Stellar Cyber’s Subo Guha outlines how their open XDR platform and new autonomous SOC features are making enterprise-grade cybersecurity achievable for MSSPs and the organizations they support. By combining flexible integrations, case-based alerting, and hyper automation, Stellar Cyber is redefining how security operations can scale without overwhelming human teams.
In this episode, Subo Guha, Senior Vice President of Product Management at Stellar Cyber, shares how the company is reshaping cybersecurity operations for managed service providers (MSPs) and their customers. Stellar Cyber’s mission is to simplify security without compromising depth—making advanced cybersecurity capabilities accessible to organizations without enterprise-level resources.
Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint and network tools they already use—such as CrowdStrike or SentinelOne—without being locked into a single ecosystem. This flexibility proves especially valuable to MSSPs managing dozens or hundreds of customers with diverse toolsets, including those that have grown through acquisitions. The platform’s modular sensor technology supports IT, OT, and hybrid environments, offering deep packet inspection, network detection, and even user behavior analytics to flag potential lateral movement or anomalous activity.
One of the most compelling updates from the conversation is the introduction of their autonomous SOC capability. Subo emphasizes this is not about replacing humans but amplifying their efforts. The platform groups alerts into actionable cases, reducing noise and allowing analysts to respond faster. Built-in machine learning and threat intelligence feeds enrich data as it enters the system, helping determine if something is benign or a real threat.
The episode also highlights new program launches like Infinity, which enhances business development and peer collaboration for MSSP partners, and their Cybersecurity Alliance, which deepens integration across a wide variety of security tools. These efforts reflect Stellar Cyber’s strong commitment to ecosystem support and customer-centric growth.
Subo closes by reinforcing the importance of scalability and affordability. Stellar Cyber offers a single platform with unified licensing to help MSSPs grow without adding complexity or cost. It’s a clear statement: powerful security doesn’t need to be out of reach for smaller teams or companies.
This episode offers a practical view into what it takes to operationalize cybersecurity across diverse environments—and why automation with human collaboration is the path forward.
Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947
Note: This story contains promotional content. Learn more.
Guest:
Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/
Resources
Learn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyber
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25
______________________
Keywords:
sean martin, subo guha, xdr, mssp, cybersecurity, automation, soc, ai, ot, threat detection, brand story, brand marketing, marketing podcast, brand story podcast
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
Simplifying Cybersecurity Operations at Scale: Automation with a Human Touch | A Brand Story with Subo Guha from Stellar Cyber | An On Location RSAC Conference 2025 Brand Story
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: Comfy. Yeah. And I can hear you. Yeah, you can hear yourself. Testing 1, 2, 3. Yeah. Look at that's, here we are subo. Alright. It's, uh, the, the final stretch of the conference.
[00:00:10] Subo Guha: Absolutely. I mean, this has been a hell of a launch we did here day four and, uh, really exciting. Good feedback. Excellent feedback. Yeah. I think we've had existing customers, a lot of our new prospects, and especially with the launch with our autonomous soc, there's a lot of interest in that.
From a lot of customers.
[00:00:28] Sean Martin: Very cool. So you're with Stellar Cyber. Why don't you take a moment and give us a, a brief overview of your role and maybe if there's a journey into that role that Yeah. Sure. That can help paint a picture for who Subo is. That'd be great.
[00:00:40] Subo Guha: Yeah. So, uh, I head up all product for Stellar Cyber.
Okay. Uh, so that includes the product management team as well as the UX designers. Uh, basically responsible for the product strategy and direction for the company. Okay. Uh, stellar Cyber, uh, is a cyber. Cybersecurity, uh, company that's been doing AI based, uh, cybersecurity [00:01:00] for almost 10 years. The product was built day one to be AI ready.
Okay. And it basically is a open XDR platform. And what does that mean? Yes, it means, uh, we don't box you into what your endpoint solutions should be, uh, what EDRs you pick. If you like CrowdStrike, if you like Sentinel One, Microsoft, we're very open. Okay. And that's one thing we take pride in. It's an open platform that we allow you to make, retain what you have.
But you can, people tend to switch. You don't, you don't get kind of boxed in. It's
[00:01:31] Sean Martin: also good if you're, if you're, uh, an, an in acquisitive company. Yeah, absolutely. Most locked, right? Yeah.
