<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Stamus Networks Blog

We believe that sharing information is necessary to improve global security. The purpose of this blog is to share our experiences, perspectives and experiments.

Subscribe to our Blog

Blog /
Showing 321 results
of 321 items.
Reset All

Category

2025 Prediction: The Rise of the Agentless Attack Surface

NOTE: The following article was originally published 06 December 2024 on VMblog.com

Stamus Networks at Black Hat Europe 2024

Stamus Networks is excited to return to Black Hat Europe 2024 at Excel London, United Kingdom 9-12...

Introducing Clear NDR™

At Stamus Networks, we have always been driven by a commitment to openness, transparency, and...

5 Reasons to Double Down on Network Security in 2025

NOTE: The following article was originally published 02 December 2024 on Help Net Security 

Stamus Networks at Suricon 2024

Each year, Suricon attracts visitors from around the world for three days of training and...

Feature Spotlight: Custom Report Generator

In today’s digital landscape, enterprise networks produce an overwhelming volume of data when...

See Stamus Networks at an Event Near You!

Stamus Networks is excited to announce that our co-founders Éric Leblond (Chief Technology Officer)...

Feature Spotlight: Attack Surface Inventory

As all cybersecurity defenders know, visibility into the network is the key to understanding what...

Feature Spotlight: Declarations of Policy Violation™

One of the new, exciting innovations available with the release ofStamus Security Platform (SSP) U...

Unpacking the 2024 Gartner® NDR Market Guide: Securing the Agentless Attack Surface

The rapid proliferation of IoT devices, network devices, and cloud infrastructure has drastically...

Unpacking the 2024 Gartner® NDR Market Guide: The Critical Role of Automated Response

As any seasoned security professional will likely tell you, detecting a threat is only part of the...

Uncovered with Stamus Security Platform: Lateral Active Exploits

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Introducing U40: Powerful New Edition of Stamus Security Platform

Today, we are proud to announce the general availability of Update 40 (U40) - the latest release of...

Uncovered with Stamus Security Platform: DarkGate Malware as a Service (MaaS)

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Uncovered with Stamus Security Platform: High Entropy Domain Connections

In this series of articles, we explore a set of use cases that we have encountered in real-world...

How do you Fix Alert Fatigue?

Intrusion detection systems (IDS) have proven themselves to be incredibly effective tools when it...

The Path to Data Sovereignty: Key Considerations for Security Telemetry

Most enterprise organizations gather extensive security data from their information (IT) and...

Uncovered with Stamus Security Platform: Tapped on the Shoulder

In this series of articles, we explore a set of use cases that we have encountered in real-world...

What are the Consequences of Alert Fatigue?

If your organization is considering network detection and response (NDR) and evaluating potential...

SELKS 10: The Next Big Leap for Open-Source Network Security

Stamus Networks is pleased to announce the release and availability of SELKS 10, the newest version...

SELKS: 10 Years of Open-Source Network Defense

This month, we celebrate the 10th anniversary of SELKS, Stamus Networks’ open-source Suricata-based...

What are the Symptoms of Alert Fatigue?

For many cybersecurity practitioners, the concept of alert fatigue is not foreign. However, knowing...

The Hidden Claws of APT 35: Charming Kitten

Don’t let the disarming name fool you.Charming Kitten, also known as APT 35, Newscaster Team, Ajax...

What is Continuous Security Monitoring?

Continuous security monitoring (CSM) is a term that frequently comes up when discussing network...

What is Threat Detection and Reponse?

When assessing the options available, it can be difficult to understand the nuances between various...

In the Trenches with NDR: NDR Discovers Crypto Wallet Stealer on U.S. University's Network

Tl:DR: A Large U.S. university lacked sufficient visibility into a large segment of its environment...

What is Alert Fatigue in Cybersecurity?

Cybersecurity alert fatigue is a serious problem faced by many organizations. An overwhelming...

What is an Example of an Intrusion Prevention System?

It is easy to confuse intrusion detection systems (IDS) with intrusion prevention systems (IPS),...

Ready for Battle? Live Fire vs Tabletop Cybersecurity Exercises

By failing to prepare, you are preparing to fail.” - Benjamin Franklin

What are the 4 Types of Attacks in Network Security?

No conversation about intrusion detection systems is complete without also taking time to look at...

The Rise of Network Infrastructure Attacks and What to Do About Them

TL;DR: In recent months, CISA, MITRE, CVE.org, and others have announced critical vulnerabilities...

Does IDS/IPS go Before or After the Firewall?

One of the most common questions people have about intrusion detection systems (IDS) is where to...

In the Trenches with NDR: K-12 School District Maximizes Visibility While Avoiding Alert Fatigue

TL;DR: An American school district needed to monitor over 5000 school-owned student devices, making...

What is Detection and Response in Cyber Security?

