Learn how to empower enterprise security teams by leveraging both cloud and on-premise network activity to gain comprehensive insights and effectively mitigate risks.
Ken, please provide an overview of Stamus Networks’ mission and vision in the context of the cybersecurity landscape, emphasizing the role of defenders as heroes?
Stamus Networks believes in a world where cybersecurity professionals – the “defenders” – are heroes, and a future where those they protect remain safe. This mission – empowering cybersecurity teams to keep their organizations secure – is at the foundation of everything we do. Between the rising rate of cyberattacks and increasing sophistication of cybercriminals, to increasingly complex security infrastructures and the cybersecurity talent gap, it is more important than ever to give defenders the tools they need to do their jobs faster and more efficiently.
We do just this through our Stamus Security Platform (SSP), which provides actionable network threat visibility and detection to help security teams cut through the noise of vague alerts so they can identify serious threats and respond before widespread damage can be inflicted.
In today’s threat landscape, being able to quickly detect and respond to a threat to mitigate its impact are heroic actions that can save a business.
As a global provider of high-performance network-based threat detection and response systems, how does Stamus Networks differentiate itself from other security vendors?
Recent attacks targeting network infrastructure devices, such as switches, routers, and VPN appliances, have demonstrated that endpoint security tools are unable to detect threats that exploit these entry points. Stamus Networks taps into the power of the network to help security teams gain visibility into network activity, so they can see the whole picture, and detect and respond to threats they might otherwise miss when relying on endpoint solutions.
To do this, SSP consolidates multiple network security solutions under a single umbrella. It builds on the best features of legacy intrusion detection systems (IDS), network security monitoring systems (NSM), and network detection and response (NDR) solutions.
This powerful combination allows Stamus Networks to address the needs of elite enterprise defenders by helping them cut through the clutter of alert overload to focus on the most serious threats facing their organizations. These elite security practitioners need the details behind detections and extensive evidence to support an incident response, and they also need the control to create their own detections and integrate into their security stack. Finally, these experts need the tools to move with speed and respond quickly to threats before they become breaches.
Additionally, SSP uses the Suricata engine for network traffic inspection, and no one knows this open-source tool better than our team. Our co-founders, CTO Eric Leblond and CSO Peter Manev, are considered some of the world’s leading experts on Suricata and are active in its development. They continue to play a key role in the development of our Suricata-based network security solutions, on top of ongoing contributions they make to the greater open-source security community.
What specific challenges do you address in the area of network security, and how do you integrate legacy IDS and NSM systems with anomaly detection, host insights, and automated alert triage?
As more organizations shift to cloud-based and dispersed workforces, networks are expanding and becoming increasingly complex. For security teams, this means monitoring network traffic and user behavior on them is becoming more challenging.
Security teams still relying on legacy security systems run the risk of receiving too many false positive alerts, which can result in delayed impact assessment and response. For this reason, alert fatigue can be just as crippling for security teams as not having insight into suspicious activity and threats.
With Stamus Networks’ modern approach to network threat detection and response, security teams benefit from being notified only when facing serious and/or imminent threats and provide the necessary evidence and contextual insights, so they know which to prioritize and can quickly respond before cybercriminals can cause substantial damage.
How do you leverage cloud and on-premise network activity to empower enterprise security teams with insights that help them know more, respond sooner, and mitigate risks effectively?
The traditional perimeter is nearly extinct. Organizations are no longer physically located under one roof. With the rise of remote work and connected devices, an organization’s network is more dispersed than ever, and because of this, network perimeters and attack surfaces have expanded as well.
This can create blind spots – areas of the network where security teams don’t have visibility to know what’s going on, good or bad. Imagine a building with surveillance cameras watching the front door only, leaving all other entry points unsupervised and vulnerable to attack.
We help customers eliminate these network blind spots by making it cost-effective to deploy SSP in the private cloud, public cloud, on-premises and in hybrid environments. Monitoring traffic across the entire network is the only way to get a full picture of the type of activity taking place – and the only way to protect your organization.
Can you elaborate on the core functionalities of the Stamus Security Platform™, including high-fidelity Declarations of Compromise™, guided threat hunting, and automated event triage, and how these contribute to a comprehensive NDR package?
Another unique innovation in SSP is the feature known as Declarations of Compromise™ (DoC). In the simplest terms possible, a DoC is a high-confidence and high-priority security event generated by SSP, signaling a “serious and imminent” threat on an asset. When SSP generates a DoC, it creates a data record that contains a substantial amount of meta data and associated artifacts that help the analyst understand exactly why it triggered and provide evidence for any investigation that may follow. In other words, a DoC signals an asset is under attack and provides all the needed information on the threat(s) that are attacking it.
DoCs take the guesswork out of threat detection. Rather than having to search through massive amounts of alerts to find actionable information and insights, DoCs automate the process. Analysts can quickly spot a serious and imminent threat, understand where it came from and what it is doing, and then respond accordingly.
These declarations are so accurate that they are used by many Stamus Networks customers to trigger a third-party system, such as an endpoint detection and response (EDR) tool or firewall, to respond automatically.
