As we celebrate the beginning of another new year, we’d like to take a glimpse back at the news, releases, and threat hunting materials that we shared on our blog in 2022. From product updates and open-source resources to threat intelligence and educational pieces, the Stamus Networks Blog brought a wealth of information to its readers over the past year. We post blogs on a regular basis to provide enrichment to our existing customers, share industry experiences, and to educate potential customers about what we do here at Stamus Networks. Today, we want to share the top 10 most read blogs – starting from #10 and working our way to the most popular blog post – from 2022. We’re also including links to each blog in case you missed them as well as to some additional related reading material that you may find interesting.
Starting the countdown with number 10, “Introduction to Guided Threat Hunting” is the first entry in an ongoing series that provides an in-depth look at Stamus Security Platform’s Enriched Hunting Interface. Each week, we walk readers through the hunting process using one of the interface’s 100+ integrated guided threat hunting filters. Check this series out to learn more about threat hunting using SSP or to see step-by-step instructions of how different filters can be used.
If you like this, you should check out: Proactive Threat Hunting Video Demo - This video explains how an experienced analyst can conduct hunts using the Enriched Hunting Interface available in the Stamus Security Platform to identify a threat, review the alert, and create a custom Declaration of Compromise™.
At number 9 on the list, we have an entry from the “Uncovered: Real Stories from the Field” series. In this blog, readers can learn about an instance of Raiz0WorM discovered by Stamus Networks co-founder and CSO Peter Manev using Stamus Security Platform’s Enriched Hunting Interface. Using a guided threat hunting filter, Peter was able to identify and classify the Raiz0WorM threat and then automate and escalate notifications for response.
If you like this, you should check out: “Uncovered with Stamus Security Platform: Spyware Missed by EDR” - If you are a fan of reading about real-world hunts, then this other entry from the “Uncovered” series might interest you. In this blog, Peter locates an instance of spyware installed on a customer’s laptop that was missed by their EDR solution.
It is no surprise to see this blog landed at number 8 in our top 10 blogs of 2022 list. One of our goals in 2022 was to communicate our core principles. One of the most important principles is our goal to show respect and integrity in everything we do. This is the principle that all our other principles are founded on, and it is one of the primary reasons we decided to develop and codify our values in the first place.
If you like this, you should check out: “Why we developed our Core Principles” - If you want to learn more about what makes us who we are, then we recommend reading the introduction to our core principles series. In this series, Stamus Networks CEO walks through each core principle and describes what each means to us, why we chose them, and how we try to act on them every day. It is an excellent overview if you want to learn more about the “why” behind Stamus Networks rather than the “how.”
Coming in at number 7, we have a blog detailing the dangers of crypto mining and showcasing how Stamus Security Platform can be used to combat it. Threat actors can use malware to hijack your CPU and use your processing power to mine cryptocurrency, crippling your productivity and providing an entry point for other malicious activity. Stamus Security Platform has multiple ways to help you identify this kind of activity and put a stop to it.
If you like this, you should check out: “Threats! What Threats?” - The introductory blog to a multi-part series on the various types of threats covered by Stamus Security Platform (SSP). Read this series to learn more about the types of threats your organization might face and how SSP could help you detect and defend against them.
2022 brought a big update to the Stamus Security Platform, and this blog — number 6 on the top 10 blogs of 2022 list — gives readers a brief tour of what was added since U37. With the inclusion of a new interface, TLS beacon detection, the “Sightings” feature, file extraction, ruleset versioning, an enhanced Declaration of Compromise™ timeline, and asset roles, U38 was a step towards the future of Stamus Security Platform.
If you like this, you should check out: Subscribe to the Stamus Networks Blog and the monthly “Stamus Spotlight” newsletter to keep up to date with new developments regarding upcoming releases.
This blog, ranking number 5 on our list, discusses Stamus Security Platform’s (SSP) unique approach to modeling the progression of attacks in the cyber kill chain to clarify the severity of a given threat. Using Declarations of Compromise™ (DoCs), SSP adopts a threat-based and asset-based model to alert users to high-fidelity threat event notifications that trigger a response. This reduces the noise of alerts and allows users to focus primarily on the real events that pose a significant risk to their organization.