To create an effective cyber security strategy, organizations must first have a good understanding...

Does Suricata Have a Web Interface?

Suricata is a powerful open-source network security tool. One of its disadvantages, however, is its...

What are the Types of Computer Attacks Detected by IDS?

You might be aware that intrusion detection systems (IDS) are incredibly effective ways to identify...

In the Trenches with NDR: European MDR Designs Advanced NDR into Their Product Offering

TL;DR: A European managed security service provider seeking to launch an MDR service chose Stamus...

What are the Requirements for Network Detection and Response?

In this blog post, we delve into the key requirements of network detection and response (NDR),...

Is There a GUI for Suricata?

Are you a Suricata beginner looking to learn more about open-source network-based intrusion...

What are the Three Types of IDS?

For those new to the world of intrusion detection systems (IDS), you may be unaware that there are...

In the Trenches with NDR: European Financial Institution Achieves Greater Network Visibility

Network detection and response (NDR) is a critical component of a comprehensive cyber defense...

What are the Benefits of NDR?

Network Detection and Response (NDR) is a highly capable cyber security solution for proactively...

Is Suricata an IPS or IDS?

For those new to open-source network security tools, learning the differences in various options...

What are the Detection Methods of IDS?

Did you know there are actually several different IDS detection types used by different intrusion...

What are NDR Solutions?

Network detection and response (NDR) plays a vital role in many organization’s cyber security...

Adapting to Change: JA3 Fingerprints Fade as Browsers Embrace TLS Extension Randomization

Recent changes to the behavior of major browsers have rendered the popular JA3 fingerprinting...

What is the Difference Between Snort and Zeek?

One cannot compare Suricata vs Zeek without also comparing these tools to the popular Snort. While...

What are the Different Types of IDS Alerts?

Intrusion detection systems are an incredibly popular first line of defense for many organizations...

Is XDR the Same as NDR?

Cybersecurity is always changing, and as new product categories continuously enter the market it is...

Is Suricata Better Than Snort?

When discussing open-source intrusion detection tools, only three names routinely appear as IDS...

What are the Two Main Types of Intrusion Detection Systems?

For absolute beginners in the world of intrusion detection systems (IDS), it is important to know...

What is the Difference Between IDS/IPS and NDR?

Understanding the benefits of network detection and response (NDR) can be difficult if you are...

What are the Disadvantages of Suricata?

No open-source tool is perfect, and that stands true for Suricata. And while we believe that...

What is IPS in Cyber Security?

One cannot talk about intrusion detection systems (IDS) without also discussing intrusion...

Suricata Threat Hunting Fundamentals

Before beginning any sort of threat hunt, it is important to consider the tools you are using. This...

What is the Difference Between EDR and XDR?

If you’ve been keeping up to date with the Stamus Networks blog, then you are likely well...

Software Release U39.1 now available from Stamus Networks

This week we announced that an important new software release Update 39.1 (or “U39.1”) for our...

What is the Difference Between Zeek and Suricata Metadata?

Deciding between open-source network security tools can be a difficult task, but once you’ve...

What are the Advantages of Intrusion Detection Systems?

Choosing which intrusion detection system (IDS) is hard enough, but it gets even more difficult...

Top 10 Most Popular Blogs of 2023

At Stamus Networks, we are wrapping up another great year, so it is time to again review the news,...

What is the Meaning of NDR?

Network detection and response (NDR) is becoming an increasingly popular topic in cyber security....

Is Suricata Open-Source?

No conversation about open-source intrusion detection tools is complete without the inclusion of ...

What is the Difference Between a Firewall and IPS?

Like firewalls, intrusion detection systems (IDS) are incredibly popular early lines of defense for...

What is NDR Used for?

Network Detection and Response (NDR) is an incredibly effective threat detection and response...

What is Open-Source Intrusion Detection?

While you might be familiar with Suricata due to its popularity in the world of network security,...

What are NIDS Tools?

Many people mix up the different types of intrusion detection systems (IDS), but it is very...

What is an NDR Provider?

Network detection and response (NDR) is a growing product category in cybersecurity. If you are...

What is an example of a Free Open-Source IDS?

When it comes to open-source intrusion detection tools, there are only three systems that any...

What are the Benefits of NIDS?

Before deciding on whether or not an intrusion detection system (IDS) might be right for your...

What are the Disadvantages of NDR?

Network Detection and Response (NDR) comes with several advantages for organizations looking to...

Which is Better, Suricata or Snort?

Choosing between the various options for open-source intrusion detection tools can be a difficult...

What is the Difference Between NIDS and IPS?

Understanding the nuances of different types of intrusion detection systems (IDS) can be tricky,...

What is NDR in Gartner?

Gartner is a highly respected voice when it comes to recommendations on cybersecurity products....

How Does Suricata Work?