In what ways does the Stamus Security Platform™ harness the full potential of Suricata, providing a more complete solution compared to custom in-house developed Suricata solutions, and how does it enhance the efficacy of Suricata deployment?
First, because of our team’s in-depth understanding of Suricata, we’ve been able to harness many of its capabilities that the rest of the industry doesn’t even know exist. For example, Suricata does so much more than generate alerts based on signatures. Its detailed protocol transaction logging and flow record creation allow us to apply a number of advanced detection algorithms – including machine learning – to build extensive phishing, anomaly, and beacon detections. And SSP adds automated alert triage and the Declarations of Compromise I mentioned above. And that same data, along with file extraction and packet capture (PCAP) allow SSP to generate the richest event logs in the industry.
In fact, many of our current customers came to us after building an in-house Suricata implementation. They realized their custom-built deployments can have limitations. A lack of expert support, high volumes of alerts without critical contextual evidence, and system obsolescence as a result of developer churn can lead to increased incident detection times and mismanaged sensors. By switching to SSP, they get all the benefits of Suricata while eliminating the challenges of custom deployment.
To address the second part of your question, many of the capabilities I mention above can be applied to our customer’s existing Suricata deployment. This can help them extract the most performance from their existing Suricata sensors as they migrate to more full-featured Stamus Network Probes at their own pace.
What benefits does Stamus Networks promise in terms of reducing response time, increasing visibility of the network, and allowing organizations to focus on critical matters, all while decreasing the total cost of ownership?
SSP’s combination of IDS, NSM and NDR technologies, its ability to be deployed across all types of environments, and its DoC feature help security teams gain comprehensive visibility to the entire network, so they can drastically reduce detection and response times and act on serious threats before they can substantially damage the business.
Implementing one robust solution such as SSP can provide greater efficiency and total cost of ownership compared to trying to deploy three or more different network tools.
Additionally, investing in a modern network threat detection and response solution to quickly detect and respond to the rising tide of network infrastructure attacks makes a whole lot of sense – not only to keep your business safe, but also because it can be more cost effective in the long run. Successful attacks can cost companies millions, disrupt business operations, result in customer churn and negatively impact reputation.
How do you ensure the delivery of truly useful detection, avoiding the hype, fear, and exaggeration often associated with other network security companies, and providing explainable results that enhance the confidence of security teams?
At the end of the day, the most successful network security solutions will be determined by how accurately and quickly they notify teams of the most pressing threats. SSP doesn’t just alert analysts to imminent threats, but it also backs them up with actionable intelligence so they can respond quickly.
Organizations using SSP understand exactly what triggered an event along with a detailed attack timeline, and they are equipped with all the evidence they need to respond quickly and stop a breach before damage is done. When seconds matter, having all of that information a few clicks away is an integral part of any security stack.
Can you share success stories or use cases where Stamus Networks’ solutions have effectively exposed serious and imminent threats, leading to efficient and impactful responses by security teams?
We’ve had a lot of success helping customers especially in the financial services space as they remain an attractive target. In one case, we helped a financial services organization with a mix of physical and virtual network sensors. They found it nearly impossible to rely on IP addresses for threat detection as most devices changed their IP every 30 minutes.
Using our NDR’s guided threat hunting interface, the customer was able to discover that a group of engineers had installed a temporary encrypted proxy service, allowing them to bypass organizational infrastructure and install any software. While there was no ill intent behind the move, this created a backdoor leaving the organization open to exploitation by malware actors.
With the NDR in action, increased network visibility led to the customer identifying a policy violation which their other systems missed. They quickly resolved the problem and set up automations to detect similar activity in the future before any harm was done.
For organizations considering Stamus Security Platform™, what would be the key reasons or features that make it stand out as a preferred choice for network-based threat detection and response, particularly in the face of evolving cybersecurity challenges?
Stamus Networks is committed to its mission of supporting defenders. We do this through SSP, but also through the development and ongoing maintenance of open-source solutions, including our extensive contributions to Suricata and development of free open-source tools including SELKS, Stamus App for Splunk, GopherCAP and others.
The job of protecting organizations from a barrage of never-ending threats, growing more sophisticated by the day, is not an easy one. It takes a tremendous amount of skill and time to build a security team that operates at the highest level. Stamus Networks understands that puts a tremendous strain on those working to keep organizations safe, and that’s why it takes its role of supporting defenders so seriously and works to innovate SSP as the threat landscape and business needs change.
Our work and partnerships across the globe speak volumes to the impact SSP has helping organizations remain secure. SSP is trusted by some of the world’s most targeted organizations, including government CERTs, central banks, insurance providers, managed security service providers, financial service providers, multinational government institutions, broadcasters, travel and hospitality companies, and even a market-leading cybersecurity SaaS vendor. SSP addresses and solves real-world security challenges facing security teams today – allowing them to do their jobs successfully, keep their organizations secure and become cyber heroes.
Stay Ahead of the Financial Curve with Our Latest Fintech News Updates!
