Open XDR specialist Stellar Cyber is incorporating four distinct technologies — machine learning (ML), graph ML, generative AI and hyper-automation — all in a single, unified platform with the purpose of improving threat detection and reducing response time.Stellar Cyber’s launch of its Multi-Layer AI capability this week effectively applies AI at multiple steps in the detection, correlation and response process to reduce alert volume, prioritize and correlate threats, counsel analysts and respond automatically, according to the company.“We have always focused on using AI in our platform, and we have led our SecOps platform competitors in this area since 2018,” Aimei Wei, founder and Chief Technology Officer of Stellar Cyber, told MSSP Alert. “Our Multi-Factor AI is an industry first because it leverages four different types of AI in one platform. We’re the only ones who do that. “Stellar Cyber’s aim is to make AI consumable and easy to buy. Wei notes that this is an important distinction for MSSPs because it makes detection and response much faster and easier.“We have all these AI variants in one platform and that is key and a huge differentiator in our view,” Wei said. “It drives a better profit-and-loss or margin outcome for MSSPs. It’s an important distinction for MSSPs because it makes detection and response much faster and easier, which makes them more competitive. By making their teams much more productive, it also improves their margins.”Stellar Cyber pioneered the use of AI in a SecOps platform with the debut of its Open XDR platform in 2018, and now advances its platform’s capabilities through Multi-Layer AI.“Analysts were so buried in alerts that they couldn’t tell the real ones from the false ones, and it could take months to see and respond to the real threats,” said Steve Garrison, Steller Cyber’s senior vice president of Marketing. “That’s why we baked AI into our SecOps platform from day one, and why we are continuing to leverage it in all forms as we move forward.”
How Multi-Layer AI Improves Security
Managing torrents of data from dozens of cybersecurity tools takes a lot of time. That’s why most major data breaches have taken months to discover, according to Stellar Cyber. Therefore, successfully responding to cyberattacks is about visibility combined with the ability to act on it quickly.To gain needed visibility, Stellar Cyber collects data from the entire attack surface, including endpoints, networks, identity management systems, software-as-a-service, vulnerability assessments, and the cloud. As each security tool stores data in its own format, the Stellar Cyber platform automatically transforms data through normalization into a single format and enriched with context so it can be effectively used by AI.Here’s how Stellar Cyber uses Multi-Layer AI to speed detection and responses:- Detection AI. The platform’s ML-based AI evaluates 10-100TB/day of data and automatically detects common threats. This converts terabytes of data to thousands of alerts per day.
- Correlation AI. The platform’s graph ML technology spots correlations between two or more alert signals, weak or strong, assembling them into contextual cases that identify impacted and potentially impacted assets. This process converts thousands of alerts into hundreds of manageable cases per day, reducing analysts’ workloads.
- Copilot AI. The platform’s genAI implementation, AI Investigator, speeds complex threat analysis by providing instant responses to analysts’ questions, further reducing the number of analyst decisions to less than a hundred per day cutting threat response times.
- Hyper Automation AI (in forthcoming releases). The platform uses ML to change the state of external systems to address known attack techniques like phishing. For example, the Stellar Cyber platform can use hyperautomation to automatically analyze phishing emails through AI.




