Know more. Respond sooner. Mitigate risk.

Accelerate your response to threats with solutions that uncover serious and imminent risk from your cloud and on-premise network activity.

Stamus Network Detection and Response (NDR)

Stamus NDR is a broad-spectrum, open network detection and response (NDR) system that delivers:

Declarations of Compromise™ - response-ready threat detection from machine learning, stateful logic, and signatures
Asset-oriented attack insights
Open interfaces for SOAR, SIEM, XDR, IR
Support for third-party and custom threat intelligence
Explainable and transparent results with evidence
Integrated guided threat hunting

Stamus Network Detection (ND)

Stamus ND is a Suricata-based intrusion detection (IDS) and network security monitoring (NSM) system, that delivers:

Correlated IDS (signature-based) and NSM (protocol transaction logs) data
Open interfaces for SIEM
Turn-key Splunk app
Support for third-party signatures and threat intel
Tagging & classification for automated triage and alert reduction
Integrated guided threat hunting

The network does not lie

In fact, the network holds the ground truth for an enterprise’s security posture. Even as more organizations shift to cloud-based resources, encrypted transmission, and remote workforces, nearly all cyber threats generate communications that can be observed on the network.

At Stamus Networks, we tap into the inherent power of network traffic to uncover critical threats to your organization. We offer the best possible asset-oriented visibility and automated detection to help practitioners cut through the clutter and focus on only those serious and imminent threats.

Dramatic resource savings

Even the most advanced intrusion detection systems (IDS) and network security monitoring (NSM) solutions generate a substantial number of events, or indicators of compromise (IoC), every single day.

Security teams who manage these systems either spend countless hours investigating each of the IoCs or feed them into a security event and incident management (SIEM) system for further analysis. This latter scenario often results in "store and ignore" behavior.

Yes, the data are available for incident investigation, but in this model the detection of the actual threat is lost in the stored and ignored data.

Stamus Network Detection (ND) Stamus ND automates the event triage process with a powerful tagging and classification system, dramatically reducing alert noise and improving operational efficiencies. And because your analysts need both network protocol transaction data and IDS alerts, Stamus ND integrates both NSM and IDS functionality into a single system. This provides both higher performance and a system that is much easier to maintain.

Learn more about Stamus ND >>

And you can further reduce resource requirements with Stamus Network Detection and Response (NDR). Stamus NDR applies powerful analytics -- in the form of stateful logic and machine learning -- to the network metadata, for high-fidelity network threat detection that alerts you only when there is a serious and imminent danger. By responding only to these Declarations of Compromise™ (DoC), your team's resources can redeployed for more proactive activities such as threat hunting.

Learn more about Stamus NDR >>

Why Stamus NDR

Broad-Spectrum Automated Detection

Automated broad-spectrum detection (machine learning + rules + threat intelligence + stateful logic). Logs everything, alerts only on serious and imminent threats.

Open Interfaces & Explainable Results

Open interfaces for SOAR, SIEM, XDR & third-party threat intel. Transparent and explainable results backed by extensive evidence.

Asset-Oriented Attack Insights

High-fidelity insights into attacks on your hosts and user accounts correlated and tracked by stages on the kill chain.

Built-in Guided Threat Hunting

Guided threat hunting interface with advanced pivoting on enriched data, event tagging and knowledge transfer workflow

It Just Works

Easy to install, integrate, configure, and operate. It just works - all the time.

Built by open source security technology experts

Stamus Networks' product development is led by Éric Leblond and Peter Manev. Both Éric and Peter are members of the Open Information Security Foundation executive team and developers on the Suricata project, the widely-deployed open source intrusion detection and network security monitoring engine. The OISF is a non-profit organization created to build community and to support open source security technologies like Suricata. Under the leadership of Éric and Peter, Stamus Networks applies its extensive Suricata and network expertise to develop our advanced network security solutions.

Why Stamus Networks

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful.

Unlike other network security companies, Stamus Networks delivers truly useful detection at enterprise scale by applying the right technologies to the right problems, while avoiding the hype, fear and exaggeration that is often employed by security vendors. We are guided by these and a few other core principles which we believe positively impact our customers’ experience with us.

See what a few of our customers are saying about Stamus Networks

We selected the Stamus Networks solution based on our success at my previous employer. We found it to be an indispensable platform for understanding our security posture.

Head of Sector at a multi-national government institution

We use the [Stamus ND] to monitor a multitude of custom applications to ensure they are operating securely.

Cyber Defense Engineering Manager at a major travel technology vendor

[Stamus ND] allowed us to reduce costs by simplifying IDS systems configuration and updates management, and by getting a single pane of glass on all IDS events with preconfigured dashboards and filters.

