Stellar Cyber Enhances SOC with Agentic AI Automation

The latest update from Stellar Cyber, version 6.3, introduces a significant leap forward for security operations centers by embedding agentic AI automation directly into its platform. This release is engineered to tackle the overwhelming volume of alerts and fragmented tools that plague modern security teams. By automating the complete cycle of threat detection, investigation, triage, and response across identity, network, endpoint, email, and cloud environments, the platform aims to function like an experienced analyst. The core objective is clear: reduce analyst workload, slash the mean time to respond (MTTR), and create a more unified and efficient security operation.

A central component of this release is the integration of the Model Context Protocol (MCP), which allows organizations to seamlessly incorporate third-party agents and bots. This opens the door to new automated workflows and tighter integrations with external systems like ticketing platforms, effectively expanding the ecosystem of the Autonomous SOC. Early access features demonstrate the practical application of this AI, such as AI-generated case summaries that automatically detail an incident’s cause, impact, and supporting evidence. This directly cuts down on manual investigation time. Furthermore, advanced automated email phishing triage provides deeper, earlier diagnosis to stop attacks before they can cause significant damage.

From a usability standpoint, version 6.3 introduces refinements that promote collaboration and speed. The new Query Manager import/export function lets teams and managed security service providers (MSSPs) easily share and reuse proven detection logic. A streamlined Watchlist workflow allows analysts to take immediate action from within an investigation, minimizing disruptive context switching. These tools are designed to help teams resolve incidents more rapidly and scale effective practices across different groups and client tenants.

The update also delivers stronger unified security by correlating identity, network, and endpoint signals. Enhancements in Identity Threat Detection and Response (ITDR) and Network Detection and Response (NDR) create a single operational view for tackling real-world attacks. Key improvements include enriched login anomaly detection with additional context like ASN and user-agent data. New support for Netskope CloudTap enables decrypted traffic analysis and user identity enrichment, allowing for earlier detection of suspicious behavior. Expanded Unified Threat Management (UTM) support lets customers utilize existing firewall telemetry as a high-value data source within the Open XDR platform.

To broaden visibility and simplify integration, Stellar Cyber 6.3 enhances XDR Connect Webhooks for easier third-party alert ingestion and introduces a new Domain Service for better connector scalability. The platform has also expanded its integration library with numerous new connectors, including tools from Wiz, SonicWall, Fortinet, Halcyon, Bitdefender, Cisco, and iManage. This extensive connectivity ingests and correlates data across endpoint, cloud, ransomware protection, and digital risk platforms, enabling faster deployments and higher detection fidelity without requiring organizations to rip and replace their existing investments.

Company leadership emphasizes that every feature is purpose-built to consolidate and streamline security operations. The integration of agentic AI transforms raw data into decisive, automated actions, empowering teams to operate at the speed of modern threats while maintaining crucial trust in the system’s decisions.

(Source: HelpNet Security)