High-Fidelity Network Threat Detection: Introducing Stamus Networks

High-Fidelity Network Threat Detection: Introducing Stamus Networks

Company Overview

Stamus Networks integrates competencies spanning network detection and response (NDR), network security monitoring (NSM), and intrusion detection systems (IDS) for comprehensive network threat detection and response. The company actively contributes to open source technologies—most notably, culminating in the development of SELKS, its IDS/NSM and threat hunting system that is based on Suricata, an open source network security engine that was developed by the Open Information Security Foundation (OISF). Suricata also provides the foundation for its commercial system, Stamus Security Platform (SSP).

As noted by Stamus executives including Ken Gramley, CEO, and Mark Durrett, CMO, this has been a draw with customers because, while many network traffic centers are already being monitored at a low level by the Suricata engine, it is far too easy for security analysts and IT operations teams to become inundated with alerts.

Stamus strives to declutter this noise by adding a layer of threat detection that mitigates false positives and elevates only “high-confidence, low-noise” alerts. These “declarations of compromise” are actionable and can be used to guide investigations and trigger automated responses. For transparency and assessment, analysts can see the detection logic, attack timeline, and metadata that determined why the item is a threat.

The Stamus solution is comprised of a series of network probes that capture network traffic data and then send it back to the Stamus Central Server to be processed and analyzed for malicious activity against a combination of threat detections mechanisms, including signature-based detection and machine learning algorithms. The probes and the Stamus Central Server can be deployed on-premises or on cloud-hosted infrastructure as a service. In addition to automated detection, response, and threat hunting, rich visualization and comprehensive reporting are supported.

When the declaration of compromise is identified, the asset under attack is tracked as it moves through the cybersecurity kill chain. Stamus integrates with existing tools including SIEM, EDR, XDR, and next-generation firewall platforms, allowing organizations to augment and upgrade their security posture without a wholesale rip-and-replace. This approach allows, for example, a message to be sent to a Slack channel, a block list of IP addresses to be created, or a device to be quarantined.

Analyst Take

With security and IT operations teams facing an ever-growing and noisy pile of indicators that something could be wrong, the ability to elevate the critical and imminent issues that need to be triaged and addressed immediately cannot be understated in its value. In a demonstration for The Futurum Group, for example, the Stamus platform was able to whittle 888 IDS alerts to seven declarations. At the same time, it positions customers to consolidate their IDS, NSM and NDR tools, which is also important given the vast number of security tools in use by the average enterprise.

Its architecture is scalable – with Stamus leadership noting having seen petabytes of data under surveillance in some customer accounts over the course of monitoring the network in one week. At the same time, it retains a central plane of control and visibility, as well as integration with key tools that already exist in customers’ security toolchains. The fact that it is deployed and managed by the customer provides control over data for security and compliance.

Looking ahead, Stamus has significant momentum that it can build upon in 2024, with its platform having been adopted by organizations in critical and sensitive industries including governments, banks, and critical infrastructure.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

Network Resilience Coalition Debuts to Boost Data and Network Security

VMware Orchestrates New Private Mobile Network Service

Cisco Q4 and FY 2023: AI, Security, and Cloud Fuel Milestone Results

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.


Latest Insights:

Camberly Bates, Chief Technology Advisor at The Futurum Group, highlights Solidigm's groundbreaking work in AI, sustainability, and edge innovations presented at the Six Five Summit. Solidigm's advancements are set to redefine the future of data storage, emphasizing efficiency and environmental stewardship.
Oracle Exadata Exascale Debuts Aiming to Unite the Best of Exadata Database Intelligent Architecture and Cloud Elasticity to Boost Performance for Key Workloads
The Futurum Group’s Ron Westfall examines why the Exadata Exascale debut can be viewed as optimally uniting Exadata with the cloud to provide customers a highly performant, economical infrastructure for their Oracle databases with hyper-elastic resources expanding Oracle’s market by making Exadata attractive to small organizations with low entry configuration and small workload affordability.
Brad Tompkins, Executive Director at VMware User Group (VMUG), joins Keith Townsend & Dave Nicholson to share insights on how the VMware community is navigating the company's acquisition by Broadcom, focusing on continuity and innovation.
On this episode of The Six Five Webcast, hosts Patrick Moorhead and Daniel Newman discuss AWS Summit New York 2024, Samsung Galaxy Unpacked July 2024, Apple & Microsoft leave OpenAI board, AMD acquires Silo, Sequoia/A16Z/Goldman rain on the AI parade, and Oracle & Palantir Foundry & AI Platform.