Learning Suricata takes time and patience, and one of the more daunting tasks for beginners is...

What is Network Detection and Response?

Network detection and response (NDR) has been steadily increasing in popularity as organizations...

Behind the Curtain: Understanding Cozy Bear (APT29)

Cozy Bear — also known as APT29, CozyCar, CozyDuke, and others — is a familiar name to security...

What is a Rule in Suricata?

One of the most difficult parts of learning how to effectively use Suricata is understanding the...

Which Gartner Report Shows NDR is Becoming Mainstream?

Many professionals in cybersecurity often look to research firm Gartner for insights into new...

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD)

In aprevious blog post, we announced the release of Open NRD from Stamus Networks - a set of threat...

What Protocols are Used in Suricata?

Suricata is one of the most powerful open-source intrusion detection systems (IDS) available...

What is an Example and Application of Intrusion Detection?

In cyber security, we commonly talk about different product categories like intrusion detection...

What is the Role of NDR?

Network detection and response (NDR)is beginning to play a larger role in many organizations’...

Addressing Cloud-Related Threats with NDR: Key Takeaways from the 2023 PwC Cybersecurity Outlook Report

In an era of rapidly advancing technology and digital transformation, the realm of cybersecurity is...

What are the Benefits of Suricata?

Suricata vs Snort? Choosing between these two incredibly popular open-source intrusion detection...

What are the Types of Intrusion Detection Systems?

It is easy to get confused about the various types of intrusion detection system (IDS) examples,...

What are NDR Tools?

In the early stages of learning about Network detection and response (NDR), it can be difficult to...

Introducing Open NRD: Newly Registered Domain Threat Intel Feeds for Suricata

This article describes the details of the new Open NRD threat intelligence feeds provided by Stamus...

Is Suricata any Good?

Comparing Suricata vs Snort isn’t always easy. Both options are incredibly popular intrusion...

What is an IDS and IPS Example?

Before making any decisions on using an intrusion detection system (IDS), it is vitally important...

Malware PCAP Analysis Made Easy Part 4

In aprevious blog post, we compiled a number of useful JQ command routines for fast malware PCAP...

What are the Features of NDR?

Network detection and response (NDR) is still a newer product category in cyber security, and as a...

The Critical Role of NDR in Continuous Security Auditing

For a large organization, keeping track of numerous security systems or internal security policies...

What is the Difference Between NAV and NDR?

For those new to network detection and response (NDR), it can be confusing to understand the...

Behind the Curtain: Understanding Fancy Bear (APT 28)

Operating since 2008, the shadowy figure of Fancy Bear has emerged as a formidable force in the...

What are the Emerging Trends and Top Use Cases for Network Detection and Response?

The cybersecurity landscape is constantly changing, with threat actors always looking for new...

Malware PCAP Analysis Made Easy Part 2

In aprevious blog post, we compiled a number of useful JQ command routines for fast malware PCAP...

Why do I Need Network Detection and Response?

As cloud and hybrid environment adoption grows, so does the need for network detection and response...

Weathering the Storm: The Importance of Cyber Resilience

If you have ever worked for a large enterprise, then you may be familiar with the term “enterprise...

What Challenges Does Network Detection and Response Solve?

Network detection and response (NDR) could be the answer your organization is looking for to solve...

Why is NDR so Important?

Network detection and response (NDR) has been quickly gaining ground as a respected cyber security...

Malware PCAP Analysis Made Easy

When a threat researcher is investigating malware behavior and traces on the network, they need a...

Don't Take the Bait: Detect Whaling Phishing with Network Detection & Response

In our past series, “Threat! What Threats?” we covered the topic of phishing in a generic way, but...

Creating Kibana Visualizations with SELKS

Visualizing network security logs or data is a crucial aspect of effectively analyzing and...

Stamus Networks Secures Series A Funding to Empower more Elite Defenders

Today I am thrilled to share some incredible news. It is with great excitement and pride that I...

Threat Hunting for Unknown Actors & Threats using NRD and Sightings

This week’s guided threat hunting blog focuses on hunting for high-entropy NRD (newly registered...

Incorporating Newly Registered Domains (Open NRD) into Stamus Security Platform Workflow

Every day, new Internet domains are registered through the Domain Name System (DNS) as a natural...

Feature Spotlight: Declarations of Compromise™

One of the unique innovations in the Stamus Security Platform is the feature known as Declaration...

A Practical Guide to Small Office / Home Office Network Visibility with SELKS: Part 1 - Equipment Selection

Have you ever counted how many computer devices, smart IoT gadgets, TV’s, kitchen appliances,...

Just Released: Suricata 7

Yesterday (18-July-2023) the OISF announced the general availability of Suricata version 7. It’s...

Proactive Defense: Achieving Optimal Results with Threat Detection and Response

Recently we have discussed the various use cases, benefits, and limitations of different threat...

