Webinar Safetech Innovations: The Modern SOC – Smart Centralization and Local Autonomy with Open XDR

Webinar Safetech Innovations: The Modern SOC – Smart Centralization and Local Autonomy with Open XDR

On June 11, 2025, Safetech Innovations held the webinar “Modern SOC: Smart Centralization and Local Autonomy with Open XDR”, during which the company’s specialists – Cătălin Gherghiceanu, Presales Manager, and Călin Tămaș, Cybersecurity Specialist – provided valuable insights into the role of Open XDR (Extended Detection and Response) platforms in ensuring the efficient functioning of a modern security operations center (SOC). Safetech Innovations specialists have outlined the optimal model for managing security operations at the organizational level, focusing on defining the architecture of a SOC adapted to current challenges.

As a case study, Safetech Innovations representatives presented the Stellar Cyber Open XDR platform. They highlighted the key functionalities of the solution and how it supports compliance with NIS2 and DORA requirements, through a unified and automated approach to cybersecurity. Stellar Cyber Open XDR covers the entire security operations cycle – from monitoring, detection, and response, to risk assessment, incident reporting, and auditing.

Resilience through centralization and antifragility through local autonomy

Cătălin Gherghiceanu opened the webinar by recalling the environmental models presented in the first event of this series of webinars, dedicated to modern cyber protection solutions – VUCA (Volatility, Uncertainty, Complexity, and Ambiguity) and BANI (Brittle, Anxious, Non-linear, Incomprehensible). These concepts, explained the manager of Safetech Innovations, reflect the challenges of operating in a rapidly changing world and can be applied in shaping an organization’s cybersecurity.

The VUCA model defines an unstable, unpredictable and interdependent environment (dependencies between systems, subsystems, customers and suppliers), with ambiguity and difficulties in clearly interpreting situations. It can evolve, against the background of a Black Swan event, in a BANI context, in which the systems considered to be highly reliable suddenly collapse under the pressure of external shocks, the staff feels a lot of stress, and apparently minor causes can generate huge and often inexplicable effects against the background of multiple variables. How do the VUCA and BANI environments affect the incident management model and security operations in an organization? When it comes to a BANI context, the dependence on centralized systems becomes a vulnerability. It is necessary to ensure local autonomy, locally distributed decision-making capacity, as well as the implementation of redundancy and diversification with alternative security solutions.

“When it happens that the system collapses, and the centralized platform no longer works or can no longer connect to the grid, we need local autonomy. In this case, detection and response mechanisms that work at the edge, microsegmentation and Software-Defined Networking (SDN) are useful in order to be able to rearrange traffic, limit damage and isolate groups. (…) Safe-to-fail mechanisms are also very useful, a newer concept, which is not widely applied today, and which means that we can test what happens if we perform a certain action, even at the risk of creating problems, in order to respond effectively in a situation that we have never faced before,” said Cătălin Gherghiceanu.

Next, the manager briefly presented the evolution of SOC platforms from the traditional classic SIEM, defined by manual workflow and long reaction time, to modern technologies such as Next-Gen SIEM, SOAR and XDR (having their own sensors and built-in EDR). Open XDR, which enables cross-layer integration between various equipment, applications, systems, subsystems, network domains, additionally provides unified visibility and hybrid sensing, with integration capabilities with a large number of third-party solutions and vendors natively.

Stellar Cyber Open XDR, a solid platform for a modern SOC

Cătălin Gherghiceanu presented the architecture of the Stellar Cyber Open XDR platform, built on two essential “layers”: a data lake and a layer for detection and correlation. On this basis, the platform offers capabilities such as NDR (Network Detection and Response), TIP (Threat Intelligence Platform), SOAR (Security Orchestration, Automation and Response), IDS (Intrusion Detection System), Sandbox for malware and UEBA (User and Entity Behavior Analytics).

Stellar Cyber Open XDR can ingest very large volumes of data, from hundreds of various sources, with which it integrates natively, such as EDR (Endpoint Detection and Response), IAM (Identity and Access Management), email security, SASE (Secure Access Service Edge), cloud services and SaaS (Software as a Service) applications.

“Through mechanisms such as data lake, SIEM, detection and correlation, the Stellar Cyber Open XDR platform, built on a centralized design, enables accurate predictions and a fast and efficient response. To achieve the massive ingestion of data from various sources – both from different systems and from different manufacturers – an “open” architecture is needed, which allows native integration. This architecture also makes decentralization possible. How? By integrating with tools such as EDRs or third-party firewalls – tools that, even if the connection to the network is broken, can be used locally to apply quick measures,” explained the manager from Safetech Innovations.