Stellar Cyber today introduces Multi-Layer AI. Multi-Layer AI incorporates four distinct technologies – Machine Learning (ML), Graph ML, Generative AI, and Hyper Automation – all in a single unified platform that reduces threat detection and response time. This new approach leverages AI at multiple steps in the detection, correlation and response process to reduce alert volume, prioritize and correlate threats, counsel analysts, and respond automatically.
How Multi-Layer AI Improves Security
Managing torrents of data from dozens of cybersecurity tools takes a lot of time, which is why most major data breaches have taken months to discover. Successfully responding to cybersecurity attacks is about visibility combined with the ability to act on it quickly. The only way to gain visibility is by collecting data from the entire attack surface, including:
- Endpoints, using tools like EDR and EPP
- Network, using tools like firewalls, IDS and NDR
- Identity Management systems, using tools like Active Directory, Azure AD, and Okta
- SaaS, using emails and applications like Office 365 and Google Workspace
- Clouds, using PaaS/IaaS like AWS, Azure, GCP and OCI
- Vulnerability Assessment, using tools like Tenable and Rapid7
Each security tool stores data in its own format. In the Stellar Cyber platform, the data is automatically transformed through normalization into a single format and enriched with context so it can be effectively used by AI.
Here’s how Stellar Cyber uses Multi-Layer AI to speed detection and responses:
- Detection AI – The platform’s ML-based AI (incorporating Supervised, Unsupervised, and Deep Learning ML) evaluates 10-100 TB/day of data and automatically detects common threats. This converts terabytes of data to thousands of alerts per day.
- Correlation AI – The platform’s Graph ML technology spots correlations between two or more alert signals, weak or strong, assembling them into contextual cases that identify impacted and potentially impacted assets. This process converts thousands of alerts into hundreds of manageable cases per day, reducing analysts’ workloads.
- Copilot AI – The platform’s Generative AI (Gen AI) implementation, AI Investigator, speeds complex threat analysis by providing instant responses to analysts’ questions, further reducing the number of analyst decisions to less than a hundred per day and cutting threat response times. For example, an analyst can ask, “Show all the incidents where data was exported between 12-9 AM,” or “Which emails went to domains in Russia?”
- Hyper Automation AI (in forthcoming releases) – The platform uses ML to address known attack techniques like phishing. For example, the Stellar Cyber platform can use Hyper Automation to automatically analyze phishing emails through AI.
“Stellar Cyber founder and CTO Aimei Wei recognized at the inception of the company that the essential cybersecurity challenge was having to manually process and interpret terabits of data per day – analysts were so buried in alerts that they couldn’t tell the real ones from the false ones, and it could take months to see and respond to the real threats,” said Steve Garrison, SVP Marketing at Stellar Cyber. “That’s why we baked AI into our SecOps platform from Day One, and why we are continuing to leverage it in all forms as we move forward.”