[00:01:38] Subo Guha: Yeah. Absolutely. So, uh, obviously we get a lot of interest in that too, but our focus now is all about growth. So,
[00:01:44] Sean Martin: no, I mean, if your customers are built out of acquisition Yeah.
And have a lot, they have different endpoint. Yeah. Yeah,
[00:01:50] Subo Guha: so there's a lot of merger and acquisitions within our accounts, right? Yeah. So basically a lot of the MSPs have bought other MSPs and MSPs and they want to consolidate on single platform, right? And so what we [00:02:00] do is we do, uh, cybersecurity, uh, across any, uh, IT or ot.
So we actually have NDR built into the platform. We can do network detection, uh, as well as being able to look at ot, which a lot of manufacturing companies are concerned about how to manage that. Uh, and then we can kind of do. As well.
[00:02:19] Sean Martin: OT and critical infrastructure as well. Yeah. So
[00:02:22] Subo Guha: yeah, so we do a lot of the scatter protocols that are typical with OT as well as just regular it, whether it's a firewall or we can API get alerts from applications like,
[00:02:33] Sean Martin: and that's because you have the flexibility of the underlying Yes.
[00:02:36] Subo Guha: So our secret sauce is really the sensor technology that we have. It's a modular sensor, which has a lot of capability and the reason we call it modular. Is, do you want deep packet inspection? Do you wanna do networking? Do you want to do servers? Uh, so we filter at the location so that when it comes to our cloud, uh, we can do more enrichment of the alerts that come in.
Okay. So we can quickly determine if [00:03:00] this is a false positive or something you need to take care of.
[00:03:02] Sean Martin: Got it. Can you gimme, um, a scenario of a typical customer that's, that's using it maybe with Yeah. One or two or a couple different, uh, endpoint solutions. Yeah. So, and kind of what. But that detection, where you fit in, what happens after?
[00:03:18] Subo Guha: Yeah, sure. Sure. Uh, so we serve our, our biggest customers, our channel is MSSP market. Mm-hmm. So the MSPs are either serving mid-size customers who can't afford to have, you know, a large stock and security teams that enterprises have. Uh, and we also have very large customers that have like 50,000 devices.
So think of it as an MSSP is serving, say, hundred. Of customers. Our platform is multi-tenant, so they can actually look at all the hundred, uh, uh, individually, but manage it centrally. And so what happens is daily every, it's not an if, it's like everybody's concerned about a security. So we collect from any device, whether it's an [00:04:00] endpoint as I mentioned, or an application or an OT device.
Thousands of alerts are coming daily, right? And then the SOC analyst has to determine, okay, should I be worried about these alerts or not? But think of how much effort it is to kind of sift through thousands of it. This is where our product kicks in. We have machine learning built in. The alerts come in, we enrich it.
So we have different thread intelligence feeds. We have IOC feeds. And what does that mean? It's basically, we use industry standards to determine is this alert something that we should give it a reputation? And reputation means bad. Good, right? Yep. So we wanna find the bad actors, and so we enrich all the data.
That's where ai, our machine learning kicks in. We correlate it. The other thing is we're case management versus alert management. What does that mean? Yes, I can get 10 thousands of alerts, but several thousands of those may be very similar, and that's what we call a case. Okay? So we believe chasing alerts is not the right way to do it.
Only we need to move to case [00:05:00] management. And that allows you to group things that are common so you can quickly get more. 'cause everything's about reduce the time right when a bad action happens. So we're case management oriented, not just alerts. And then once you have a a capability, our platform does, uh, UEBA, meaning if is there a user that we need to block or something, we have a very deep UAB capability, we can, uh, see if there's a lateral movement, like when someone entered the network and then make changes in terms of what we need to shut down or block the IP address.
Uh, so we have different capabilities. Within remediation and action. So that's what it's called, right? Extended mean. We can get any source, we can detect and then we can respond.
[00:05:43] Sean Martin: Right. So in that last bit, you, you described an actual user behavior and responding to that. Do you also, because in the o OT environment, there may not be a user, but it's more, it's a machine machine, right?
Right. So same, same scenario. In that case, we
[00:05:57] Subo Guha: are, we're, we're trying to determine has that [00:06:00] machine been, uh, breached or something happened, and what we can do is shut it off. From the network. Yeah. Right. So it's not a shutting off lateral movement before the user one is, for example, a, we find some unusual, uh, emails deleted, right?
