Starlight leverages patent pending Distributed Security Intelligence™ technology to deliver massively scalable, pervasive breach detection. Using sophisticated correlation of enriched data and advanced artificial intelligence techniques, Starlight is able to detect breach events faster than humans and with higher fidelity. This unique approach helps companies reduce the time to detect a breach from an industry average 200 days down to mere minutes.
Starlight’s dashboard gives users a summarized view of the security posture of their entire network. From a single screen you can immediately see high fidelity alerts for breach events and anomalies at each step of the entire cybersecurity kill chain. You can also see traffic coming from bad reputations, exploit events, malware downloads, and applications used. At the center of the dashboard you can see the geo location of all malicious connections entering and exiting your network in real time.
Starlight’s panoramic view allows you to see compromised assets inside your network and bad actors from outside your network in an easy to use screen. You are able to see what activity across the entire cybersecurity kill chain has taken place on an asset and what bad actors have contributed to the compromise and what geo location the bad actors are coming from. With the single click of a button you are also able to drill down to the see the raw metadata extracted from the packet that caused the security event.
Advanced Security View
In our advanced security view you are able to see historic and real time anomalies that are effecting your network. As an example, you can quickly identify how many login failures have occurred across your network in comparison to how many anomalous login failures have occurred. This is useful because all login failures are not necessarily malicious. In this screen shot notice the 203 SSH login failures but only 9 anomalous ones. An anomalous event could be 77 login failures from a single source within a 5 minute period of time.
Basic Threat Detection View
In this view users are able to detect threats that are occurring in real time, as well as retrospectively. Users can detect common security threats along each phase of the cybersecurity kill chain. The system has PII detection capabilities, which can identify the transmission of personal identifiable information like social security numbers and credit cards. Starlight can also detect things like DNS tunneling, DGA domains, port scans, syn flood attacks, malware delivery, SQL attacks, and much more.
With Investigation View you can perform a “Google-like” search of every network flow that has occurred on your network. Starlight captures every single packet, associates it with a network flow and stores it in an AellaFlow™ record. Unlike NetFlow which typically captures only layer 4 telemetry, Starlight’s AellaFlow™ captures information through layer 7. The system not only stores network details like session duration and bytes in and out, but also identifies over 3,000 applications and further enriches the data with contextual information like the IP reputation and Geo-location.
Malware Downloads & Malicious Connections
Quickly identify which machines have downloaded known bad and zero day malware, or have made unauthorized connections to known malicious hosts. From this view you can quickly identify where the malicious activity is coming from through geo-location awareness, along with other relevant information like the MD5 hash of a file, and its name and reputation. Quickly spot ransomware spread and other types of malware propagation.
With Starlight’s service visibility application, users can easily see what applications are running within their environments, which IP addresses are communicating and how much data is being transmitted. The user interface is easy to use and lets the user drill down, sort an filter on a variety of different things.
In Starlight’s Asset View you can easily identify all assets on your network and gain valuable insight into what each is doing. Asset View detects the operating system running on a device, the hardware type, applications used by the device, history of the asset’s IP addresses, the network throughput, and even application performance over time.
Network Traffic Analysis View
Starlight is also a great tool for network traffic analysis, such as commonly done with NetFlow collector tools. Because Starlight uses AellaFlow™ to capture L3-L7 flow telemetry we are able to visualize the performance of networks, servers, and applications. Users are able to quickly identify performance bottlenecks, understand which applications are being used the most, and see if the server is causing any problems or if the network itself is at fault.