We are pleased to share the news that Stamus has released Clear NDR® Enterprise (formerly known as Stamus Security Platform) Update 42.0 (U42). This major release introduces groundbreaking AI integration capabilities, advanced behavioral analytics, and significant performance enhancements designed to help our customers deploy Clear NDR as an essential foundation for AI-powered security operations.
In today's press release, we issued today my colleague Éric Leblond shared his excitement as follows:
U42 represents a pivotal moment in network-based threat detection and response. We're not just adding features – we're fundamentally changing how security teams work with AI and network intelligence.
By providing native AI connectivity through Model Context Protocol and delivering high-fidelity threat context to SIEM platforms, Clear NDR becomes the intelligence layer that makes AI security investments truly effective.
Combined with our performance improvements, organizations can now detect sophisticated threats faster while dramatically reducing the noise that has plagued security operations.
The release introduces seven major capabilities that transform how organizations leverage network intelligence for threat detection and response.
AI Integration with Model Context Protocol (MCP)
With this release, Clear NDR becomes one of the few NDR systems that can interface with third party AI applications natively. These include open source AI agents as well as the most advanced commercial solutions like Chat GPT, Claude, Gemini, Grok, Mistral, and MS Copilot. Using the built-in MCP endpoints in Clear NDR, security practitioners can extract network intelligence to empower agentic AI and large language models, providing automation, enhanced threat analysis, natural language threat hunting, and AI-powered investigation assistance to dramatically accelerate incident investigation and response.
Check out this video we created that explains MCP and demonstrates key use cases for the Clear NDR implementation.
Host Anomaly Detection via Alert Outlier Identification
This form of user entity behavior analysis (UEBA), uses behavioral analytics to identify anomalous activity patterns for specific hosts, finding needle-in-haystack threats that traditional volume-based detection misses. This capability was initially developed for and battle-tested in the world's largest live fire cybersecurity exercises – NATO’s Crossed Swords and Locked Shields.
Here’s a video we created that demonstrates the value of this new capability:
Seamless IOC Threat Intelligence Feed Ingestion
Clear NDR now imports threat intelligence indicators without requiring manual Suricata rule creation, reducing deployment time of threat feeds from hours to minutes.
Here’s a video we created that demonstrates the value of this new capability:
Composite SMB Session Insights
Clear NDR now tracks Server Message Block (SMB) sessions through composite SMB events that consolidate multiple protocol metadata into single events, accelerating SMB session analysis and enabling advanced ML algorithms for file sharing security while dramatically reducing data storage requirements and log volume.
Here’s a video we created that demonstrates the value of this new capability:
Multi-stage Response Workflows and Authentication
The previous integration mechanism for automating DoC and DoPV responses in Clear NDR had two limitations: 1) Authentication issues with non-token-based systems and 2) the inability to interact with systems where multiple requests are necessary. Clear NDR now supports advanced response workflows with multiple authentication mechanisms, enabling complex automation API workflows and state machine capabilities for sophisticated response orchestration.
Here’s a video we created that demonstrates the value of this new capability:
Low-noise DoC and DoPV Incident Logs Properly Conveyed to SIEM
Prior to U42, the benefit of the vast reduction in alert fatigue provided by Declaration of Compromise (DoC) and Declaration of Policy Violation (DoPV) incidents was not available to users of SIEM and XDR systems through log ingestion.
For example, instead of sending the single DoC incident event associated with a host, Clear NDR shipped potentially hundreds of events associated with a single DoC without the context required to discern the single DoC incident.
With U42, Clear NDR now delivers additional metadata that enables the SIEM or XDR system to properly identify DoCs and DoPVs.
High-Performance Post-processing
With U42, the original post processing stack used by Clear NDR (and its predecessor, Stamus Security Platform) has been replaced by a significantly higher performance design. This allows the system to support far more events per second at a lower CPU cost and lays the foundation for Clear NDR Probes that can monitor network segments with traffic exceeding 200 Gbps.
We believe this places Clear NDR among the very highest performance NDR solutions on the planet.
Summary
Clear NDR is evolving to be not just a network detection and response solution – it is a foundational platform for building resilient, AI-enhanced security operations that can adapt to tomorrow's threats while efficiently managing today's security challenges.
If you’d like to meet with one of our engineers (or me) for a live demonstration of this hot new version of Clear NDR, please let us know here >>