Which is not at 9:00 PM So what we can do is, and we actually are demoing that at our booth with our new auto triage and autonomous sock. Basically you can go determine and is did that exchange admin actually do the deletions or not? Or was it programmatic? Yeah. And we have GI capabilities where we can actually ask the.
Hey, did you do this? And then they'll say, well, no, but I did get a lot of suspicious people asking to reset password. Okay, that's the red flag,
[00:06:42] Sean Martin: right?
[00:06:43] Subo Guha: And then our agent technology, agent technology then starts looking at, okay, was there any lateral movement? Were there other, 'cause just finding a problem is one thing, but if you start seeing lateral movements, that's what our platform does, right?
You know that the bad actors going other places. So that's the place where we would [00:07:00] actually, uh. You know, we'll cut off or turn off Gadens Right. User behavior. Or we will also turn off, you know, devices that have been, uh, uh, breached upon. So
[00:07:10] Sean Martin: you, you've said a couple things which I'm, I'm going to guess are part of the launch this week.
Yes. So tell, tell me about the launch and, and
[00:07:18] Subo Guha: Yeah. So what we're excited about is, uh, and we are actually ranked among the top three vendors that serve a global two 50 MSPs, uh, because of our openness and our AI based technology. GI think the next frontier is hyper automation. And what people are talking about is ai, so, or autonomous.
So that's what we're, that's where the agent
[00:07:38] Sean Martin: AI stuff is. Yeah. So
[00:07:39] Subo Guha: that's now going to be layered on top of our XDR. We don't believe you should buy another third party. There are a lot of vendors here to do that because you want to be able to look at the whole fund from the point of all detections. And so one of our customers, for example, um, in Austin, Texas, he, what they want to do is they've got 6,000 alerts a day.
They want [00:08:00] to reduce that to a hundred or else what they'll have to do is keep hiring soc analysts to solve that 6,000. That's where hyper automation comes in. So we're, we are announcing is, uh, auto triage capability. Uh, so for example, phishing is a very, you know, uh, high demand and it's a problematic issue, right?
So ransomware is on the rise, and that's usually the first door entry to more bad things to happen. But if you have like 10,000. And employees, right? Just think about how much man, just figure out is this a true phishing or not, right? Right. So what we are doing, and we are demoing this at the booth, is if a user, um, says that this is a suspicious email, they'll send it and within minutes we can give it a reputation score and we kind of call it the verdict.
So if the verdict says it's a hundred percent bad, right? And we can also look at, and you can hover around, okay, what does this UR look like without having. To click on the URL, you can see that this is malicious, right? Uh, without having to click on the PDF, you can actually see it [00:09:00] in our product and say, okay, we know this is bad.
It's a ransomware type thing, so we can do that in minutes. Versus it would've taken two, three people and just multiplied by the number of users and think of how many phishing emails everybody gets every day, right? So that's what the auto triage does, and we are gonna do that also for alerts for endpoints as well as user behavior.
So it's kind of automation on steroids. That's what the Gentech AI X is all about. So what we do is we have the intelligence with our XDR, now we're gonna go in steroid mode of how do we do automation to even further reduce the time. And why is that important? Because we're, we're not trying to be all to everybody like the large enterprises.
We want to have a simplified but very capable cybersecurity platform for the masses. Right? Right. So you don't have to hire hundreds of SOC experts. Right?
[00:09:50] Sean Martin: Yeah. So the organization. Is you're serving ultimately through your partners.
[00:09:56] Subo Guha: Yeah.
[00:09:56] Sean Martin: Don't have to worry about a lot.
[00:09:57] Subo Guha: Yeah. And it, and since like, 'cause a lot of it is [00:10:00] built in, it's, it's kind of automated and with, with the autonomous SOC vision, it makes it even simpler.
Now, one thing that is different, we call it human, authentic autonomous, sock autonomous. By now it's like you see the Waymo's and all that. It's like there's no driver. We don't believe that's the world of soc. Okay. We think the SOC analyst. Human will always be involved, but our solution that we're announcing is gonna be a learning system that learns from these architects.
