1. Customer References
Technical Case Study

Stellar Cyber’s SaaS offering delivers a leading SecOps platform powered by OCI

September 30, 2022 | 8 minute read


This blog post was authored by Kellsey Ruppel, principal product marketing director at OCI, and Ramon Alvarez, cloud engineer at OCI. The authors want to thank Aimei Wei, CTO, and Albert Zhichun Li, VP of Engineering, at Stellar Cyber for their contributions.

The changing world we’ve found ourselves living in since the global pandemic struck in 2020 has been particularly helpful to cybercriminals. The increase in remote workers has broken many best practices and routines used to protect organizations.

Cybersecurity has always been a never-ending race, but the rate of change is accelerating.  At the same time, companies continue to invest in technology to run their businesses. Now, they are layering more systems into their IT networks to support remote work, enhance the customer experience, and generate value, which can create potential new vulnerabilities. Individuals and businesses need to be aware of the ever-growing avenues of attack, how to mitigate the risks, and where companies such as Stellar Cyber can help.

As a global cybersecurity software company, once installed and set up, Stellar Cyber provides a security operations software platform to help security teams automatically detect, investigate, and respond to cyberattack. With Stellar Cyber, organizations quickly respond to attacks to help reduce the impact and risk to the business. To provide these services for their customers, Stellar Cyber knew they needed a trusted cloud partner to run their security platform.

Goals for cloud migration

Stellar Cyber innovated the idea of Open eXtended Detection and Response (XDR), a new approach for delivering consistent security outcomes across all aspects of your business – on-premises, in the cloud, networks, applications, SaaS, and endpoints. Analysts using Stellar Cyber enjoy the automated approach, where the product automatically identifies top threats which might impact your business by analyzing alert and log data in real-time.

The Stellar Cyber Open XDR platform delivers comprehensive, unified security without complexity, helping to empower lean security teams of any skill to successfully secure their environments. With Stellar Cyber, organizations reduce risk with early identification and remediation of threats, while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering a 20X improvement in mean time to detection (MTTD) and an 8X improvement in mean time to respond (MTTR).

The platform includes XDR, and other key capabilities needed for security operations including NG-SIEM, NDR, and SOAR in a single platform on a single license. The solution greatly reduces enterprise risk from ransomware and other cyberattacks, and it provides automated threat detection and response from as soon as it is configured.

Stellar Cyber takes a big data approach to cybersecurity, using ML/AI algorithms to turn data into prioritized security incidents in real-time. Therefore, for their SaaS application to deliver expected results they required a provider with extensive compute and data storage solutions. Stellar Cyber’s solution was already deployed in public clouds, as it is cloud agnostic, and they have experience of delivering SaaS, but they were looking for a tighter partnership that they could take globally with consistency.

Stellar Cyber’s goal for migrating to OCI was to launch a high performance, low latency, and cost-effective SaaS offering of their Open XDR security operations platform. "The engineering team at Stellar Cyber did extensive testing to establish price, performance, and latency tradeoffs" said Aimei Wei, CTO and Founder at Stellar Cyber. "We tested our SaaS offering in AWS, Azure, Google, and Oracle Cloud Infrastructure (OCI). We found OCI to be less complex with a better user experience (particularly around latency) than Azure. AWS had a good user experience, but it was much more expensive. OCI had the best combination of performance, price, user experience, and support based on our testing and engagement with the Oracle team compared to other providers."

Suite of Oracle products used

OCI includes all the services needed to migrate, build, and run IT in the cloud—from existing enterprise workloads to new cloud native applications and data platforms. Stellar Cyber used the following OCI services and technologies:

  • Compute: OCI Compute provides fast, flexible, and affordable compute capacity to fit any workload need from performant bare metal servers and virtual machines (VMs) to lightweight containers.
  • OCI Block Storage: Reliable, high-performance block storage designed to work with a range of VM and bare metal instances. With built-in redundancy, block volumes are persistent and durable beyond the lifespan of a virtual machine and can scale to 1 PB per Compute instance.
  • OCI Object Storage: OCI Object Storage enables you to securely store any type of data in its native format. OCI Object Storage is ideal for building modern applications that require scale and flexibility because it can be used to consolidate multiple data sources for analytics, backup, or archive purposes.
  • Network load balancer: OCI Load Balancing service enables you to distribute web requests across an array of servers and automatically route traffic across availability domains resulting in high availability and fault tolerance for applications or data sources.
  • Oracle Database service: Oracle Database service allows organizations to create and manage full-featured Oracle Database instances in OCI. IT teams provision databases on VMs with block storage volumes providing cost-efficient cloud database services with a choice of Oracle Database editions.
  • OCI Networking: OCI networking and connectivity products and services enable customers to manage and scale their networks. You can connect securely to a customizable, isolated virtual cloud network (VCN) and take advantage of inexpensive data egress charges.
  • Oracle Container Engine for Kubernetes (OKE): Oracle Container Engine for Kubernetes (OKE) is an Oracle-managed container orchestration service that can reduce the time and cost to build modern cloud native applications. Unlike many other cloud infrastructure vendors, OCI provides Container Engine for Kubernetes as a free service that runs on higher performance, lower-cost Compute shapes.
  • OCI Web Application Firewall (WAF): OCI WAF protects applications from malicious and unwanted internet traffic with a cloud-based, PCI-compliant, global web application firewall service. By combining threat intelligence with consistent rule enforcement on Oracle’s flexible load balancers, OCI WAF strengthens defenses and protects internet-facing application servers and internal applications.
  • OCI domain name system (DNS): This service lets you create and manage your DNS zones. You can create zones, add records to zones, and allow OCI’s edge network to handle your domain's DNS queries.
  • OCI Identity and Access Management (IAM): OCI IAM provides an innovative, fully integrated service that delivers all the core identity and access management capabilities through a multi-tenant Cloud platform.

Stellar Cyber’s solution on OCI

Stellar Cyber’s SaaS offering is one of the leading SecOps Platform powered by OCI. The Stellar Cyber platform is a big data application using AI and ML to help identify attacks in real time. The stack is tuned to help cybersecurity teams be more productive by presenting attack incidents that have been automatically correlated by the platform. This configuration saves time and can greatly reduce risk as traditional systems (SIEM) rely on teams to manually correlate these incidents. With Stellar Cyber’s platform running at optimum performance, they can deliver the best possible customer experience.

"Now that Stellar Cyber moved our instance to SaaS, we not only got out of the OpEx and CapEx heavy data center business that was a drain on our resources, we see great performance of Stellar Cyber’s SaaS on OCI and now we can concentrate on delivering security services,” said a representative from 5Iron, a Stellar Cyber customer.

Migration path to OCI

Stellar Cyber’s journey began with the Oracle team helping them test their SaaS offering, knowing it was a competition with other clouds, including AWS, Azure, and Google. Stellar Cyber ended up moving from AWS as a development environment to OCI, and they started running their SaaS platform on OCI.

Stellar Cyber had been working with the Oracle partner and development teams for six months before signing a contract and joining the partner program. They did a proof of concept (POC) first for about three months, and it was helpful for them to test out the performance, key functionalities, and user experience. Because Stellar Cyber’s design is cloud agnostic, the migration was smooth.

Stellar Cyber’s architecture is microservices-based, and with OKE, they can run the application in the cloud and on-premises. OKE simplified their deployment and made the solution easier to scale.

Stellar Cyber takes streams of data from their sensors deployed at customers’ on-premises. They process and store the data in a big data lake and then serve customer security analysts and operation people through the SaaS portal.

Download this diagram in PNG format. You must accept the Oracle Technology Network License Agreement for Architecture Diagrams to download this diagram.

With the migration, Stellar Cyber’s architecture didn’t need big changes, which was ideal for them and proved the cloud-agnostic nature of their software platform. Stellar Cyber adopted several cloud native services from Oracle on the implementation level. They were able to deploy in multiple regions in a matter of hours to address customers’ needs, and a single deployment can easily scale to ten plus nodes to meet the requirements of their biggest customers.


With OCI, it’s easy for Stellar Cyber’s platform to scale up the cluster size without worrying about resource availability and network connectivity. It’s also easy for them to roll out deployments in multiple regions with a uniform management experience. With services such as automatic encryption for data in storage, WAF, and audit logging, Stellar Cyber can focus more on application logic.

Previously, Stellar Cyber needed an IT team to acquire hardware and set up network connectivity. After moving to OCI, that work was eliminated, saving them time, money, and resources. Stellar Cyber uses OCI WAF to protect their external facing web service, which is cost-effective for them and reduces their attack service on distributed denial-of-service (DDoS). Additionally, based on the previous experience being hosted on other clouds, OCI can reduce their overall total cost of ownership (TCO) and their customers’ costs.

Next steps

Since Stellar Cyber has chosen OCI for their SaaS offerings, they intend to use more cloud native services moving forward. They’re also considering utilizing some of the API services with Oracle Functions and API Gateway. In the long term, as the Stellar Cyber and Oracle partnership grows, they expect many synergies to develop, such as customer alignment, partner alignment, and good growth opportunities for both companies.

Explore more OCI customer technical case studies and try Oracle Cloud Free Tier.

By Kellsey Ruppel,
Principal Product Marketing Director, OCI