Starlight AI-Driven Pervasive Breach Detection Solutions from Aella Data
Can you see pervasively throughout your environment?
Aella’s Starlight detects cyber breaches across the entirety of your network, regardless of its scale or complexity. When Starlight is deployed, it quickly establishes a baseline behavior model for your environment and automatically starts identifying anomalous behaviors and breach events. Its AI technology operates like an around-the-clock, autonomous virtual security analyst, ceaselessly monitoring and learning from your network. With each observation, it continues to refine its intelligence and predictive abilities. At the core of Starlight is its foundation on pervasive data collection and distributed security intelligence, key differentiators from other solutions.
Aella’s Starlight detects cyber breaches across your entire network, regardless of scale or complexity. When Starlight is activated, it quickly establishes a baseline behavior model for your specific environment and automatically starts identifying anomalous behaviors and breach events. Starlight’s advanced AI technology operates like an around-the-clock, autonomous virtual security analyst, ceaselessly monitoring and learning from your network. With each observation, it continues to refine its intelligence and predictive abilities. At Starlight’s core is its emphasis on pervasive data collection and its Distributed Security Intelligence™ architecture – key differentiators from other solutions.
Container deployment is gaining popularity and according to research done by MarketsandMarkets, container monitoring is expected to grow from $169.6 million in 2017 to 706.2 million by 2022, at a Compound Annual Growth Rate (CAGR) of 33% during the forecast period. What this simply means is that organizations have a growing concern about container visibility. Aella has created the industries first AI-Driven Breach Detection System for container workloads. IT organizations can deploy a privileged container that has the ability to monitor network traffic flows to, from and between containers as well as identify up to 3,000+ network applications that may be in use by containers. Beyond monitoring traffic, Aella’s container solution can monitor the commands executed, processes launched and the files that are touched on the host serving the containers as well as within the container itself.
In addition to monitoring, the solution also detects breach attempts in real time. Rapid deployment is also a key feature and container monitoring can be centrally managed and pushed out to over 100,000 containers with the click of a button.
Easy deployment & integration with Kubernetes and Openshift
Centos, Ubuntu, Redhat and Docker compatible
Network, application, command, process, file and user monitoring
Breach detections across the entire cybersecurity kill chain
Artificial intelligence through machine learning identifies container anomalies
Do you know if your AWS servers are being attacked?
With public cloud services like AWS and Azure are becoming popular choices for applications, sensitive data such as customer or subscriber information become highly attractive targets for malicious actors. Weaknesses in cloud security leave customers more susceptible to attacks, and an AWS firewall is simply not enough to secure your servers.
Hackers routinely run port scans against servers hosted on public clouds. Once an open TCP or UDP port is discovered, they can gain access through brute force attacks or vulnerabilities in your application.
After intruders steal your information or turn the server into a bot under their command, the damage is irreversible. All of this can and does occur right under the nose of a simple public cloud firewall.
Aella’s Starlight platform detects intruders in minutes. Simply install our lightweight, software-only Aella Agents on your servers and thoroughly monitor network traffic, file access, processes, and command executions with ease.
Easy installation of Starlight platform within your AWS and Azure environment in minutes.
Full visibility of user logins and activities
Full visibility of command executions and processes on your servers
Full visibility of services running on the servers
Rapid identification of anomalous behaviors via machine learning.
Rapid detection of data exfiltration and other exploits from your servers
Single out the real threats with high fidelity alerts
Virtual environments have become the new norm for deploying servers, however the challenge of security visibility in this environment still exists. Deploying too many security tools in a virtual environment will consume too much resource and sending every single packet out to external security tools will have I/O and CPU utilization issues. Because of these problems, organizations are constantly challenged with how to scale breach detection across virtual infrastructures offered by VMWare, KVM and HyperV.