Demystifying the MITRE ATT&CK Framework: Understanding Cyber TTPs

When an organization wants to learn more about the tactics, techniques, and procedures (TTP) used...

Proactive Defense: Is XDR The Future of Threat Detection and Response?

In the past few blog posts, we have discussed at length the importance of creating a comprehensive...

Demystifying the Cyber Kill Chain: Understanding the Stages of a Cyber Attack

The cyber kill chain is a widely-used framework for tracking the stages of a cyber attack on an...

Closing a Suricata Supply Chain Attack Vulnerability

On 15-June-2023 the OISF announced a new release of Suricata (6.0.13) which fixes a potential...

Proactive Defense: Exploring Endpoint Detection & Response (EDR)

Endpoint security is one of the most common cybersecurity practices used by organizations today....

Proactive Defense: Exploring Network Detection and Response

Network security plays a crucial role in today's digital landscape as it safeguards sensitive...

Proactive Defense: Understanding Threat Detection & Response

Cyber threats are becoming increasingly sophisticated and pervasive, causing organizations to place...

Unlocking the Secrets of Forensic Investigations: Solving the SANS Forensic Quiz using SELKS

Are you looking to improve your threat hunting and network based forensic analysis skills with...

How to Improve Threat Hunting with Organizational Context

Threat hunting is a common practice for many mature security organizations, but it can be time...

Accelerate Suricata Rule Writing with Suricata Language Server v0.9.0

Writing Suricata rules has never been easier or faster since the release of the Suricata Language...

Jupyter Playbooks for Suricata | Part 3

This is the third post in a series based on my Suricon 2022 talk Jupyter Playbooks for Suricata....

Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 1

Keeping your network secure can feel like an endless game of cat and mouse. But with SELKS and its...

U39 for Stamus Security Platform now available

Today, we announced the general availability of Update 39 (U39) - the latest release of the Stamus...

The Hidden Value of Suricata Detection Events: NSM-Enriched IDS Alerts

If you use Suricata, then you are familiar with the way Suricata generates detection events —...

Use SELKS to solve the Unit 42 Wireshark Quiz

This blog describes how to solve the Unit 42 Wireshark quiz for January 2023 with SELKS instead of...

The Hidden Risks of False Positives: How to Prevent Alert Fatigue in Your Organization

Intrusion Detection Systems (IDS) can be powerful threat detection tools, but IDS users frequently...

Jupyter Playbooks for Suricata | Part 2

This is the second post in a series that will be based on my Suricon 2022 talk Jupyter Playbooks...

Stop the leak! Detecting ChatGPT used as a channel for data exfiltration

In a recent conversation, one of our customers shared their concerns about the use of ChatGPT in...

Detecting Attacks Against CVE-2022-39952 (FortiNAC)

This blog describes the steps Stamus Networks customers may take to determine if any of your...

Jupyter Playbooks for Suricata | Part 1

This is the first post in a series that will be based on my Suricon 2022 talk Jupyter Playbooks...

An Introduction to Cyber Threat Intelligence

Because cybersecurity teams face numerous threats from bad actors that are continually devising new...

Harness the Power of Shared Threat Intelligence with MISP

When it comes to cyber threats, we understand that a threat to one organization can quickly become...

Hunting for Suspicious DNS Use During Policy Verification

This week’s guided threat hunting blog focuses on verifying a policy enforcement of domain...

Cybersecurity Compliance for Financial Services: Can NDR Help?

Maintaining an effective security posture is difficult enough for any organization. But for those...

Top 10 Most Popular Blogs of 2022

As we celebrate the beginning of another new year, we’d like to take a glimpse back at the news,...

Hunting for Lateral Executable Transfers

It is not uncommon to see executable file transfers within an organization. However, it is...

Stamus Networks Reflections on BlackHat Europe 2022

BlackHat Europe 2022 was the last conference of an eventful year for our team at Stamus Networks....

2022 Wrapped

2022 is coming to an end, and as we wrap up another great year at Stamus Networks I wanted to take...

Inside SELKS: What's Under the Hood

SELKS is a turnkey Suricata-based IDS/IPS/NSM ecosystem that combines several free, open-source...

Weak Attack Signals Your Legacy IDS Will Miss: Unauthorized User Activity

When you already know the specific attacks faced by your organization, then the basic detection...

Hunting for Punycode Domain Phishing

Punycode domains have traditionally been used by malware actors in phishing campaigns. These...

Stamus Networks at BlackHat 2022

Just a few weeks after our last event, Suricon 2022, Stamus Networks is heading off to London for...

Analysis of TLS Cipher Suite Security in Stamus App for Splunk

The latest version (1.0.1) of  the Stamus App for Splunk adds TLS cipher suite analysis. Conducting...