So there'll be direct interaction, there'll be feedback, like the example I gave about the email admin. They'll talk to the admin ask, and they'll talk to the, is this what I should be doing? So it becomes a intelligent agent system, but it learns from the human.
[00:10:39] Sean Martin: Very cool. Very cool. Well, clearly you're very, uh, partner friendly.
Yes. And, uh, and partner driven. So talk to me a bit about, I think you've launched Cuni programs as well. One is called Infinity and then there's the The Ecosystem program. But yeah, so I think So tell me about those two things. Yeah,
[00:10:57] Subo Guha: so we have two key, uh, [00:11:00] partnership that drives our business. One is the MSSP as I talked right about, so we launched the Infinity program, which kind of talks about how we can become a better partner to the MSSP and with the Infiniti program comes a lot of benefits to the MSSP.
There are different tiers that, but the whole point is. Uh, we take very, uh, pride in terms of how well we, uh, work with our partners, which are MSPs and then we work together. So it basically allows you to have, uh, more, uh, closer relationship with us. A lot of times I've worked in large companies and, uh, we have thousands of customers.
You can't give them that white glove service, right? So with Infinity, the top tier gets the, gets the real good. Yeah. So, you know, almost all the customers we have know me, no, my. Team, right. Direct access to the product. 'cause they make me make the product better. Right. So the Infinity program is more about the business relationship we'll have with MSSP.
So that was announced. The second one, what we really excited about is our, [00:12:00] uh, cybersecurity alliance program that we've announced. And a lot of our vendors are actually in our booth with the, and uh, obviously we, Oracle is one of our biggest partners 'cause we hosted on Oracle with OCI. Uh, but we have all the different partners here, uh, part of the alliance, and that's what we call about.
We, we, we believe we're the market leader in EDR Federation, right? You tell us what your choice of EDR is. We work with it, but we also work with the partner. And so we're getting a lot of quests to become part of this alliance, uh, program so that we can better be a better ecosystem for our customers,
[00:12:37] Sean Martin: right?
And so, so yeah, two very different things here, obviously. So for the MSPs, clearly direct connection to you, connection to the product, the feedback loop there. Yeah. What they're hearing. Tell the the end user customer through the MSP, the value they get [00:13:00] because of that. Yeah. So there's also the
[00:13:01] Subo Guha: market development, right?
Yeah. Because they, when they grow, we grow, right? So we want to help them acquire more customers, expand what they're using. So there's a lot of benefit in terms of go to market. Programs MDFs as part of the Infinity program. So it's basically not only, you know, how we work better together and get better support from us, but how can we help the MSSP grow, right.
And kind of do the business development and go to market.
[00:13:25] Sean Martin: And do they, they gain knowledge and intelligence across, obviously they're, they're managed in instances are separate, I would imagine. Yeah. But, but having a view or a centralized management. Than a centralized view. Does that help them? Yeah. So that obviously
[00:13:42] Subo Guha: helps their operations.
The other benefit is also our peer network, right? So if you're part of the infinity, you know, we had just the, uh, advisory council, we have the kind of the brightest MSPs talk about, uh, challenges and issues they see as well as opportunity. So that peer network is also a benefit to kind of helping each [00:14:00] other.
Even some may be competitors, but a lot of it's also like peer networks that they can learn from each other.
[00:14:05] Sean Martin: So let's talk about that last point. Um, from the competitor perspective, I mean, when you look at a sim, it's natural that, that there would be a lot of connectors and poles and feeds and all this stuff from competitors.
Um, less likely at the end point, which probably why we haven't seen much of it. So talk a little bit more about the, the partners in that space and. Mean you, what you're hearing from them. Clear sound. They're obviously in the booth. Yeah. I mean, yeah.
[00:14:38] Subo Guha: So for example, like, uh, EEC is over there. We have different, uh, partners, uh, with different endpoint security technologies, right?
Uh, so they each serve different markets, the different type of customers. Uh, so they may compete with each other, but
[00:14:56] Sean Martin: there's enough market. But what did they tell you? What do they, what do they say? They say it's, I wanna be [00:15:00] part of. This because,
[00:15:01] Subo Guha: because the customer just doesn't want endpoint security.
They need the entire second security operations. Got it. Right. And so what they want is we augment, complement what they select and they're kind of endpoint. Then we have partners that are in the cloud and we have things that the middle, right. So us, we're the ones that can do it all together. Right. And then kind of stitch in all the different points of attendance
[00:15:24] Sean Martin: and of course with the, with the OT environment connected to that.