Aella’s Starlight solution solves these problems. By deploying a single data collector off of the mirror port of a virtual switch, within the environment, packets will be collected and converted to metadata in real time. The conversion of packets to metadata results in a 100 to 1 savings network bandwidth and improves performance by sending a reduced, yet complete amount of data to a centralized, yet distributed, data processor, security analyzer and machine learning engine.
Deployment in VMWare, KVM and HyperV environments
Discovery of over 3,000 applications
Converts raw packets to application aware metadata
Deployment integration with virtual environment orchestration tools
Lightweight application that consumes less than 5% of the environments total resources
Are you using Elasticsearch as a security logging platform?
Security information and event management (SIEM) systems are used to collect and store security events, mainly logs, in a centralized platform. After the events are aggregated, central analysis, reporting and attack detection can be conducted. However, since these products are usually targeted at large organizations with ample staffing and resources, they are complex to setup and expensive to maintain. Recently, Elasticsearch has emerged as an alternative to SIEM for log collection and storage. As an open source system, it is well-suited to the needs of organizations of any size.
With Starlight for SIEM, you can gain more visibility and utility out of SIEM investments such as Elasticsearch or Splunk. AellaFlow’s high performance metadata extraction enriches data with additional context from a wide variety of sources while dramatically reducing data volume. Deploy Aella in front of your SIEM infrastructure as a processor and enhancer to supercharge your data and conserve your SIEM resources.
Distributed, intelligent Aella agents capture server processes, command executions, application logs, network traffic, as well as user information
Extract network traffic metadata up to Layer 7 for over 3,000 applications
Local data correlation
Starlight Big Data Processor can enrich data further with threat intelligence, GEO-location, user name, and domain name, among others
Real time breach detection conducted by both agents and Big Data processor
Transport pre-processed, enriched data to Elasticsearch in lightweight JSON
Do you have enough security analysts on staff to monitor your customers networks?
An MSSP business that manages security for hundreds or thousands of customers must defend each network with vigilance. Yet, security analysts are as expensive as they are in demand, resulting in limited staff who are swamped with thousands of alerts on a typical day.
Improve business profit margins by hiring a virtual security analyst called Aella, which runs on the industry’s first multi-tenant, AI-driven breach detection platform for MSSPs. With Aella’s self-learning intelligence, security event analysis is conducted 24/7. MSSPs can augment the efficiency of their security operations staff, using Aella’s high fidelity analytics to enable staff to prioritize in their investigations and reduce response times.
Real-time monitoring and detection that runs 24/7, with additional retrospective investigation capabilities.
Reduce the time to detect anomalies and breach events from months to minutes.
A multi-tenant architecture designed to support MSSP-specific need
Flexible deployment of the Starlight platform in the MSSP’s own SOC or their customers’ cloud/data centers
Rapid deployment of Aella agent on their customers’ networks
Multi-tier, role-based access for MSSP administrators and tenant users
Receive alerts & reports via email, text or RESTFUL API updates
Deploy honeypots and deception targets for breach detection using Starlight’s BlackHole Deception solution. Starlight makes the use of Multi-Machine Learning & Artificial Intelligence an first when it comes to honeypots & deception technology. When deploying the BlackHole Deception solution, organizations can lure hackers that have made their way into your network, into a fake server that appears to be vulnerable to attack. These fake servers are commonly referred to as “honeypots” and are a good way of identifying malicious actors within your environment. Aella’s honeypots are not like others seen in the industry. With our solution, we leverage complex Multi-Machine Learning and AI technology to find anomalous behavior being performed on the honeypots. This allows Starlight to see more breach attempts and detect things faster. Once a breach has been detected on a honeypot, a security analysis can take the necessary actions to hunt down the intruder and remove him from the network.
Centralized management with rapid, flexible deployment
Deploy single target honeypots, sophisticated honeynets, and deception
Complements anomaly detection on primary network assets
Artificial Intelligence driven deployment models
Fake & accessible network services that can cause no damage to real servers