Weak Attack Signals Your Legacy IDS Will Miss: Anomalous Network Activity

Intrusion detection systems (IDS) function incredibly well when it comes to making signature based...

Reflections on Suricon 2022

Last week our team was in Athens for the biggest Suricata conference this year - Suricon 2022. The...

Why We Wrote the Book on Suricata

As we celebrate the first week after launching our new book “The Security Analyst’s Guide to...

NEW! Open Ruleset for Detecting Lateral Movement in Windows Environments with Suricata

Today, we’re announcing a new open-source contribution from Stamus Networks - a Suricata ruleset...

Hunting for Suspicious DNS Requests with Long Domain Extensions

When you see a domain request from a user/client to a non-local or otherwise unfamiliar or...

Detecting Attacks Against OpenSSL Vulnerabilities

This blog describes the steps Stamus Networks customers may take to determine if any of your...

Impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on SSP and SELKS Users

TL;DR

Stamus Networks uses OpenSSL in the Stamus Security Platform (SSP) as well as our open source

Hunting for Suspicious DNS Requests with Short Domain Extensions

Non-local domain requests from the user/client network could signal trouble for an organization....

Stamus Networks at Suricon 2022

Each year, Suricon attracts visitors from all over the world for three days of knowledge sharing...

Hunting for the use of DNS Over HTTPS

DNS over HTTPS (DoH) is a network protocol used to protect the data and privacy of users by...

Weak Attack Signals Your Legacy IDS Will Miss: Malware Beacons

Command-and-control (C2) attacks are bad news for any organization. Attackers use C2 servers to...

Hunting for Plain Text Executables with Stamus Security Platform

Plain text executables (such as those downloaded from a PowerShell user agent) are often seen on...

Weak Attack Signals Your Legacy IDS Will Miss: Homoglyphs

Intrusion detection systems (IDS) have proven to be a highly effective and commonly used method of...

Hunting for Internal Use of Dynamic DNS with Stamus Security Platform

This week in our series on guided threat hunting, we are focusing on locating internal use of...

Hunting for Use of Foreign Domain Infrastructure with Stamus Security Platform

This week’s guided threat hunting blog focuses on hunting for foreign domain infrastructure usage...

Hunting for Unauthorized Activity from Critical Infrastructure

This week’s guided threat hunting blog focuses on hunting for Let’s encrypt certificates that were...

Threats! What Threats? Penetration Tests and Stamus Security Platform

This week in our threat detection blog we are mixing things up and discussing an important  Stamus...

Hunting for Unauthorized Admin User Activity with Stamus Security Platform

In this week’s guided threat hunting blog, we will focus on hunting for Let’s Encrypt certificates...

Hunting for Rogue Proxy Servers

In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to identify...

Threats! What Threats? Combatting Remote Access Trojans with Stamus Security Platform

This week’s threat detection blog dives deeper into a common type of malware, remote access trojans...

Hunting for Phishing Activity with Stamus Security Platform

In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to uncover...

Threats! What Threats? Combatting Crypto Mining and Stamus Security Platform

In this week’s threat detection blog, we will be reviewing a financially-motivated threat that is...

Hunting for Unauthorized FTP Usage

This week’s guided threat hunting blog focuses on a specific policy violation - the use of...

Threats! What Threats? Uncovering Shadow IT with Stamus Security Platform

This week we are taking a closer look at Shadow IT, which is the use of information technology by...

Hunting for File Sharing Service Policy Violations

This week’s guided threat hunting blog focuses on policy violations; specifically, violations...

Hunting for Malware Masquerading as an Image File

For week 2 of our series on guided threat hunting, we will be reviewing a hunting technique to...

Reflections on Black Hat USA 2022

Last week Stamus Networks participated in BlackHat USA 2022, an international cybersecurity...

After the Hunt

So, what’s next? You’ve had a successful hunt, uncovered some type of threat or anomalous behavior...

Hunting For Potentially Unwanted Programs (PUP)

In addition to deploying advanced detection technologies, many security teams make threat hunting...

Introduction to Guided Threat Hunting

Stamus Security Platform is loaded with features that help security teams leverage network traffic...

Threats! What Threats? Detecting Phishing with Stamus Security Platform

Phishing is commonly regarded as the most common and effective way attackers can gain access into a...

Threats! What Threats? Command & Control and Stamus Security Platform

In this article, we will review one of the most important and critical  phases on the cyber kill...

Threats! What Threats? Malware Beacons and Stamus Security Platform

One of the first network-related indications of a botnet or peer-to-peer (P2P) malware infection is...

Threats! What Threats? Detecting Lateral Movement with Stamus Security Platform

In this article I want to highlight one of the tactics used by malicious actors to move within your...

Celebrate the Defenders

When the leadership team at Stamus Networks sat down to discuss our core principles we had to...

Avoid Hype, Fear, and Exaggeration

When a company decides to capture its core principles, it is important to set expectations on how...

