StellarCyber

StellarCyber’s mission is to deliver a cybersecurity platform that makes it easy for security teams to see and stop attacks quickly and confidently. The company aims to achieve this by transforming raw security alerts and IT data into clear, actionable intelligence, empowering security teams with AI-driven automation, and being a trusted security partner. Its core offering is an Open XDR (eXtended Detection and Response) platform designed to provide comprehensive, unified security without complexity, enabling lean security teams of any skill level to secure their environments effectively.

StellarCyber’s goals include continuous product innovation, expanding its global market reach, and championing the value of Open XDR. The company strives to help organizations reduce risk through early and precise identification and remediation of threats, while also aiming to lower costs and improve analyst productivity. StellarCyber is focused on delivering a positive customer experience and fostering strategic partnerships to enhance its platform’s capabilities. The company has received recognition from industry analysts and awards for its technology and market performance, indicating a positive market reputation. It is often cited for its ability to improve threat detection and response times significantly.

Offerings, Capabilities, and Integrations

StellarCyber provides an Open Extended Detection and Response (XDR) platform designed to deliver comprehensive, unified security without complexity. This platform integrates a suite of security tools and data sources into a single interface, offering end-to-end threat detection and response. StellarCyber’s core offerings revolve around its AI-driven Security Operations (SecOps) platform, which includes capabilities typically found in Next-Generation Security Information and Event Management (NG-SIEM), Network Detection and Response (NDR), Security Orchestration, Automation and Response (SOAR), Threat Intelligence Platform (TIP), User and Entity Behavior Analytics (UEBA), and more, often under a single license. This unified approach aims to simplify security operations, reduce tool sprawl, and improve analyst productivity by automating threat detection, correlation, and response.

A key capability of StellarCyber is its “Open” XDR architecture. This means the platform is designed to integrate with a customer’s existing security tools from various vendors, allowing organizations to retain their current investments while enhancing their security posture. StellarCyber supports hundreds of pre-built integrations with common security, IT, and productivity products, covering endpoints, networks, cloud environments, email, and identity management systems. The platform ingests data from these diverse sources, normalizes it, and enriches it with context to provide a comprehensive view of the attack surface. Recently, StellarCyber announced “Bring Your Own Data Lake” (BYODL) support, allowing integration with existing data lakes like Splunk, Snowflake, Elastic, and AWS S3-compatible storage, further enhancing flexibility.

StellarCyber’s competitive edge lies in its AI-driven automation and the comprehensiveness of its single-platform solution. The platform utilizes multi-layer AI and machine learning to detect and correlate threats, significantly reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). This focus on automation and a unified toolset empowers lean security teams, regardless of skill level, to manage complex security environments effectively. The “Open” nature of its XDR platform also differentiates StellarCyber from “closed” XDR solutions that may lock customers into a single vendor’s ecosystem. This approach has contributed to StellarCyber’s reputation as an innovator in the Open XDR market, adopted by numerous organizations and Managed Security Service Providers (MSSPs) globally.

Products and Services

StellarCyber’s flagship offering is its Open XDR platform, an AI-driven security operations platform that unifies various security functions. This single-license platform delivers a suite of capabilities that can also be considered as distinct, yet integrated, product components:

• Next-Generation SIEM (NG-SIEM): This component collects, normalizes, and enriches log data from diverse sources for compliance, search, and threat hunting. It includes User Entity Behavior Analysis (UEBA) to identify anomalous activities.
• Network Detection and Response (NDR): StellarCyber’s native NDR capabilities provide deep packet analysis, monitor network traffic for over 4,000 applications, and include Intrusion Detection System (IDS) and malware sandbox functionalities.
• Security Orchestration, Automation and Response (SOAR): This allows security teams to automate incident response using pre-defined playbooks and integrations with various security, IT, and productivity tools.
• Threat Intelligence Platform (TIP): The platform automates the collection and analysis of threat intelligence from multiple sources. Customers can also import their preferred threat intelligence feeds.
• Open XDR: This core capability integrates data from a wide array of security tools (endpoints, cloud, network, logs) and uses machine learning for real-time threat identification, correlation, and response. It emphasizes a “Bring Your Own EDR” approach, supporting major EDR vendors.
• Multi-Layer AI™: This underpins the platform, driving automated threat detection, alert correlation, and incident prioritization to reduce alert fatigue and improve response times.
• Connectors and Integrations: StellarCyber provides hundreds of pre-built connectors for data ingestion from various third-party security tools, cloud services, and IT systems. This includes support for EDRs, firewalls, identity solutions, and cloud platforms.
• Sensors: These are deployed on-premises or in cloud environments to collect data and enable threat detection capabilities where needed.
• SaaS Platform: StellarCyber offers its Open XDR platform as a SaaS solution, hosted on Oracle Cloud Infrastructure (OCI) among others, ensuring scalability and regional data residency.
• Bring-Your-Own Data Lake (BYODL): A newer capability allowing organizations to use their existing data lakes (e.g., Splunk, Snowflake, Elastic, AWS S3-compatible) with the StellarCyber platform.
• Gen AI-powered Open XDR Investigator: A recently unveiled capability (May 2024) that incorporates generative AI into the platform to assist with security investigations.

