What is Stamus NDR

Stamus NDR is a broad-spectrum and open network detection and response (NDR) system that delivers:

  • Response-ready and high-fidelity threat detection from machine learning, behavioral anomalies, stateful logic, and signatures

  • Open interfaces for simple integration with SOAR, SIEM, XDR, EDR, IR

  • Support for third-party and custom threat intelligence

  • Explainable and transparent results with evidence

  • Integrated guided threat hunting

Request a Demo

How Stamus NDR improves your security

Security teams use Stamus Network Detection and Response for automated detection, proactive threat hunting, incident investigation and IT policy enforcement. Ultimately, the system helps security (SecOps) and network (NetOps) operations teams:

  • Reduce your organization’s risk - uncover known and unknown threats to critical assets from your cloud and on-premise networks. 

  • Eliminate network blindspots - monitor north-south as well as east-west traffic with Stamus Network Probes at all critical points in your cloud and on-premise networks.

  • Eradicate alert fatigue - the system notifies incident response systems and personnel only when urgent and imminent threats are identified.

  • Reduce the workload of your SOC analysts - focus your valuable staff on proactive security measures, rather than pouring through 1000s of alerts. 

  • Dramatically accelerate incident response - quickly investigate potential issues with transparent, explainable results, backed up with extensive evidence.

  • See results immediately - Stamus NDR is easy to install, configure and integrate with other elements of your security tech stack.

  • Extend your capabilities - leverage third-party threat intelligence and rulesets; and easily transform a threat hunt into custom detection logic.

  • Uncover hidden threats -because even the most advanced system cannot automatically detect everything, Stamus NDR comes with integrated guided threat hunting that simplifies proactive defense for less-experienced analysts.


How it works

Stamus NDR consists of two components: Stamus Network Probes and Stamus Security Platform. Each play a critical role in scaling the system.

Stamus NDR Architecture

Stamus Network Probes

The probes may be deployed in the cloud, on premise or a combination of the two. Typically, multiple probes are connected to a network tap, packet broker, or span/mirror port in locations giving the system visibility into both north-south and east-west network traffic. 

The function of the Stamus Network Probe is to inspect and analyze all traffic flows to perform real-time threat detection, enrich the resulting events with extensive metadata, and capture network protocol transactions. The probe delivers all this data to the Stamus Security Platform for additional analytics, processing and another layer of threat detection.

The probe is based on the Suricata engine which provides both network security monitoring (NSM) protocol transaction logs and intrusion detection (IDS) alerts. 

The probes are available as turnkey physical appliances (from Stamus Networks) or may be installed as a software image* on:

  • Bare metal hardware

  • Virtual machine

  • Public or private cloud


* Stamus Networks appliances are required to monitor data rates above 10 Gbps

Stamus Security Platform (SSP)

Stamus Security Platform provides the centralized management of the probes along with a number of other critical functions, including

  • Consolidated event storage and central integration point for the rest of your security tech stack, such as SIEM, SOAR, Open XDR, IR or messaging systems

  • An additional layer of machine learning and algorithmic threat detection that identifies high-confidence threats to your critical assets, maps the advancement of those threats along the stages of the cyber kill chain, and serves as a “smoke alarm” to alert your personnel or systems when a serious and imminent threat is discovered

  • A guided threat hunting console for proactive threat hunting and incident investigation

  • Automated event triage - enabled by a tagging and classification workflow - to dramatically reduce the time spent by analysts reviewing security events

  • Extracting and organizing the data for hosts, assets and users to bring the security event data to life, making sense out of it in the context of your organization

  • Management of third party threat intelligence and rulesets as well as support for custom threat detection that leverages the experience and organization-specific knowledge of your team


Like the probe software, SSP may be installed on turnkey physical appliances (available from Stamus Networks) or as a software image that you deploy either on bare metal hardware, a virtual machine, or a virtual machine in the cloud.

Stamus NDR in the cloud or on-premise – or both

The modern enterprise IT architecture includes resources in your facilities as well as in public and private cloud environments.

Stamus NDR Deployment Diagram


Your network "perimeter" has expanded dramatically and so has your attack surface. In order to eliminate blind spots, it is crucial to monitor the network for east-west and north-south traffic at all these sites. Stamus NDR is designed to do just that.

Request a Demo

Simple upgrade from Stamus ND

We recognize that not every organization needs the full capability offered by Stamus NDR. If you are looking for a replacement for your current network intrusion detection system (IDS) or are hoping to migrate your Suricata implementation to a turnkey solution, Stamus ND may be a better fit for your organization.  


And we’ve got great news for you. When you are ready, you can transition to Stamus NDR with a simple license upgrade.


Learn more about Stamus ND >>

Stamus NDR benefits Enterprises

Stamus Network Detection and Response is an NDR for enterprises and managed service providers who need response-ready and high-fidelity network threat detection to trigger a response through their SOAR, IR or XDR system.

Stamus Benefits the Enterprise

Enterprises reduce risk by uncovering known and unknown threats to critical assets from their cloud and on-premise networks using broad-spectrum threat detection that includes machine learning, signatures, custom logic and guided threat hunting. Security teams avoid alert fatigue because the system notifies incident response systems and personnel only when urgent and imminent threats are identified.


Unlike technology-first NDR solutions, Stamus Network Detection and Response provides open interfaces for event data output as well as for easily integrating third-party and custom threat intelligence and rulesets. By providing transparent, explainable results, backed up with extensive evidence, security teams can dramatically accelerate incident response. And finally, the integrated guided threat hunting interface helps security teams proactively uncover hidden threats.


Stamus NDR Benefits Small Organizations

Stamus Network Detection and Response is a turnkey network threat detection and response system for organizations with small IT staff who need to meet compliance objectives, whose environment does not lend itself to endpoint detection solutions, and who want an easy-to-deploy system that operates like a smoke alarm, alerting them only when they are faced with serious and imminent threats.

Stamus Benefits the SMB

Small organizations can identify risk with truly useful threat detection using a combination of state-of-the art machine learning and traditional signatures to uncover urgent and imminent threats to critical assets from the cloud and on-premise networks. 


Your IT staff will not waste time responding to false positives because the system notifies incident response systems and personnel only when urgent and imminent threats are identified.


Unlike typical NDR systems, Stamus NDR is easy-to-deploy, provides notification only when urgent and imminent threats are detected, and delivers easy to understand results with detailed supporting evidence. 


And as your organization’s security team expands, the system can help your staff proactively uncover hidden threats with an integrated guided threat hunting interface and customizable detection logic.

Schedule a Demo of Stamus NDR

Request a Demo