<img src="https://ws.zoominfo.com/pixel/csEHmvjEA1iScHExXGZE" width="1" height="1" style="display: none;">

Clear NDR Enterprise Licensing and Pricing

Clear NDR® is designed for organizations that require scalable, explainable network detection and response with flexible deployment and predictable commercial scaling.

Licensing is based on monitored network links and throughput capacity — not endpoint counts, users, or IP addresses — enabling organizations to extend visibility across enterprise, cloud, operational technology, and critical infrastructure environments without complex consumption-based pricing models.

Clear NDR delivers transparent detections, forensic-quality evidence, and investigation-ready network intelligence to help security teams accelerate threat detection, validation, and response.

 

The platform supports a wide range of deployment models, including:

  • On-premises deployments
  • Sovereign cloud environments
  • Hybrid architectures
  • Fully air-gapped networks


From enterprise IT environments to regulated industries and critical infrastructure operators, Clear NDR Enterprise provides flexible network visibility and detection capabilities aligned to operational, security, and compliance requirements.


Provide a high-level overview of your environment, network throughput, and monitoring objectives, and our team will prepare a tailored proposal aligned to your operational and security goals.

Request a Tailored Clear NDR Enterprise Proposal

Complete this online quote generator form to receive a customized quote for your implementation of Clear NDR.

If you need help determining how many probes you’ll need, please refer to the section below on “Determining Probe Requirements

How Licensing for Clear NDR works

Clear NDR licensing is based on the number and performance capacity of deployed network probes. Licensing is determined by the monitored link speed associated with each probe deployment.

 

Clear NDR probes connect to a network TAP, packet broker, or SPAN/mirror port and passively monitor network traffic without interfering with network operations or production traffic flow.

 

License tiers are aligned to monitored throughput capacity, including:

  • 1 Gbps
  • 10 Gbps
  • 40 Gbps
  • 100 Gbps monitoring options available for high-capacity environments

 

Each deployment includes Clear NDR Central Server, which provides centralized management, analytics, investigation workflows, and visibility across all deployed probes.

 

Licensing also includes:

  • Unlimited monitored hosts
  • Unlimited users
  • Unlimited API integrations
  • Daily threat intelligence updates
  • Enterprise customer support

 

This licensing model enables organizations to extend network visibility across enterprise IT, cloud, operational technology, and critical infrastructure environments without licensing based on endpoints, users, or IP addresses.

Determining Probe Requirements

Clear NDR probes can be deployed in various ways, each with its own set of pros and cons. Clear NDR Probes are virtual or physical sensors that are deployed at strategic points in the network, such as the perimeter, data center, or cloud environments. This provides granular visibility and scalability, but requires careful planning to ensure adequate coverage.

Probes should be deployed where they can monitor critical traffic flows. Examples include:

 

  • On-prem at the Internet Edge/Perimeter - This is your first line of defense. Probes here monitor all incoming and outgoing traffic, detecting external threats like DDoS attacks, intrusion attempts, and malware downloads.These should be deployed just inside your firewalls.
  • DMZ (Demilitarized Zone) - Your DMZ (on-prem or in the cloud) hosts externally facing servers. Probes here focus on detecting attacks targeting these vulnerable systems, like web servers, email servers, and DNS servers.
  • Data Center Core - This is the heart of your network. Probes here monitor east-west traffic, detecting internal threats like lateral movement, data exfiltration, and insider threats.
  • Critical Asset Segments - Place probes in front of high-value assets like databases, point of sale terminals, regulated devices, file servers, and sensitive data repositories.
  • Cloud Environments - Monitor traffic within and between cloud environments (e.g., AWS, Azure, GCP) to detect cloud-specific threats and misconfigurations. 
  • Remote Sites/Branch Offices - Extend visibility to remote locations to detect threats targeting these often less-secure environments.

 

By carefully considering these factors, you can ensure that your NDR probes are strategically positioned to provide comprehensive visibility and effective threat detection across your entire network.  

 

Ultimately, the best placement options depend on the specific needs and architecture of the network being monitored. Factors to consider include network topology, traffic volume, security requirements, and budget. 

 

Using the form above, please share the details of your probe requirements so we can provide your custom quote.

ABOUT STAMUS® NETWORKS

Stamus Networks is the network intelligence foundation for AI-powered security operations and the creator of the Clear NDR® system. Built on Suricata, the world's leading open-source network security engine, Clear NDR transforms raw network traffic into actionable security insights with unmatched transparency, customization, and effectiveness. Designed to close visibility gaps and reduce alert fatigue, Clear NDR is trusted by leading financial institutions, government agencies, and has been battle-tested over ten years in NATO's largest cybersecurity exercises. Stamus Networks empowers security teams with greater control, fewer false positives, faster response times, and a more responsive, open approach than legacy vendors.

Paris, FranceIndianapolis, USA

Privacy

© 2014-2026 Stamus Networks, Inc. All rights Reserved.