Stellar Cyber migrates to OCI to enhance its Open XDR security platform

The cybersecurity software provider can better serve clients regardless of skill set with a high-performing SaaS deployment model on Oracle Cloud.


By using Oracle Kubernetes Engine Workload Identity, we get better manageability across our large-scale multitenant Kubernetes environment. This means our technical staff is free to focus on improving our leading SecOps platform instead of on managing infrastructure nodes and security.

Sam JonesVice President of Product Management, Stellar Cyber

Business challenges

Cybersecurity is an asymmetric battle due to how freely available it is to access and modify hacking tools. Stellar Cyber’s mission is to level the playing field. The company’s Open eXtended Detection and Response (XDR) platform helps both enterprises and managed security service providers reduce their susceptibility to threats by unifying disjointed security tools and data sources to fully visualize and automatically detect, investigate, correlate, and respond to attacks.

With a heritage founded in the extremely risk-averse public sector, Stellar Cyber originally offered its platform only in an on-premises deployment model. But as the popularity of cloud and hybrid deployment models increased, the company needed to extend its platform to a SaaS model. Potential cloud infrastructure providers would be evaluated on the basis of cost, performance, and strength of the relationship.

From a technical perspective, Stellar Cyber’s platform requirements were straightforward, close to bare metal. Elasticity and scalability were important because workloads can vary randomly based on client requirements. And even a one-minute delay in processing can be impactful. From the business side, Stellar Cyber needed global access to infrastructure and support.

Stellar Cyber’s evaluation found that computing costs on Oracle Cloud are about 30% lower than that of other providers.

Why Stellar Cyber chose Oracle

Over the years, Stellar Cyber gained experience with leading cloud providers by deploying its products in AWS, Microsoft Azure, Google Cloud Platform, and Oracle Cloud. When it came time to choose a SaaS platform, the company evaluated providers based on cost, performance, and quality of relationship. The firm’s technical staff ran each of the prospective solutions through a synthetic testing framework on its Open XDR platform to simulate actions from users and to document performance. The results showed that Oracle Cloud Infrastructure (OCI) delivered performance on par or beyond that of other providers. From a cost perspective, OCI’s costs were about 30% lower than that of other platforms. And Oracle excelled from a relationship standpoint by offering unmatched access to technical resources and documentation. During the evaluation, technical staff also recognized that Oracle thoughtfully incorporated security services into its cloud infrastructure from the beginning, not as an afterthought or as add-ons. Security services are part of OCI’s DNA and are orchestrated to work well together.

With OCI’s elasticity, Stellar Cyber’s technical staff can dynamically add new sources to a client’s data intake in a matter of minutes.


With OCI, Stellar Cyber’s prospective customers can choose to adopt the company’s Open XDR platform on-premises or as a SaaS solution. Existing customers can also move to a services model by migrating their existing on-premises instances to Stellar Cyber’s OCI environments. Stellar Cyber is using Oracle Container Engine for Kubernetes to reduce the time, cost, and operational burden on its limited IT resources while preparing solutions for clients. The company’s platform ingests hundreds of terabytes of data in OCI each day, with volumes expected to soon reach petabyte scale. Oracle Block Volumes provide reliable and low-cost block storage that persists beyond the lifespan of a virtual machine. Oracle Object Storage stores data in its native format, since the data gathered by the Open XDR platform comes from a variety of client data sources and in multiple formats.

Stellar Cyber’s Open XDR platform runs at 99.99% availability and exceeds expectations for performance. Customers can rest assured that threats are detected in near real time, allowing for immediate counteractive measures. OCI’s elasticity and scalability also enhanced the company’s ability to quickly meet the changing needs of its clients. For example, IT staff recently doubled a client’s data intake, onboarding 10 new data sources, in just 30 minutes.

At the beginning of its OCI journey, Stellar Cyber’s technical staff did not have experience with Oracle. The company was pleasantly surprised to learn how Oracle’s support and documentation flattened the learning curve. Staff also enjoy access to Oracle support and development resources. For example, discussions with Oracle security solution architects enabled them to understand how to easily incorporate OCI’s built-in security features with the company’s Open XDR platform. For example, Oracle Web Application Firewall now helps to protect the company’s applications from malicious cyberattacks. Oracle Key Vault is used to securely store and manage the encryption keys that help protect client data. And, with Oracle transparent Data Encryption, all client database files, including backups, are better protected from the risk of data breaches while also helping clients meet regulatory and compliance requirements.

Oracle’s extensive and fast-growing network of global data centers boosted Stellar Cyber’s ability to expand its client base, especially for prospective clients who require in-country data residency. The company now has 6,000 customers and is deployed in every continent except Antarctica.

Published:March 31, 2023

About the customer

Stellar Cyber’s industry-leading security software improves security operations productivity by empowering security analysts to kill threats in minutes instead of days or weeks.