Uncovered with Stamus Security Platform: Raiz0WorM

In this series of articles we share hands-on experience from active hunts in the real world. We...

Embrace Open Interfaces and Open Source

When the leadership team at Stamus Networks got together to capture the core principles of our...

Apply the right technology to the right problems.

In developing our core principles, the leadership team at Stamus Networks discussed the way we view...

Show Respect and Integrity in Everything We Do.

Trust is the foundation of any working relationship. Without it, two organizations cannot amicably...

Stamus Networks at Gartner Security & Risk Management Summit 2022

The world of cybersecurity is rapidly changing and enterprises have to quickly adapt in order to...

Stamus Networks at RSA San Francisco 2022

RSA Conference San Francisco is back in June 2022 and we are excited to once again be a part of one...

Deliver the Most Useful Detection, Period.

Successful businesses need to maintain a transparent framework which guides their daily practices....

Why We Developed Our Core Principles

When someone sees a great product, the reaction is often the same. Customers frequently consider...

Introducing Stamus Security Platform Release U38

Today I want to give you a brief tour of what’s new in Update 38 of the Stamus Security Platform...

SELKS 7: Deployment and Applications

Perhaps the most exciting thing about the release of SELKS 7 is the various practical applications...

SELKS 7: Newly Updated Capabilities

This series introduces SELKS 7, the latest update to the free, open-source, turn-key Suricata based...

SELKS 7: An Introduction

In this series, you will get an overview of the SELKS 7 platform, the new updates and functionality...

Stamus at Botconf 2022

Botconf is an annual technical conference organized by the International botnets fighting alliance...

A Bold New Approach to Network Detection and Response

Existing systems that aggregate network security alerts and metadata do not properly detect and...

Join Stamus Networks at Cyber Security Summit Miami

With two Cyber Security Summits already behind us, we are ready for the next one. On 7 April 2022,...

Stamus Networks at Cyber Security Summit Atlanta

On 25 March 2022, my colleague Ed Mohr and I will be attending the Cyber Security Summit in...

Threats! What Threats?

We talk often about “threats” and “threat detection” in our marketing materials and in discussions...

GopherCAP Update: PCAP Filtering and SMB Lateral Detection Research

Re-Introduction to PCAP Replay and GopherCAP

A while back we introduced GopherCAP, a simple tool...

This Week at the Cyber Security Summit in Tampa

This week my colleagues Phil Owens, Charlie Provenza and I will be attending and sponsoring our...

Uncovered with Stamus Security Platform: Spyware Missed by EDR

In this series of articles, we explore a set of use cases that we have encountered in real-world...

(Zero) Trust but Verify

Security monitoring is perhaps the least discussed element of a Zero Trust strategy

Over the past...

Feature Spotlight: Host Insight Transformation with IDS Alert Metadata

In the previous article of the “Feature Spotlight” series, we discussed how to pivot from IDS alert...

Introducing Suricata Language Server: Real-time Rule Syntax Checking and Auto-completion

Writing signatures for Suricata and other intrusion detection systems (IDS) is considered by many...

Feature Spotlight: Pivot from IDS Alert Metadata to Signature Details

Sometimes, even after extensive training, we forget about important features or ways of using a...

Suricata to the Log4j Rescue

Following the 10-December-2021 announcement of (CVE-2021-44228), Log4shell scanners have begun to...

Intrusion Analysis and Threat Hunting with Open Source Tools @ FloCon 2022

In its early years, FloCon was an academic conference focused exclusively on network flow data but...

SuriCon 2021: Through the Eyes of the Conference Organizers

This year SuriCon was a hybrid event for the first time ever. The conference was held both...

Upgrading your IDS/IPS? Answer these 3 Key Questions First.

So, you are considering migrating your legacy or aging intrusion detection and prevention system...

SuriCon 2021: Through the Eyes of the Stamus Networks Team

Regular readers of this blog and friends of Stamus Networks will know that we are very closely...

XDR - eXtending Detection and Response to the Network

Extended detection and response, or XDR, has generated substantial interest in recent years - and...

Upcoming Webinar: The Case for Upgrading Your Network Defenses

On 16 November 2021, my colleague Ed Mohr and I will be giving our second talk entitled “The Case...

Spin up a Complete Suricata Network Security Platform in Under 2 Minutes

Believe it or not, you can launch a turnkey Suricata IDS/IPS/NSM installation – with as few as 4...

Troopers Training: Intrusion Analysis and Threat Hunting with Open Source Tools

The importance of having a strong security team has been growing in recent years, and many...

Stamus Networks @ SecurityCON 2021

Next week, Stamus Networks will participate for the first time in SecurityCON, a virtual...

The Art of Suricata QA GitLab Automation @ Suricon

I’m pleased to partner with the OISF QA Engineer and Automator - Corey Thomas for this year’s...