Yeah. The ability to manage that. Yeah. A lot of them can't touch that space. And a lot of our,
[00:15:32] Subo Guha: uh, MSPs and their customers don't just have one endpoint. Right? Right. They may have Microsoft and CrowdStrike. They may have ec. So, you know, so we kind of, that's why it's important that we can have all the different players that, what customers want.
Uh, because they, there's very few shops that just have one thing. Right. Kind of chooses their different security tools.
[00:15:53] Sean Martin: Alright, let's, let's, uh, close with two things. Let's speak to the audience directly now. Um. [00:16:00] First, let's go with the, the, uh, MSSP, uh, audience. What, uh, what would you like them to know? What, what are, I'll ask this.
Is there something that you think some SSPs are experiencing now that's painful that they don't really recognize how to get out of, that you can help with?
[00:16:22] Subo Guha: Yeah, so a couple things, right? So one is, as I talked about, uh, a lot of their budget constraints. There's labor shortages. They want a platform or a tool that they can scale quickly, right?
And grow more customers. So the fact that we are a unified platform with a lot of capabilities, we can do network, we can do ot, we can do application protection, EDR from the same platform, right? Uh, the second thing is, it's one platform, one license. We don't nickel and dime the mss. So we're, we're trying to get away from that.
Tools for, in the old days you had to buy 10 products. With ours, it's just one platform. [00:17:00] And m love that, right? It's just one tool to learn, but it can do many things. It has tentacles to do many things. Uh, we also make it very attractive pricing wise, right? We're not trying to gouge you in terms of buying this tool, but buy a sim tool, then buy an NDR tool, then buy this, uh, SOAR tool and it just adds up, right?
Creeps up. It's just simple. We make it very simple for the SP but the platform is also, uh, easy to use. So you don't have to keep hiring people to solve the problem. Right.
[00:17:28] Sean Martin: Alright, so then they, the last piece, and we'll close with this, uh, of course to do something else you want to add. We can, but speaking to not, I guess when you start to get the small, medium, perhaps less staffed, less, I'll say less mature, but teams that aren't Yeah.
Designed to manage. Security, um, what do you tell them? Do they contact you directly and you help connect them with partners? Yeah, so
[00:17:53] Subo Guha: our channel to the SME market is two mssp. Okay. Right. 'cause the SMBs, they [00:18:00] don't have the maturity or the capacity or capability to do security operations, which is why there's such a huge growth in MSPs and MSPs that can go out and kind of help those customers.
So they are reaching out to the MSPs, but obviously. We're creating a brand equity in the marketplace about, we're one of the top leaders. Um, so they want to feel comfortable. Oh, if they say, oh, we use Stellar, they feel comfortable. So it's kind of a dual marketing approach. They're approached by the MSPs and MSPs, but they're also aware of these different technologies out there.
[00:18:32] Sean Martin: Yeah. Fantastic. I have to say, we uh, we had a few minutes down in the hall and, uh, there was good, good energy down in your booth, so Oh,
[00:18:39] Subo Guha: absolutely. It's, uh, yeah, we good to see that. A lot of energy. We've got a lot of. You know, giveaways to kind of talk about, but more importantly, kind of the vision. Yeah. We think we're on the right track of what security operations need to be.
It's here. It's not a vision or something, you know, uh, that we can't deliver. So we're really excited about what this is [00:19:00] gonna do because it needs to be for the masses. It can't just be for large enterprise. Right. And that's where we come in.
[00:19:06] Sean Martin: Perfect Subo, fabulous meeting you. Great conversation. Alright, thank you.
Appreciate it.
[00:19:11] Subo Guha: Thank you.
[00:19:12] Sean Martin: Thanks everybody for listening and watching. Be sure to connect with Stellar of Cyber. Cyber Stellar cyber.
[00:19:20] Subo Guha: Yeah, stellar cyber.
[00:19:21] Sean Martin: Get the whole thing off the stellar cyber. Yes, exactly. And uh, do connect with Subo as well. And uh, he'll, he'll connect you with the right partner to, uh, to help you with your endpoint and incident handling.
So thanks everybody.
[00:19:35] Subo Guha: Alright, thank you very much.