sensor, to maintain only relevant security information.
- Data is enriched with Threat Intelligence, and other event context such as details about users and assets involved.
- Normalization forces source data into a standard data model, regardless of where it came from.
- The resulting Interflow record is stored in Alpha XDR Data Lake for analysis.
Why Interflow is Critical for AI....
Data is the fuel for AI. If the data quality is poor, the resulting AI will have poor performance. If the data complexity is high, the resulting AI will struggle to scale. That’s why Interflow is critical for AI – it ensures quality data with reduced complexity.
Data Lake
Unlimited Volume, Open Architecture: – Cost effective storage and compute delivers effective and efficient detection and response. Let the platform self-manage scale so you can focus on security. Open APIs for integrating with all of your tools.
Key Features....
- Data Ingestion – Eliminate Blind Spots. Collect data across your entire environment through built-in Integrations and Sensors. Alpha XDR’s Data Lake is designed to manage unlimited data feeds to ensure full visibility.
- Data Transformation – Create Contextual Data Create Interflow from all data sources through the Data Fusion engine running within the Data Lake. Don’t worry about setting up complicated post-processing pipelines to make your security data more valuable, this is done upfront.
- Data Scalability – Unlimited Data Volume Cloud-native architecture with clustering for large data volumes ensures that the platform grows with your security operations. Containers, Kubernetes and NoSQL storage are the building blocks of the Data Lake micro-services architecture. Scale up and scale down to accelerate your search and threat hunting workflows.
- Data Access – Open Architecture Data stored in the Data Lake can be accessed either directly through the UI, via a rich set of APIs for easy integration with other tools like SOAR, or through Data Sink to send data to object storage or legacy SIEM tools.
- Data Availability – Prevent Data Loss Multiple data availability features are built into the Data Lake including clustering, monitoring, data replication, disaster recovery, warm-standby and data buffering. Prevent data loss automatically to stay focused on security.
- Data Search – Fast Response Modern data lake for big data allows for fast data search of any content in any field with a large volume of stored data. Alert triage, threat hunting and resolve incidents in minutes, not days or weeks.
AI....
The output of Alpha XDR’s AI Engine can be simplified down to generating two types of data for security teams: alerts and incidents. Together, alerts and incidents provide the depth and holistic view teams need to make rapid decisions.
Alerts are instances of specific suspicious or high risk behavior and are the building blocks of Incidents. Alpha XDR ships with 200+ Alert Types out of the box; no configuration required. Alert Types are mapped to the XDR Kill Chain, to enable prioritization and correlation. Individual Alerts have a generated, human-readable description of what happened, and recommended remediation for fast response.
Automatically Correlates Alert: – Incidents are correlated sets of Alerts and other supporting data including signals, assets, users and processes. Incidents represent an entire attack or sequence of high risk actions. In real time, as new Alerts are generated, Alerts are assigned to relevant Incidents so that attacks can be detected and responded to before completion. Incidents in Alpha XDR are mutable, meaning they can get updated, and are not limited to any certain time window so they can pick up complex attacks.
How it works?
XDR Kill chain....
lder kill chains like the Lockheed Martin Cyber Kill Chain are outdated, but newer frameworks like MITRE ATT&CK, while powerful, do not fully characterize attacks in a way that an XDR platform requires. The XDR Kill Chain solves these problems and is purpose-built for XDR.
XDR Malware: – Covers all malware-related detections
XDR Network Behavior Analytics (NBA): – Covers network anomaly detections
XDR Intel: –Covers all threat intelligence-related detections
XDR Endpoint Behavior Analytics (EBA): – Covers all host-based anomaly detections
XDR User Behavior Analytics (UBA): –Covers user anomaly detections
XDR Sensor Behavior Analytics (SBA): – Covers injection anomaly detections on the operational side
Alpha XDR has a number of features that collect data, take response through source tools and send data to other systems.
Intuitive To Understand....
Five top-level stages wrap dozens of MITRE ATT&CK’s tactics and hundreds of detailed techniques so security analysts can better mentally position alerts in the broader context of risk and attacks.
SIEM application: – Delineates External vs. Internal Alerts
Alerts that represent activity via external actors vs. internal actors significantly affect prioritization. The XDR Kill Chain tags alert accordingly to make it easy to understand the context and generate Incidents more effectively.
SIEM security: – Map Your Own Alert Types
User defined Automated Threat Hunting alerts can be mapped onto the XDR Kill Chain so that organization-specific alerts can live alongside out-of-the-box Alpha XDR alerts.
SIEM tools Tagging: –
Stages, Tactics and Techniques are often not enough to make the most productive use of a kill chain. The XDR Kill Chain comes with robust tagging functionality built in so analysts can further organize alerts for prioritization.
Deployment....
Multi-Tier, Multi-Tenant, Multi-Site
Multi-Tier
Separate platform components and access to best serve your customers and users. Alpha XDR multi-tier architecture allows efficient resource sharing so the platform scales with your operational demands. Integrations and Sensors can be deployed distributed from the Data Lake to fulfill any architecture. Granular Role-Based Access Control (RBAC) lets you provision users to only see what they need.
Multi-Tenant
Allow your customers’ or business units’ data to coexist in Stellar Cyber with Multi-Tenancy. Perfect for MSSPs looking to grow or complex enterprises needing control over how security is deployed. Create dedicated operational views for tenants, deploy specific Threat Hunting alerts by tenant, access everything from the same UI with granular RBAC, and scale with efficient resource sharing.
Multi-Tier
Keep data physically resident in a specific site or region to prevent sensitive data moving across borders. Aggregate statistics are centralized to maintain full visibility from a single UI while maintaining compliance with regulations like GDPR. Ideal for company growing in highly-regulated environments or complex enterprises needing flexibility. The Multi-Site feature comes at no additional cost and is under the same single license.