What is our primary use case?
We basically took Stellar platform and are now sell it to our customers.
There are different use cases, but it’s mainly focused on incident response. Customers typically have a range of technologies within their security stack, such as firewalls, endpoints, switches, and routers. In a traditional SOC (Security Operations Center), there used to be large rooms filled with monitors, where people are manually reviewing logs from different tools.
When you have so many technologies generating logs, it becomes very difficult to manually review, analyze, investigate, and respond to incidents. Stellar Cyber collects logs from all these various technologies and feeds them into its platform, where machine learning analyzes the logs, creates cases, and flags incidents.
The platform reduces reliance on human analysts. It uses AI and machine learning to process logs and detect security incidents. Once an incident is identified, the platform can automate the response process, reducing the need for human intervention by about 90%.
Additionally, since it’s an Open XDR solution, it can integrate with almost any cybersecurity tool available in the market. It doesn’t matter if you use a firewall from one vendor and endpoints from another — Stellar Cyber can integrate them all.
It’s a cost-effective solution, and the licensing model is also very attractive. It’s a single license platform. Other providers typically offer separate licenses for different components like endpoints, firewalls, and switches, but Stellar Cyber offers a single license. All the data is consolidated into one dashboard, and the machine learning takes care of most of the heavy lifting. This automation helps reduce costs, minimize false positives, and makes managing security much easier.
What is most valuable?
One of the key features is something called correlation. Suppose a laptop in your network gets infected, and the infection spreads through your firewall and across the network. In a traditional SOC, you might find that your laptop, server, and possibly another client have been infected. Typically, these would appear as three separate incidents.
But with Stellar Cyber, it performs correlation. It correlates all these incidents and creates a case. The case is essentially a grouping of related incidents, and through machine learning, the platform assigns them scores, like utility scores. For example, anything above fifty or sixty gets flagged, depending on how you configure it. For us, we investigate any score above sixty.
This correlation is extremely useful because it allows you to see the bigger picture. Instead of looking at three separate incidents, you get a macro-level view where all the indicators of compromise are correlated. You can see how the infection started, how it spread, and its current stage. This helps in understanding the entire life cycle of the payload or virus, and allows you to treat it accordingly.
What needs improvement?
The only challenge is, and that’s where we come into play, it’s a pretty high-tech platform. So, it’s difficult for small and medium-sized organizations to manage it on their own. It’s a very complex system. It requires a lot of expertise.
All my guys who work on it have gone through certification from Stellar itself. There are three different certifications that you need to complete. Only then are you certified by Stellar to work on it. It’s a very complex platform. Not everyone can use it.
A simple IT engineer or system admin won’t be able to handle it because it’s quite complex. You need to have an understanding of the industry, the subject, and the tool. So, just purchasing this tool or license and then using it on your own would be very difficult to configure and manage on a day-to-day basis.
The pricing model is not suitable for small and medium companies, particularly small companies. The minimum pricing model they have is suitable for companies with more than one thousand users.
So, if someone has 50 to 100 users, like typical small companies, it’s difficult for them because the cost involved is high. Stellar would charge you for those thousand users, but you do not need all those users. So what are they going to do? I guess Stellar does not want to target small companies directly and maybe relies on resellers and MSPs like us to sell it. So, that is something I would recommend changing.
Otherwise, it’s a great tool, but because of the pricing model, small companies are unable to leverage the advantage of this beautiful tool.
So, the pricing model should be suitable for small and medium businesses.
The product currently has vulnerability monitoring and everything. But if they could also do something about vulnerability management and maybe patch management, that would be nice.
For how long have I used the solution?
I have been working with this solution for more than one and a half year.
What do I think about the stability of the solution?
We are yet to face any issues. We have been using it for more than one and a half years for our different customers. So, we are yet to encounter any stability issues or server problems. So, I would rate the stability an eight out of ten.
What do I think about the scalability of the solution?
We target mainly small companies, those with fewer than 200 employees, because that fits our model. But we have customers from various sectors like banking and financial services, fintech, healthcare, and manufacturing.
Cybersecurity is something everyone needs these days, so it’s used across different industries—nothing specific.
It’s a very scalable solution. The only limiting factor is the daily data engagement volume. Even if it increases, you just need to top it up. As far as scalability is concerned, it’s highly scalable because it’s a cloud-based solution. Scalability is not an issue at all.
I would rate the scalability a nine out of ten.
How are customer service and support?
Support is something we can improve. Support is an issue because they have a limited number of resources.
Basically, Stellar Cyber Open XDR needs to put more people in their technical and engineering teams because one support engineer handles multiple accounts.
So they are always under a lot of pressure. Booking meetings with them can be difficult from time to time. So, obviously, support is something that needs improvement. So more people are required in the support team.
How would you rate customer service and support?
How was the initial setup?
Trained people can set it up in, like, two hours. It’s almost like plug and play.
Basically, you need access because it’s a SaaS-based product. They also have an on-prem solution, but most customers prefer the SaaS-based solution. Suppose I have 20 laptops in my company and maybe two servers and I want to integrate Stellar and have a firewall. I just need to give Stellar engineers access to deploy certain sensors in my server and laptops, my EDR, and everything else.
Once that is done, the sensor will start collecting data, and everything will be configured automatically. So, it’s all about giving them the right access. Once the access is given, it happens instantly. Two hours is long; it happens instantly once you give access.
I would rate my experience with the initial setup an eight out of ten, with being easy to setup and one being difficult.
What was our ROI?
There are different aspects to the cost reductions and ROI. For example, if someone is using something like Splunk, which creates incidents, logs tickets, and so on. For a medium-sized organization, that alone could easily cost around $50,000 or more per year. Then, if you use XDR from other providers like XROC and set everything up, that’s another $50,000 gone annually. On top of that, if you have around five analysts working on it, you’re looking at another $100,000 to $150,000 per year.
So, for a medium-sized company, the total annual cost just to maintain the visibility of their security tools could range from $250,000 to $300,000. With Stellar Cyber, we can easily bring that down to less than less than $100,000. This will result in at least a 60% cost reduction.
What's my experience with pricing, setup cost, and licensing?
If you purchase directly from Stellar, you need to have more than a thousand users for the cost to be reasonable. So for larger companies, it’s more reasonable than for small ones.
Otherwise, we need to purchase from resellers or MSPs like us, and then we can provide a good cost. But at the end of the day, they are highly cost-effective compared to other solutions in the market.
What other advice do I have?
I would recommend to find a good MSP or MDR (Managed Detection and Response) provider who can take care of the entire cybersecurity incident response on your behalf. This will be cost-effective and more efficient. If small and medium enterprises want to do it on their own, they’ll have to build an entire team, create the infrastructure, and get people trained, which is not highly efficient. Large enterprises can keep everything in-house, but for others, it’s recommended to get in touch with a good MSP or XDR provider. Always use a POC (Proof of Concept) for at least one month to understand the tool and the vendor providing it. That’s how you can realize everything.
Overall, I would rate it an eight out of ten. It’s an amazing product. The issues with the pricing model and their support are why I’d give it two less than a perfect score, but it’s definitely a great product to use.