Unleash Suricata Superpowers with a Splunk App @ Suricon

At next week's Suricon 2021, I'll be sharing real world examples of how a new Splunk App can help...

Efficient Suricata: Migrating from Millions of Events to Manageable Insights @ Suricon

I’m pleased to partner with my colleague and OISF Board Member - Eric Leblond for this year’s...

The Other Side of Suricata

You may be surprised to learn that Suricata produces not only IDS alerts but also produces logs of...

Coming Soon in Suricata 7: Conditional PCAP @ Suricon

SuriCon is the annual open source technology community conference that highlights discussions and...

Webinar: The Case for Upgrading Your Network Defenses

On 12 October 2021, my colleague Ed Mohr and I will be giving a talk entitled “The Case for...

Live at CyberShock - Data Mining TLS Network Traffic

On 6 October 2021, I’ll be giving a talk entitled “Data Mining TLS Network Traffic.” This is...

Advanced Deployment & Configuration with Suricata @ Suricon

I’m pleased to partner with my colleague and OISF Board Member - Eric Leblond. Together, we want to...

Stamus Networks at Sharkfest US 2021

SharkFest is an “annual educational conference focused on sharing knowledge, experience and best...

SELKS on Docker: A Much More Portable and Agnostic Solution

Here at Stamus Networks, we are strongly committed to open-source and believe that ease of use has...

Uncovered with Stamus Security Platform: Danger in the Datacenter

When the blue team needs to mount a network defense, they must answer some very common questions:

  • ...

Detection Technology Truth-telling and a Focus on Results

In my last blog article, I introduced some of the factors that have contributed to our successes...

Video Tour of Release U37

Last month, I posted a blog article (Read it here >>) that introduced the new capabilities of our...

Much more than just another NDR Vendor

In cybersecurity as soon as you stand still, you’re falling behind. Change, whether it’s in the...

Software Update 37 Now Available

Hello and welcome to my first blog article here at Stamus Networks. My name is Phil Owens and I am...

Suricata: The First 12 Years of Innovation

Suricata, the open source intrusion detection (IDS), intrusion prevention (IPS), and network...

Uncovered with Stamus Security Platform: User Agents Tell the Story

Stamus Security Platform (SSP) helps bank identify threat to its accounting network

With the help...

Uncovered with Stamus Security Platform: Shadow IT

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Stamus Security Platform meets TheHive Project

Recently, Stamus Networks introduced outgoing webhook capabilities to its Stamus Security Platform....

Scaling Suricata in the Enterprise - Leverage Advanced Analytics

Background

As we have previously written, for all Suricata’s capabilities, building out an...

Stamus ND/NDR is Armed to Detect Stolen FireEye Red Team Tools

Yesterday, FireEye/Mandiant announced that a “highly sophisticated state-sponsored adversary stole...

Scaling Suricata in the Enterprise - Consolidate Alerts and Logs

Background

As we have previously written, for all Suricata’s capabilities, building out an...

Scaling Suricata in the Enterprise - Tuning the Sensors

Background

As we have previously written, for all Suricata’s capabilities, building out an...

Scaling Suricata in the Enterprise - Centralizing Sensor Management

For all Suricata’s capabilities, building out an enterprise-scale deployment of Suricata with...

Scaling Suricata in the Enterprise - Optimize Sensor Placement

As we’ve written before, Suricata is a high-performance network threat detection, IDS, IPS and...

Introducing GopherCAP: Powerful PCAP Replay

Historically, we have used tcpreplay with predetermined PPS options for replaying PCAP files. It is...

Introducing the Stamus Networks App for Splunk®

This week we announced the new Stamus Networks App for Splunk®. You can read our press release here...

Just Released: Suricata 6

Exciting news - the OISF just announced that Suricata 6 is now available. This is the culmination...

Managing Cyber Security Investments at a Uniquely ChallengingTime

Cyber security and IT executives today are facing unprecedented challenges: new and increasingly...

Endpoint-Based and Network-Based Threat Hunting — Each Has its Strengths

Threat hunting—the proactive detection, isolation, and investigation of threats that often evade...

Uncovered with Stamus Security Platform: MoDi RAT

In this series of articles, we will explore a set of use cases that we have encountered in...

From Open Source IDS to Cyber Kill Chain to SOAR – My First Eight Weeks at Stamus Networks

Stamus Networks? They are the Suricata company aren’t they? And Suricata? It’s an open source IDS...

Why Context is Critical for Successful Network Detection and Response

As mentioned in an earlier article, organizations seeking to identify cyber threats and mitigate...

Is Network Traffic Analysis (NTA) dead in an age of Network Detection and Response (NDR)?

Organizations seeking to proactively identify and respond to cyber threats in order to mitigate...