If you like this, you should check out: The Stamus Security Platform Datasheet - Learn more about Stamus Security Platform, its various benefits, and how Declarations of Compromise™ can give your organization high-confidence notifications to trigger an immediate response.
The number 4 blog on our top 10 of 2022 list introduces a new Suricata ruleset for detecting lateral movement in Microsoft Windows environments. The ruleset was developed in response to instances we have seen in the field at various trainings, workshops, conferences, and live-fire exercises we have attended in recent years. Released in November of 2022, this free and open ruleset includes nearly 500 Suricata detection signatures highlighting SMB/DCERPC-related network activities. Read the blog to learn more about its development and application.
If you like this, you should check out: “Threats! What Threats? Detecting Lateral Movement with Stamus Security Platform” - This blog describes what lateral movement is, why it can be dangerous to an organization, and how Stamus Security Platform (SSP) can detect it more effectively than other one-dimensional solutions like intrusion detection (IDS) and network security monitoring (NSM) systems or other network detection and response (NDR) platforms. While the new lateral movement ruleset is incredibly helpful for detecting lateral movement in Microsoft Windows environments, SSP employs even more detection methods to provide an even deeper level of visibility into network activity.
Ranking at number 3 on our list, this post introduces readers to new use cases for GopherCap - Stamus Networks’ open-source tool for PCAP manipulation written in Go. GopherCap leverages Google’s GoPacket library for advanced packet replay. In 2022, Stamus Networks introduced updates to GopherCap that allowed users to conduct advanced packet filtering. Using the new method of packet filtering, users can build a dataset for SMB lateral detection research, cutting several multi-terabyte datasets into more manageable SMB datasets that can be parsed by Suricata in a matter of seconds.
If you like this, you should check out: “Our Core Principles: Embrace Open Interfaces and Open-Source” - This is part of our Core Principles series, where we dive into the principles that Stamus Networks was built upon and explain why we were founded and how we strive to operate every day. Open-source development, such as the creation of GopherCap, is a big part of who we are. Read this article to learn why we have such a deep respect for open interfaces and open-source development.
Early last year, Stamus Networks released the Suricata Language Server, an open-source implementation of the embedded Suricata Language Server Protocol for Suricata signatures. This blog, which was our second most read blog of 2022, highlights the Suricata Language Server which adds syntax checking when implementing newly written rules, as well as hints and auto-completion to your preferred editor.
If you like this, you should check out: “The Security Analyst’s Guide to Suricata” - The first practical guide to threat detection and hunting using Suricata. This “living” book, written by leading subject-matter experts, provides guidance on optimizing Suricata, and enables other Suricata users to submit contributions for review in open-source style just as they would for Suricata itself.
#1 - SELKS 7 Series
These three blogs combined, “SELKS 7: An Introduction,” “SELKS 7: Updated Capabilities,” and “SELKS 7: Deployment and Application” was the most read series published on the Stamus Networks blog in 2022. SELKS is a turn-key Suricata-based IDS/NSM and threat hunting system developed by and available for free from Stamus Networks. Combining Suricata, the ELK stack from Elastic, Stamus Community Edition, Arkime, Evebox, and CyberChef, SELKS is a capable, production-grade intrusion detection (IDS) and network security monitoring (NSM) solution for small-to-medium businesses or network security hobbyists.
If you like this, you should check out: “Inside SELKS: What’s Under the Hood” - An overview of the individual components that make up the SELKS solution. Learn what each letter in the acronym stands for (as well as three additional tools), why they were selected to be included, and how it all works together to provide a suitable IDS and NSM solution.
We hope you enjoyed this look back at our most popular blog posts and we look forward to providing you with more information geared towards helping you improve your network security in 2023. We have some great things planned this year, so make sure to subscribe to the Stamus Networks Blog and the monthly Stamus Spotlight Newsletter to stay informed!