Professional Documents
Culture Documents
detection and Response Loop interface prioritizes detections into five phases: initial
attempts, persistent foothold, exploration, propagation, and
exfiltration / impact – analysts can easily see attacks as they
The XDR Kill Chain is a fully MITRE ATT&CK compatible
happen and respond to the most emergent needs first.
kill chain that is designed to characterize every aspect of
Captures the progression of complex attacks – alerts appear in the
modern attacks while remaining intuitive to understand. context of the five-phase kill chain so analysts can easily prioritize
them without getting lost in details.
All Stellar Cyber alert types are aligned to the XDR Kill
Incorporates commonly used MITRE ATT&CK framework for
Chain out of the box, so you can start detecting full detailed analysis and adds new tactics and techniques beyond the
MITRE ATT&CK framework.
attack progressions immediately.
Clearly shows external vs. internal attacks – helps analysts know
exactly where to look to stop attackers.
www.stellarcyber.ai | sales@stellarcyber.ai
Propagation:
Follow the attacker as they
go to more valuable rooms
and discover the treasure
Exploration:
Initial Attempts: The attacker studying what
is inside your company, such
See the efforts of an
as how many rooms this
attacker trying to get into
house has, and where the
the door of your company,
treasure is
the house
www.stellarcyber.ai | sales@stellarcyber.ai
STELLAR CYBER XDR KILL CHAIN
Holistic security posture monitoring in one intuitive dashboard
External XDR
XDR External XDR External XDR
Malware, Internal
Extended NBA, External NBA, External
XDR Intel, XDR NBA
Detections UBA, XDR SBA UBA, XDR SBA
XDR EBA
Internal
Reconnaissance, Execution,
Credential
Resource Persistence,
Access,
MITRE Development, Defense Discovery, Exfiltration,
Privilege
Tactics Initial Access, Evasion, Collection Impact
Escalation,
External Command
Lateral
Credential Access and Control
Movement
XDR User Behavior Analytics (UBA) XDR Sensor Behavior Analytics (SBA)
Covers user anomaly detections Covers injection anomaly detections
on the operational side
www.stellarcyber.ai | sales@stellarcyber.ai
WHY STELLAR CYBER’S XDR KILL CHAIN PROVIDES BETTER RISK REDUCTION
Prior MITRE ATT&CK, not compatible with ATT&CK MITRE ATT&CK native by design
Cannot differentiate between internal / external attacks Built-in external versus internal / lateral attack distinction
Linear, did not capture complex attack progression Better capture for complex multi-stage attacks with loop design
www.stellarcyber.ai | sales@stellarcyber.ai