Changming Liu, CEO and Co-Founder of Stellar Cyber, did us the honor of sitting down for an interview with Aviva Zacks of Safety Detectives. He told her how his company is riding the XDR wave.
Safety Detectives: What motivated you to start Stellar Cyber?
Changming Liu: I co-founded Stellar Cyber in 2015 with our VP of Engineering in Silicon Valley. We had been working in networking and cybersecurity for many years. We worked for companies like Netscreen and Cisco. We knew that prevention technologies like firewalls could not prevent all attacks, especially when the attack surface has changed a lot as more workloads are moving to cloud and SaaS applications like O365 are becoming more and more popular. Breaches happen almost daily despite almost every enterprise having firewalls in place. And what’s even more clear from the recent SolarWinds attacks, it’s not about perimeters anymore—firewalls are a small part of our total security solution, and it’s not even about when you get hacked. Now, you should assume you are hacked, and the question is, can you find out quickly, stop it, and remediate any damage. The trend of the enterprise security solution was shifting from prevention-based architecture to become more detection-based architecture.
However, with more security solutions, especially detection technology, being developed and deployed, a new problem has arisen in the world of cybersecurity: companies are often drowning in too much information from too many security tools that each have its own solution with its own management console. If an organization has one or two of these, it’s not a big problem, but once it has installed 8, 9, or 10 cybersecurity systems, it will have many sets of data in different data lakes, multiple algorithms, and multiple management consoles. It indeed amounts to being too much of a good thing.
Stellar Cyber was established based on the information overload problem happening in every medium-to-large company’s IT department and, in particular, in the security operations center where there is room for improvement in its effectiveness, efficiency, and efficacy. Several VCs have funded Stellar Cyber, including Valley Capital Partners, Big Basin Partners, SIG – Susquehanna, and Northern Light Venture Capital.
SD: Tell me about Stellar Cyber’s flagship platform.
CL: We are part of the rise of platform thinking. One way to get past too many security tools is to build, from the ground up, a platform with pre-built tools and a natively-supported detection mechanism. This way, you share exactly the right data for high-speed analysis with high-fidelity detections as the outcome.
Stellar Cyber pinpoints attack activities and provides security teams with efficiency and effectiveness to identify the most important events without the endless wild goose chases seen in other security systems. Stellar Cyber enables 360-degree visibility across the entire attack surface of the network, endpoints, cloud, applications, and users. Besides natively-supported tools, it also enhances existing security tools by correlating their detections across them. Alert fatigue can be minimized and smaller signals that might not otherwise be noticed can be augmented with other data to ensure not missing attack activities that would otherwise be under the radar.
SD: What verticals use your products?
CL: Since we sell a platform, at some point, it is best sold as a managed security service to smaller customers through MSSP partners, whereas large enterprise customers needing compliance and security operation in-house leverage our security operations platform as part of or their entire SOC.
On the enterprise side, Stellar Cyber is designed for organizations that are overworked and understaffed but which need to protect their data and assets better. The platform is horizontally applicable since these conditions apply to most organizations. Stellar Cyber boosts the ability of a security team to find and stop attacks, eliminating or mitigating theft or damage.
For example, based in Birmingham, Alabama, EBSCO Industries is one of the largest privately-held companies in the United States. It owns roughly 40 small-to-medium business units across a diverse group of industries, including publishing, manufacturing, real estate, information services, and insurance. As incidents of cyberattacks against enterprises became more common, EBSCO’s board of directors wanted to tighten its security posture. They chose Stellar Cyber as the solution for building an effective Security Operations Center (SOC). Stellar Cyber pulls together EBSCO’s disparate sets of security tools and presents their findings under a single, intuitive interface so analysts can quickly spot and correct issues.
CyFlare is a great MSSP customer story to share, a top 100 global managed security services provider (MSSP) based outside of Rochester, New York. The company wholesales managed security services to small and mid-sized VARs, MSPs and MSSPs, and brings value to its customers by delivering Security Operations Center (SOC) as-a-service functionality that’s comprehensive, cost-effective, and easy to deploy. CyFlare relies on Stellar Cyber’s solution as the core of its SOC-as-a-service offering. The Stellar Cyber platform helps CyFlare deliver high-value, high-margin security services to downstream MSPs and small enterprises.
SD: How does your company stay ahead of the competition?
CL: We are part of an emerging new category called XDR – eXtended (X) detection (D) and response (R), which reflects the idea that an enterprise attack surface is no longer a single point. It means detecting threats anywhere, from within, from outside, or from host-to-host attacks. Industry analyst firms Enterprise Strategy Group (ESG), Gartner, Forrester, and Omdia track the new XDR category.
Our main competitors in the XDR space are Palo Alto Networks and Trend Micro.
Palo Alto Networks is building its XDR platform, Cortex, through many acquisitions (LightCyber is one example) and bundling their solutions together. As a startup, Stellar Cyber had the XDR vision from day one and built an Open-XDR platform from the ground up as we work with existing security systems and are attracting a thriving ecosystem—with over 270 integration partners today and growing—including companies like CarbonBlack, CrowdStrike, and Cylance, SentinalOne, and SwimLane, even Phantom and Demisto, etc. Many customers do not want a rip-and-replace story; they want to augment what they have and make it better.
SD: What are the worst cyberthreats out there today?
CL: The short answer is that any cyberthreat that disrupts your business is the worst for you. There will be no worst cyberthreats, only worse cyberthreats as we can see from Yahoo’s breach a while back to the Equifax breach to the recent Solarwinds breach.
The recent Solarwinds Trojan breach shows how attacks become more stealthy and more complex. It also takes a long time to detect, 8/9 months in the case of SUNBURST. Do you see anomalous behavior, albeit seemingly legitimate? Painting this picture by pulling together small signals, to piece together a complex attack, is now a ‘need to have’ part of your security operations center. And this is exactly what Stellar Cyber’s product was designed to do, easily and quickly.
SD: How will the COVID-19 pandemic affect cybersecurity for the future?
CL: Many of our customers are using a hybrid worker model—it’s dynamic as to whether the worker is at home or the office. Often, home workers don’t have the same security protections they have at work, and hackers are noticing this. We help customers work through new attack vectors due to their having more remote workers.
Issues like this have put additional strain on a security workforce that is also going through the same challenges at home. In addition, companies are relying more on public cloud and software-as-a-service (SaaS) models to accommodate their dynamic workers, and they are questioning whether their current security operations teams are equipped to see into these virtual environments.
Stellar Cyber has been fortunate in that customers continue to prioritize security operations spending despite overall shrinking budgets for some organizations. Our investors are taking the long view and are extremely supportive.