In the last several months the XDR acronym is being used by almost every security product manufacturer. It is one thing to say that you have it, but the hard work that goes into building the detections takes years. It is not enough to say that you have a big data platform that you can dump things into and search; you need actionable detections that lead to meaningful correlations. Here are two key things to consider as you look at XDR.

Data Normalization — To get full visibility, the first thing you need to consider is the data itself. Every…

Today there is no shortage of compliance requirements. There are so many, in fact, that there are billions of dollars spent every year on tools and audits. These regulations have the right goal in mind: protect companies, their intellectual property and their customers. Unfortunately, by the time these laws make it through the government process the attackers have already changed their tactics. They don’t have to play by any rules.

This begs the question, “How effective are all these compliance requirements at achieving the ultimate goal?” All we read about in the headlines is the next big breach. Pipelines, power…

In 2017, Equifax, one of the world’s largest credit reporting agencies suffered a cyber breach of unprecedented impact and scale. More than 145 million records of personal identifiable information were stolen by cyber criminals. Because of the nature of this breach, the CEO of Equifax resigned, a congressional investigation commenced, Equifax’s stock took a hit and a 50-state class action lawsuit was filed.

The Breach

On March 2nd 2017, a vulnerability in a web application called Apache Tomcat Struts 2 was discovered by a security researcher and identified as vulnerability CVE-2017–5638. This web application was used by Equifax to allow…

Domain Generation Algorithms (DGAs) are a class of algorithms that periodically and dynamically generate large numbers of domain names. Typically, the domains are used by malware and botnets as rendezvous points to facilitate callback to the malicious actor’s Command & Control servers. DGAs allow malware to generate tens of thousands of domains per day, the vast majority of them unregistered. The enormous numbers of unregistered domains are used to masquerade the registered ones, allowing the infected botnets to evade detection and deterrence by signature or IP-reputation based security detection systems.

The first known malware family to use a DGA was…

Artificial Intelligence and Machine Learning are the technologies that are at the forefront of what is being called the world’s 4th industrial revolution. Since the beginning of the human race, man has strived to improve how efficiently we live and work. At first humans relied on simple manual labor and ingenuity. We believe this is how man has produced things like the Pyramids, the Great Wall of China and Stonehenge. Then came the first industrial revolution, which introduced mechanization, steam, and water power and brought advances in production, travel, and urbanization. The second revolution was sparked by the inventions of…

Distributed Security Intelligence

Artificial Intelligence is radically transforming the cybersecurity industry. To successfully use A.I for security, the quality of the data is paramount. Security-related data must be collected from many different sources — network data from packets, server data from commands and processes, application data such as logs, and threat intelligence data from security researchers, among others. These disparate streams of information are fed into a centralized processer, wherein machine learning is conducted to detect security threats.

Data Challenges

A few challenges appear in the data collection part of the process.

  • Not enough data

In some cases, the amount…

DNS has come under fire lately as nation-states and hacker groups have targeted DNS as a method to steal credentials from unsuspecting victims.

According to Techcrunch the hackers first compromised the intended target via spearphishing. They then used known exploits to target servers and routers and move laterally within the network. In that process, the hackers obtained passwords which let them update the DNS records pointing the domain name away from the IP address on the target’s server to a server controlled by the hacker. This allowed the hacker to gather username and passwords utilizing man-in-the-middle attacks. …

On this episode of Silicon Valley Insider host Keith Koo has special guest John Peterson, Chief Product Officer of Stellar Cyber ( an innovative cyber security company using artificial intelligence (AI) and machine learning (ML) to empower SMBs (small and medium sized businesses) to gain access to the same types of advanced security tools that Fortune 500 companies do.

John discusses how the founders of Stellar Cyber (formerly named Aella Della) got their start and how their security platform provides a unique approach via their customers’ MSSPs (managed security service providers) and their SOCs (security operation centers). John discusses the struggle of any company to managed all of the cyber security tools they use due to resource and budget constraints.

According to Bleeping Computer, a new ransomware called LooCipher has been found in the wild. In usual fashion, it is impacting users through spam. Unsuspecting users are opening the phishing email, clicking on the link, giving the file authorization to use macros, and ultimately getting the malicious file installed.

In 2011, Lockheed Martin is credited with the idea of a cyber security kill-chain. The cyber security kill-chain, as designed, organizes threats into categories as well as security controls that can be deployed in those categories to mitigate those risks. …

Data breaches are major security threats for enterprises and end users. Previously, we discussed the Equifax data breach that leaked the social security numbers of 147 million US citizens. Last month (07/2019), in the Capital One data breach, a hacker gained access to the names and addresses of about 100 million individuals in the United States, as well as 6 million people in Canada. Yet again, a breach has compromised the identity of more than 100 million people! Whose name will be next in the headlines? How could we prevent such cases from happening?

How did it happen?

A pioneer…

Stellar Cyber

Stellar Cyber’s industry-leading security software improves security operations productivity by empowering security analysts to kill threats in minutes instead

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store