Lead of Information Security Team for a global software engineering firm

I have previously worked with six different IDS vendors, and only Stamus provides us with both the signature and anomaly-based data we need which previously required two separate traffic analyzers.

Lead Security Analyst at large software tools vendor

Using the threat hunting capabilities of the [Stamus ND] we have been able to uncover multiple instances of C2 communications and malware running within our infrastructure.

Head of Cyber Security and Governance at an international European Bank

The ability of [Stamus ND] to suppress the typically verbose stream of alerts enables us to quickly identify malicious activity from the tremendous noise associated with things like proxies on the network. By selecting the ‘relevant’ alerts, we are able to transition from millions of daily alerts to the 10 or 15 we actually need to review.

CTO at Bulgarian MSSP

After we started using [Stamus NDR], we were able to drop our MSSP and reduce our costs while strengthening our cyber security posture.

Director of Infrastructure Technology at U.S. public school system

Stamus Networks has provided us with the most effective solution within our security stack. Their dedication to supporting us has been unmatched by any other vendor. We are excited to continue expanding our deployment of the [Stamus NDR].

Head of Cyber Security and Governance at an international European Bank

We are excited to install the [Stamus ND] at a major manufacturing client because the context provided by the solution allows us to identify actual threats in less time than other tools we have used.

Sales Engineer at French MSSP

The detailed network definitions used in the [Stamus ND] allows us to efficiently and intuitively hunt for improper encryption certificates and proxy services. It's incredibly useful.

Head of Cyber Security and Governance at an international European Bank

We managed to increase visibility of suspicious and malicious network activity which highly simplified incident investigation. But I think the biggest advantage we received is the support from Stamus Networks team which always was quick, constructive and useful.

Lead of Information Security Team for a global software engineering firm

Know more. Respond sooner. Mitigate risk.

Network threat detection and response

Stamus Network Detection and Response (NDR)

Stamus NDR is a broad-spectrum, open network detection and response (NDR) system that delivers:

Stamus Network Detection (ND)

Stamus ND is a Suricata-based intrusion detection (IDS) and network security monitoring (NSM) system, that delivers:

The network does not lie

In fact, the network holds the ground truth for an enterprise’s security posture. Even as more organizations shift to cloud-based resources, encrypted transmission, and remote workforces, nearly all cyber threats generate communications that can be observed on the network.

At Stamus Networks, we tap into the inherent power of network traffic to uncover critical threats to your organization. We offer the best possible asset-oriented visibility and automated detection to help practitioners cut through the clutter and focus on only those serious and imminent threats.

Dramatic resource savings

Why Stamus NDR

Broad-Spectrum Automated Detection

Open Interfaces & Explainable Results

Asset-Oriented Attack Insights

Built-in Guided Threat Hunting

It Just Works

Built by open source security technology experts

Why Stamus Networks

See what a few of our customers are saying about Stamus Networks

We selected the Stamus Networks solution based on our success at my previous employer. We found it to be an indispensable platform for understanding our security posture.

We use the [Stamus ND] to monitor a multitude of custom applications to ensure they are operating securely.

[Stamus ND] allowed us to reduce costs by simplifying IDS systems configuration and updates management, and by getting a single pane of glass on all IDS events with preconfigured dashboards and filters.

I have previously worked with six different IDS vendors, and only Stamus provides us with both the signature and anomaly-based data we need which previously required two separate traffic analyzers.

Using the threat hunting capabilities of the [Stamus ND] we have been able to uncover multiple instances of C2 communications and malware running within our infrastructure.

After we started using [Stamus NDR], we were able to drop our MSSP and reduce our costs while strengthening our cyber security posture.

Stamus Networks has provided us with the most effective solution within our security stack. Their dedication to supporting us has been unmatched by any other vendor. We are excited to continue expanding our deployment of the [Stamus NDR].

We are excited to install the [Stamus ND] at a major manufacturing client because the context provided by the solution allows us to identify actual threats in less time than other tools we have used.

The detailed network definitions used in the [Stamus ND] allows us to efficiently and intuitively hunt for improper encryption certificates and proxy services. It's incredibly useful.

We managed to increase visibility of suspicious and malicious network activity which highly simplified incident investigation. But I think the biggest advantage we received is the support from Stamus Networks team which always was quick, constructive and useful.

Recent Blog Articles

Introducing Suricata Language Server: Real-time Rule Syntax Checking and Auto-completion

Feature Spotlight: Pivot from IDS Alert Metadata to Signature Details

Suricata to the Log4j Rescue