What is Stamus ND

Stamus ND is a Suricata-based intrusion detection (IDS) and network security monitoring (NSM) system that delivers:

  • Correlated IDS (signature-based) and NSM (protocol transaction logs) data

  • Open interfaces for SIEM

  • Native Splunk app

  • Open third-party signatures and threat intel

  • Tagging & classification for automated alert triage

  • Integrated guided threat hunting

Stamus-Hunting-SS
Request a Demo

How Stamus ND improves your security

Security teams use Stamus Network Detection for automated intrusion detection and network security monitoring, proactive threat hunting, incident investigation and IT policy enforcement. Ultimately, the system helps security (SecOps) and network (NetOps) operations teams:

  • Reduce your organization’s risk - uncover known and unknown threats to critical assets from your cloud and on-premise networks.

  • Eliminate network blindspots - monitor north-south as well as east-west traffic with Stamus Network Probes at all critical points in your cloud and on-premise networks.

  • Reduce the workload of your SOC analysts -focus your valuable staff on proactive security measures, rather than pouring through 1000s of alerts.

  • Dramatically accelerate incident response - quickly investigate potential issues with transparent, explainable results, backed up with extensive evidence

  • See results immediately - Stamus ND is easy to install, configure and integrate with other elements of your security tech stack.

  • Extend your capabilities - leverage third-party threat intelligence and rulesets and easily transform a threat hunt into custom filters to accelerate future hunting sessions.

  • Uncover hidden threats - because even the most advanced system cannot automatically detect everything, Stamus ND includes integrated guided threat hunting that simplifies proactive defense for less-experienced analysts.

  • Level up to network detection and response - deploy an IDS/NSM replacement today and seamlessly upgrade to an advanced network detection and response (NDR) solution when you are ready.

How it works

Stamus ND consists of two components: Stamus Network Probes and Stamus Security Platform. Each play a critical role in scaling the system.

Stamus ND Architecture

Stamus Network Probes

The probes may be deployed in the cloud, on premise or a combination of the two. Typically, multiple probes are connected to a network tap, packet broker, or span/mirror port in locations giving the system visibility into both north-south and east-west network traffic. 

The function of the Stamus Network Probe is to inspect and analyze all traffic flows to perform real-time threat detection, enrich the resulting events with extensive metadata, and capture network protocol transactions. The probe delivers all this data to the Stamus Security Platform for additional analytics and processing.

The probe is based on the Suricata engine which provides both network security monitoring (NSM) protocol transaction logs and intrusion detection (IDS) alerts. 

The probes are available as turnkey physical appliances (available from Stamus Networks) or may be installed as a software image* that you deploy either on:

  • Bare metal hardware

  • Virtual machine

  • Public or private cloud

 

* Stamus Networks appliances are required to monitor data rates above 10 Gbps

Stamus Security Platform (SSP)

Stamus Security Platform provides the centralized management of the probes along with a number of other critical functions, including

  • Consolidated event storage and central integration point for the rest of your security tech stack, such as SIEM, data lake, or log management system.

  • A guided threat hunting console for proactive threat hunting and incident investigation

  • Automated event triage - enabled by a tagging and classification workflow - to dramatically reduce the time spent by analysts reviewing security events

  • Extracting and organizing the data for hosts, assets and users to bring the security event data to life, making sense out of it in the context of your organization

  • Management of third party threat intelligence and rulesets as well as support for custom threat detection that leverages the experience and organization-specific knowledge of your team

 

Like the probe software, SSP may be installed on turnkey physical appliances (available from Stamus Networks) or as a software image that you deploy either on bare metal hardware, a virtual machine, or a virtual machine in the cloud.

Stamus ND in the cloud or on-premise – or both

The modern enterprise IT architecture includes resources in your facilities as well as in public and private cloud environments.

StamusND_Deployment_Diagram-1

 

Your network "perimeter" expanded dramatically and so has your attack surface. In order to eliminate blind spots, it is crucial to monitor the network for east-west and north-south traffic at all these sites. Stamus ND is designed to do just that.

Request a Demo

Simple upgrade to Stamus NDR

We recognize that not every organization needs the full capability offered by Stamus NDR. If you are looking for a replacement for your current network intrusion detection system (IDS) or are hoping to migrate your Suricata implementation to a turnkey solution, Stamus ND may be a better fit for your organization.  

Software-Upgrade-gray

And we’ve got great news for you. When you are ready, you can transition to Stamus NDR with a simple license upgrade.

 

Learn more about Stamus NDR >>

Stamus ND replaces your current IDS

Stamus Network Detection (ND) is a Suricata-based intrusion detection (IDS) and network security monitoring (NSM) system for enterprises and managed service providers who need a near-term replacement for their IDS that offers improved security and greater operational efficiencies but are not yet ready to adopt NDR.

 

Stamus ND users experience immediate value from massive improvements in visibility, situational awareness, and operational efficiency of their cloud and on-premise networks.

Stamus Benefits the IDS User

Enterprises reduce risk from full threat coverage at any speed and shortening incident response times by seeing a unified view of alerts and protocol transactions events (for triage & analysis). Stamus ND includes a powerful tagging and classification mechanism that dramatically reduces alert noise and improves operational efficiencies by automating the alert triage process. 

 

And by replacing separate IDS and NSM with a single turnkey system, Stamus ND can significantly reduce your administration costs.

 

Finally, Stamus ND provides a software-only upgrade to Stamus Network Detection and Response (NDR) when you are ready.

 

Stamus ND for enterprise Suricata deployments

Stamus Network Detection (ND) is a turnkey Suricata-based intrusion detection (IDS) and network security monitoring (NSM) system for enterprises and managed service providers who need a more efficient way to scale their Suricata deployment, but are not yet ready to adopt NDR.

Stamus Benefits the Suricata User 2

Suricata users who migrate to Stamus ND achieve enterprise-scale and extremely high-performance in demanding environments and they experience massive improvements in visibility, situational awareness, and operational efficiency, monitoring their cloud and on-premise networks. 

 

Unlike do-it-yourself open source solutions and other Suricata-based commercial systems, Stamus ND provides enterprise-class performance and reduces total cost of ownership with optimized network probes and a central management system.

 

Developed and maintained by the industry’s most experienced team of Suricata experts, the Stamus ND includes a powerful tagging and classification mechanism that dramatically reduces alert noise and improves operational efficiencies by automating the alert triage process.

 

And through the integrated guided threat hunting interface, users can proactively uncover hidden threats.

 

Finally, Stamus ND provides a software-only upgrade to Stamus Network Detection and Response (NDR) when you are ready.

Schedule a Demo of Stamus ND

Request a Demo

ABOUT STAMUS NETWORKS

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. A global provider of high-performance network-based threat detection and response systems, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2022 Stamus Networks, LLC. All rights Reserved.