Company Overview
Stamus Networks integrates competencies spanning network detection and response (NDR), network security monitoring (NSM), and intrusion detection systems (IDS) for comprehensive network threat detection and response. The company actively contributes to open source technologies—most notably, culminating in the development of SELKS, its IDS/NSM and threat hunting system that is based on Suricata, an open source network security engine that was developed by the Open Information Security Foundation (OISF). Suricata also provides the foundation for its commercial system, Stamus Security Platform (SSP).
As noted by Stamus executives including Ken Gramley, CEO, and Mark Durrett, CMO, this has been a draw with customers because, while many network traffic centers are already being monitored at a low level by the Suricata engine, it is far too easy for security analysts and IT operations teams to become inundated with alerts.
Stamus strives to declutter this noise by adding a layer of threat detection that mitigates false positives and elevates only “high-confidence, low-noise” alerts. These “declarations of compromise” are actionable and can be used to guide investigations and trigger automated responses. For transparency and assessment, analysts can see the detection logic, attack timeline, and metadata that determined why the item is a threat.
The Stamus solution is comprised of a series of network probes that capture network traffic data and then send it back to the Stamus Central Server to be processed and analyzed for malicious activity against a combination of threat detections mechanisms, including signature-based detection and machine learning algorithms. The probes and the Stamus Central Server can be deployed on-premises or on cloud-hosted infrastructure as a service. In addition to automated detection, response, and threat hunting, rich visualization and comprehensive reporting are supported.
When the declaration of compromise is identified, the asset under attack is tracked as it moves through the cybersecurity kill chain. Stamus integrates with existing tools including SIEM, EDR, XDR, and next-generation firewall platforms, allowing organizations to augment and upgrade their security posture without a wholesale rip-and-replace. This approach allows, for example, a message to be sent to a Slack channel, a block list of IP addresses to be created, or a device to be quarantined.
Analyst Take
With security and IT operations teams facing an ever-growing and noisy pile of indicators that something could be wrong, the ability to elevate the critical and imminent issues that need to be triaged and addressed immediately cannot be understated in its value. In a demonstration for The Futurum Group, for example, the Stamus platform was able to whittle 888 IDS alerts to seven declarations. At the same time, it positions customers to consolidate their IDS, NSM and NDR tools, which is also important given the vast number of security tools in use by the average enterprise.
Its architecture is scalable – with Stamus leadership noting having seen petabytes of data under surveillance in some customer accounts over the course of monitoring the network in one week. At the same time, it retains a central plane of control and visibility, as well as integration with key tools that already exist in customers’ security toolchains. The fact that it is deployed and managed by the customer provides control over data for security and compliance.
Looking ahead, Stamus has significant momentum that it can build upon in 2024, with its platform having been adopted by organizations in critical and sensitive industries including governments, banks, and critical infrastructure.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Network Resilience Coalition Debuts to Boost Data and Network Security
VMware Orchestrates New Private Mobile Network Service
Cisco Q4 and FY 2023: AI, Security, and Cloud Fuel Milestone Results
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
