Stamus Networks

The Stamus Security Platform is a network-based threat detection and response solution provided by Stamus Networks. According to the vendor, it is designed to assist enterprise-level organizations in gaining insights from cloud and on-premise network activity, responding promptly to threats, and mitigating risks. The platform combines intrusion detection, network security monitoring, and network detection and response systems into a single solution. It is utilized by Security Operations (SecOps) teams, Network Operations (NetOps) teams, IT professionals, cybersecurity professionals, and financial institutions.

Key Features

Network-based threat detection and response: According to the vendor, the Stamus Security Platform exposes serious threats and unauthorized activity in the network by providing real-time network traffic analysis. It integrates intrusion detection, network security monitoring, and network detection and response capabilities into a single solution, allowing for rapid response to mitigate risks.

Suricata-based network security solutions: The Stamus Security Platform leverages Suricata, an open-source network intrusion detection and prevention system (IDS/IPS). The vendor claims that Suricata's powerful detection mechanisms, including machine learning, anomaly detection, signatures, and IoC matching, are utilized. The platform also offers easy integration of third-party rulesets and threat intelligence sources, with weekly threat intelligence updates provided by Stamus Labs.

Threat intelligence feeds: The Stamus Security Platform includes free threat intelligence feeds for newly-registered domains (NRD), improving visibility into potential threats and aiding incident investigation. According to the vendor, this feature empowers Suricata users with increased insights and data for enhanced security.

Guided threat hunting and incident investigation: The Stamus Security Platform provides advanced guided threat hunting filters, enabling effective incident investigation with enhanced contextual views. The vendor states that hunt results can be converted into custom detection logic, and the platform offers explainable and transparent results with evidence.

Automated event triage and alert management: The Stamus Security Platform automates event classification and alert triage, reducing the number of false positives and noise in alerts. According to the vendor, this feature allows security teams to focus on critical threats and respond faster. The platform seamlessly integrates with SOAR, SIEM, XDR, EDR, and IR tools.

Enterprise-scale management and integration: The Stamus Security Platform allows the management of multiple Stamus Networks probes and Suricata sensors from a single console. It supports multi-tenant operation for service providers and provides configuration backup and restoration capabilities. The vendor claims that the platform can be integrated with SIEM, SOAR, XDR, EDR, and data lakes, enhancing visibility and correlation.

Real-time correlation and enriched data: According to the vendor, the Stamus Security Platform correlates IDS events, network traffic analysis, and organizational data in real-time. It enriches event data with contextual information and network definitions, and offers metadata integration with SIEM, SOAR, and data lakes. This feature aims to provide better visibility and context for effective threat detection and response.

Host insights and network visibility: The Stamus Security Platform tracks over 60 security-related attributes for host insights, including network services, user agents, host names, and logged-in users. The vendor states that this feature enhances network visibility and understanding of host activities, aiding in the identification of potential security risks and anomalies in the network.