StellarCyber also offers services such as threat hunting and security consulting. For MSSPs, StellarCyber provides a multi-tenant platform designed to help them deliver comprehensive security services efficiently.

Target Customers

StellarCyber targets a diverse range of customers, primarily focusing on enterprises (especially mid to large-sized), Managed Security Service Providers (MSSPs), and Managed Service Providers (MSPs). The platform is designed to empower lean security teams, regardless of their skill level, making it suitable for organizations that may not have extensive in-house cybersecurity expertise or large security operations centers.

Specific market segments and industries served include:

• Enterprises: Companies across various sectors such as manufacturing, government, higher education, financial services, healthcare, retail, and IT services. These organizations benefit from the platform’s ability to consolidate security tools, automate threat detection and response, and improve the efficiency of their security operations.
• Managed Security Service Providers (MSSPs): StellarCyber’s platform is particularly well-suited for MSSPs due to its multi-tenancy, automation capabilities, and the ability to integrate with a wide range of customer environments and existing tools. This enables MSSPs to offer comprehensive and differentiated security services, reduce operational costs, and scale their business efficiently. StellarCyber has a significant portion of the top MSSPs globally as customers.
• Managed Service Providers (MSPs): Similar to MSSPs, MSPs can leverage StellarCyber to offer enhanced security services to their clients, particularly small to medium-sized businesses (SMBs), by providing enterprise-class security at a manageable price point.
• Public Sector Organizations: Government agencies are also among StellarCyber’s clientele.

Target customers benefit from StellarCyber’s products and services in several ways:

• Reduced Risk: Through early and precise threat identification and remediation.
• Cost Reduction: By consolidating security tools, reducing the need for extensive manual effort, and optimizing existing security investments.
• Improved Analyst Productivity: By automating repetitive tasks, reducing alert fatigue, and providing a unified platform for investigation and response, leading to significant improvements in MTTD and MTTR.
• Enhanced Visibility: Across the entire attack surface, including on-premises, cloud, and IT/OT environments.
• Flexibility and Scalability: Through its open architecture, support for numerous integrations, and SaaS deployment model. The BYODL capability further enhances data management flexibility.

Cloud Integrations and Marketplaces

StellarCyber’s Open XDR platform integrates with various cloud services and is available on multiple cloud marketplaces. StellarCyber enables organizations to protect cloud, on-premises, and IT/OT environments from a single platform. It can ingest data from numerous sources, including cloud infrastructure and SaaS applications.

