Stamus-Networks-Blog

Much more than just another NDR Vendor

Written by Ken Gramley | Jul 1, 2021 11:48:32 AM

In cybersecurity as soon as you stand still, you’re falling behind. Change, whether it’s in the threat landscape or in the development of new solutions, comes quickly in this business. Product and service providers that do not keep pace will likely not be viable for long.

That’s why it is so surprising that most traditional network intrusion detection system (IDS) vendors stopped innovating long ago. They seem to have largely conceded the future of network security to the new crop of network detection and response (NDR) vendors who begin their pitch with their shiny technology rather than how they can help defenders do their job better.

Don’t get me wrong. At Stamus Networks we are constantly working to evolve our business and deliver the latest innovations for our customers. But we believe there is more to network security than sexy, hyped up technologies. Our customers tend to be those organizations with a healthy skepticism for the hype and hyperbole. We share many of these same values as these organizations.

So, we feel the need to clarify our message to the world in these times of unprecedented cyber security challenges.

As such, I will be writing a series of articles in the coming weeks that highlight our perspective on the industry, and the network security landscape, in particular.

A few changes

You may have noticed that we recently adjusted the names and packaging of our products. We did this in direct response to how our customers and partners view us and the ways in which we bring value to their organizations. You can read a little more about these changes in the first part of a recent blog article by Phil Owens here >>. That blog post also details some of the exciting new capabilities we offered in our latest software release.

You may have also noticed that our website has changed a little. We have begun the process of clarifying our system’s value and building out more educational content. If you haven’t done so recently, I encourage you to take a quick tour.

From Suricata IDS + NSM to NDR

Historically, our company has been known as experts in open source Suricata network security solutions. That’s not a bad thing to be known for. Security professionals are just now beginning to understand that we have built a powerful set of network security capabilities on top of that Suricata foundation that organizations can grow into as they are building their defensive strategies. These include an advanced intrusion detection system (IDS) with network security monitoring (NSM) and guided threat hunting, and—more recently—full-blown network detection and response (NDR) system.

Typically, organizations come to us because they need a better IDS, and they consider us experts in the industry. The solution we provide is unlike anything they have ever seen before.

In our network probes, we combine complete NSM functionality, with intrusion detection and additional data enrichment into a high-performance network detection solution. With our system, there is no need to run multiple engines with external correlation. That’s because the Stamus Network Probes capture all the protocol transaction metadata for every session. This metadata is automatically correlated with the IDS events, but it’s actually captured regardless of whether there is an IDS event or not.

If that isn’t enough, in our central management system — Stamus Security Platform — we also include a guided threat hunting interface to allow security analysts to proactively hunt using the data our systems collect. We call it Stamus ND.

Interestingly, when our prospective customers have a chance to test out the high-fidelity detection layer and asset-oriented insights that we built into our flagship Stamus NDR platform, Stamus Security Platform (SSP), they understand they can build automated responses around the reliable Declarations of Compromise™ it generates.

While they do not come to us looking for a “network detection and response solution”, they become interested in our Stamus NDR platform because they realize it’s ultimately what they will need. And finally, they see that our product roadmap — the manifestation of our long term vision — will bring a steady stream of enhancements to the system as their needs grow.

That’s what happened recently with one of our largest customers, a very large central bank. This network security team had been looking for a new IDS for two years and had not found anything that would meet their requirements. That is, until they saw our solution. Initially they insisted that all they needed was a “better IDS.”

By the time they were finished evaluating our IDS/NSM solution (Stamus ND) and then exploring the capabilities of Stamus NDR, they realized they would benefit from the more complete solution. So, ultimately they decided to go with Stamus NDR, and are now deploying it throughout their network.

In my next post (read it here >>), I will explain our results-focused approach to integrating new detection technologies into Stamus NDR.