Clear NDR® (formerly Stamus Security Platform) is an open and transparent Network Detection and Response (NDR) system that delivers:

Clear Visibility – monitor activities across your entire attack surface - so you won't miss threats that evade your other controls

Clear Detection – multi-layer, transparent detections you can understand - so you can accelerate your triage and response

Clear Evidence – detailed attack timeline and complete evidentiary artifacts - so you can quickly resolve the incident

Clear Response – ultra high fidelity threat declarations - so you have confidence you need to automate response

Clear NDR empowers defenders to transform their Security Operations Center (SOC) and even build a truly autonomous SOC. Imagine a SOC that practically runs itself – with AI-powered threat detection and automated response fueled by the richest network telemetry available. Clear NDR helps your team become more efficient than ever, allowing them to focus on strategic initiatives while proactively defending against threats.

With multi-layered transparent detection and response technologies – supported by extensive metadata and evidence, Clear NDR delivers detection you can trust with results you can explain.

Optimized to Address the Top Challenges of your SOC

Alert Fatigue / Overload

The Challenge: Security teams are presented too many alerts with too many false positives. Both legacy IDS and 1st generation AI anomaly detection contribute to this problem.

The Impact: Attacks take too long to detect or are missed entirely

Insufficient Attack Visibility

The Challenge: Limited threat detection and visibility of agent-less systems, cloud workflows, lateral movement, encrypted communications, and anomalous activity

The Impact: Critical attack signals are missed

Lack of Context and Evidence

The Challenge: Proprietary “black box” threat detection omits valuable event context and evidence, requiring additional resources to see the full story

The Impact: Delayed impact assessment and response

Increased Attack Velocity

The Challenge: Attackers are using AI and other exploit automation technologies to breach defenses, accelerate their attack timelines, and move more rapidly than ever.

The Impact: They inflict serious damage before you can stop them.

A Critical Component of the AI-Powered SOC Transformation

Clear NDR drives automation directly

Automate your threat response with high-fidelity declarations of compromise and policy violations based on multiple detection mechanisms — including artificial intelligence, machine learning, and advanced heuristics, as well as traditional signatures and loCs

Clear NDR feeds network data to AI-powered SIEM

Combine powerful and efficient network insights from Clear NDR with endpoint and other data into your AI-powered SIEM for a more complete picture of your enterprise and advanced AI-enabled threat detection and response

Clear NDR Monitors your Entire Attack Surface

Your network "perimeter" has expanded dramatically and so has your attack surface. In order to eliminate blind spots, it is crucial to monitor the network for east-west and north-south traffic at all these sites. Clear NDR - Enterprise is designed to do just that.

Clear NDR consists of two components: Clear NDR Probe(s)™ and Clear NDR Central Server™, both of which may be deployed in private cloud, public cloud, on-premise, or hybrid environments.

Clear NDR Probes

Clear NDR Probes inspect and analyze all network traffic using deep packet inspection (DPI) to perform real-time threat detection, enrich the resulting events with extensive metadata, and capture network protocol transactions, flow data, extracted files, and full packet capture (PCAPs).

The probe delivers all this data to the Clear NDR Central Server™ for additional analytics, processing, and another layer of threat detection.

Clear NDR Central Server

Clear NDR Central Server provides the centralized management of the probes, third party threat intelligence and rulesets, consolidated event storage and a central integration point.

It includes an additional layer of machine learning and algorithmic threat detection, along with automated event triage – enabled by tagging and classification. Finally, the Clear NDR Central Server provides a powerful threat hunting and incident investigation user interface.

Clear NDR has Uncovered Serious Threats at Some of the World's Most-Targeted Organizations

We've had the privilege of working closely with a diverse range of organizations around the world - some of the most targeted, in fact. These include central banks, insurance companies, government institutions, critical infrastructure, energy producers, compute hosting providers, government CERTs, and more.

During those deployments we have witnessed remarkable successes, many of which are captured in this eBook.

In each of these stories, Clear NDR (formerly Stamus Security Platform) played a pivotal role in safeguarding networks, mitigating attacks, and minimizing the impact of security incidents.

Why Clear NDR™ - Enterprise?

High-fidelity threat declarations

By using multiple detection technologies and guided threat hunting you'll uncover even the weakest attack signals and unauthorized activities while minimizing false positives and alert fatigue.

Optional air-gapped deployment

Optionally deploy our central analytics system (Clear NDR Central Server) on your premise or datacenter – even in a completely air-gapped environment for total data sovereignty.

Use our probes and/or your Suricata sensors

Supercharge your existing Suricata deployment? Start with your Suricata sensors, while you transition to the more advanced Clear NDR Probes

Transparent detections with detailed evidence

Understand exactly what triggered an event with a detailed attack timeline along with all the evidence needed to respond quickly and stop a breach before damage is done.

Open and extensible for your environment

Augment built-in detections with third party threat intel and signatures or develop your own custom detections (signatures or detection-as-code). Easily integrate into your security tech stack.

Built for enterprise-scale operations

Scales from a small stand-alone instance to multi-site, multi-100Gbps deployments integrated into your SOC/SIEM/SOAR while tracking activity of millions of hosts.

Simple and Straightforward Licensing

Software for your cloud, virtual machine, virtual appliance, or Stamus Networks Appliance

The annual software license is based on the line rate of the monitored probe connection. Licenses are available in increments of 1G, 10G, 40G, and 100G (coming soon).

Unlike other NDR vendors, who charge per device/IP address or per user, our flat-rate pricing is based on the number of links being monitored and speed of the links – with unlimited hosts, IPs, and users – giving you unparalleled visibility at a fraction of the cost.

Each License Includes:

Daily threat intelligence updates
Weekly summary of threat intel update reports
Technical support
Software updates, usually 4 each year including new features
Single License for probe and central server

CLEAR NDR Enterprise