• Amazon Web Services (AWS): StellarCyber integrates with several AWS services. It can ingest data from AWS CloudTrail, Amazon CloudWatch, AWS Network Firewall, Amazon GuardDuty, and AWS Inspector. StellarCyber also supports ingesting data from Amazon Security Lake into its Open XDR platform, allowing for enriched data analysis and faster threat detection. Furthermore, StellarCyber’s platform can integrate with Amazon VPC traffic mirroring to gain visibility into AWS environments. StellarCyber is available on the AWS Marketplace as an Amazon Machine Image (AMI). The platform allows users to bring their own endpoint tools and other data sources for unified protection across their infrastructure. StellarCyber’s “bring your own data lake” capability allows organizations standardized on AWS security data lake to incorporate the StellarCyber Open XDR platform.
• Microsoft Azure: StellarCyber integrates with Microsoft Entra ID (formerly Azure Active Directory) to collect user information, enrich event records, and enable response actions like disabling users. It also integrates with Azure Event Hub. StellarCyber can collect metadata from traffic in Azure environments using native interfaces like VTAP. A job posting by StellarCyber indicates that familiarity with Azure is a plus for its software engineers working on integrations. While specific listings on the Azure Marketplace were not detailed in the provided search snippets, StellarCyber states its platform operates with major cloud architectures including Azure.
• Google Cloud Platform (GCP): StellarCyber integrates with Google Cloud Security Command Center to ingest threat and vulnerability data. It also has connectors for Google Cloud Audit Logging. StellarCyber’s platform can integrate with Google Workspace for visibility into SaaS applications. The StellarCyber Starlight platform can be integrated with Google Security Operations SOAR for ingesting security events and performing searches. A job posting by StellarCyber mentions GCP as a desirable familiarity for its software engineers. StellarCyber also states its platform operates with major cloud architectures, including Google Cloud. According to the Google Cloud Marketplace, StellarCyber Starlight is listed as an integration for Google Security Operations.
• Oracle Cloud Infrastructure (OCI): StellarCyber’s Open XDR platform is offered as a SaaS solution hosted on OCI and is available on the Oracle Cloud Marketplace. It integrates with Oracle Cloud Guard, normalizing its logs and correlating this data with other security tools.

StellarCyber’s Open XDR platform is designed to integrate with a wide array of security tools and third-party services through open APIs and connectors, supporting over 500 different security, productivity, and IT systems. This includes integrations with various endpoint security, email security, identity/IAMs, firewalls, CASBs, and SASEs. The platform’s Data Sink feature allows it to integrate with other data infrastructures, including object storage for compliance or SIEMs.

Key People

• Chief Executive Officer & Co-Founder: Changming Liu.
• Founder & Chief Technical Officer: Aimei Wei.
• Chief Revenue Officer: Jim O’Hara.
• Senior Vice President of Engineering: Albert Zhichun Li.
• Senior Vice President of Marketing: Steve Garrison.
• Senior Vice President of Customer Success: Tony Chou.
• Senior Vice President Global Sales Engineering: Snehal Contractor.
• Senior Vice President Product Management: Subo Guha.
• Senior Vice President Customer & Partner Enablement: Paul Levasseur.
• Vice President of Strategic Alliances: Andrew Homer.
• Head of Product Marketing: Stephen Salinas.
• Worldwide Vice President, Service Providers: Stephan Tallent.

Key Facts

• Headquarters Location: San Jose, CA.
• Number of Employees: 140-160.
• Annual Revenue: $15M – $35M.
• Parent Company: None.
• Subsidiary Companies: Stellar Cyber Analytics Private Limited.
• Publicly Listed: No.

Analyst Recognition

StellarCyber has been recognized by Gartner and Forrester in various cybersecurity categories. There is no specific information available regarding recognition by IDC or Everest Group in the provided search results.

• Gartner: StellarCyber was named as a Sample Vendor in the Gartner Hype Cycle for Security Operations, 2024. StellarCyber was also recognized as a Representative Vendor in the 2024 Gartner Market Guide for Extended Detection and Response (XDR) for the second year in a row. StellarCyber is described as a provider of an Open XDR platform, which includes Next-Generation Security Information and Event Management (NG-SIEM) and Network Detection and Response (NDR) capabilities. Gartner reports highlight XDR’s role in reducing complexity and improving efficiency in threat detection and response. StellarCyber has also been mentioned as one of the leading XDR players by Gartner. Customers on Gartner Peer Insights gave Stellar Cyber’s Open XDR platform a 4.8 out of 5-star rating, and 100% of responding customers were willing to recommend the platform in the Gartner Peer Insights Voice of the Customer for Network Detection and Response.
• Forrester: StellarCyber has received notable mentions in reports about XDR and Composable Security by Forrester. StellarCyber has also hosted a webinar with a Forrester Research vice president discussing the journey to an intelligent Security Operations Center (SOC), covering the rise of comprehensive data, AI, and the intelligent SOC.
• IDC: No specific recognitions for StellarCyber by IDC were found in the search results. Other companies are mentioned as being recognized by IDC MarketScape in areas like Data Loss Prevention and Cyber Recovery.
• Everest Group: No specific recognitions for StellarCyber by Everest Group were found in the search results. Other companies are mentioned as being recognized by Everest Group in areas like Google Cloud Services and Software Product Engineering Services.