Uncovering Critical Policy Compliance Violations in an Era of Remote Workforce

Sometimes the greatest vulnerabilities and risks an organization faces are created by users'...

Scirius Security Platform: The First Chapters in the Quest

Every great story begins with the first chapter. And with each new chapter the characters develop...

SELKS 6 [The stuck-at-home edition]

SELKS 6 is out!

If you are still teleworking, you may wish to test and deploy this new edition to...

Whitepaper: Introduction to eBPF and XDP support in Suricata

eBPF and XDP support is one of the latest evolutions of the Suricata engine’s performance...

SELKS 5 - The Sorceress

SELKS 5 is out! Thank you to the whole community for your help and feedback! Thank you to all the...

SELKS5 RC1 - Threat Hunting and more...

Hi!Yet another upgrade of our SELKS. We are very thankful to all the great Open Source projects and...

SELKS5 Beta: new hunting interface and FPC

Hey! Our new and upgraded showcase for Suricata has just been released - SELKS5 Beta. Thanks to...

Scirius Enterprise Edition, Release 29

Following the release of Scirius Community Edition 2.0, Stamus Networks is happy to announce the...

Scirius 2.0 is here to get your Suricata easier, faster, stronger

Stamus Networks is proud to announce the availability of Scirius Community Edition 2.0. This is the...

SELKS 4.0

This first edition of SELKS 4 is available from Stamus Networks thanks to a great and helpful...

Suricata 4.0 and why it does matter

Suricata 4.0 is out and this switch from 3.x to 4.x is not marketing driven because the changes are...

SELKS 4 RC1

After a very valuable round of testing and feedback from the community we are pleased to announce...

Scirius CE 1.2.0 is for IPS and collaboration

Stamus Networks is proud to announce the availability of Scirius 1.2.0. This release of our...

Slides and video of "Suricata and eBPF" talk

Eric Leblond gave a talk entitled "The adventures of a Suricata in eBPF land" at netdev 1.2, the...

Suricata bypass feature

Introduction

Stamus Networks was working on a new Suricata feature named bypass. It has just been...

The third SELKS is out

Yes, we did it: the most awaited SELKS 3.0 is out. This is the first stable release of this new...

Amsterdam 1.0, SELKS and docker

Stamus Networks is proud to announce the availability of version 1.0, nicknamed "glace à la...

Let’s talk about SELKS 3.0RC1

After some hard team work, Stamus Networks is proud to announce the availability of SELKS 3.0RC1.

Scirius 1.1.6 brings new key features

Stamus Networks is proud to announce the availability of Scirius 1.1.6. This new release brings...

Get info on suricata using JSON stats data

Suricata stats in EVE JSON format

Suricata 3.0 will come with a lot of improvements on the output...

Amsterdam: SELKS & Docker using Compose

Stamus Networks is proud to announce the availability of the first technology preview of Amsterdam.

Version 1.1 brings Scirius to a new level

Stamus Networks team is proud to announce the availability of Scirius 1.1. This new release brings...

Finding self signed TLS certificates - Suricata and Luajit scripting

Introduction

This is a short tutorial of how you can find and store to disk a self signed TLS...

Looking at suricata JSON events on command line

Suricata EVE JSON format is becoming the de-facto standard for this IDS. All type of events are now...

Let's talk about SELKS 2.0

Stamus Networks is proud to announce the availability of SELKS 2.0  release.

Scirius 1.0 is out

Stamus Networks is proud to announce the availability of Scirius 1.0. This is the first stable...

Scirius-1.0rc3

Stamus Networks is proud to announce the availability of the third release candidate of Scirius...

SELKS 2.0 beta1 based on Debian Jessie

Stamus Networks is proud to announce the availability of SELKS 2.0 BETA1 release. With Jessie...

Run you own Suricata QA

Some words about PRscript

PRSCript is a script that run a series of builds and tests on a given...

Let’s talk about SELKS 1.2

Stamus Networks is proud to announce the availability of SELKS 1.2 stable release. SELKS is both...

Scirius-1.0rc2

Stamus Networks is proud to announce the availability of the second release candidate of Scirius...

Scirius 1.0-rc1

Stamus Networks is proud to announce the availability of version 1.0-rc1 of Scirius, our web...

Conky for SELKS

Conky is a cool, desktop and lightweight monitoring tool. SELKS comes with a ready to use Conky...

Accuracy of Elasticsearch facets

Introduction

Elasticsearch and Kibana are wonderful tools but as all tools you need to know their...

Let’s talk about SELKS 1.1

Stamus Networks is proud to announce the availability of SELKS 1.1 stable release. SELKS is both...

Scirius 1.0-beta1

Stamus Networks is proud to announce the availability of version 1.0-beta1 of Scirius, our web...

Using Stamus Networks Debian Repositories

Stamus Networks supports its own generic and standard Debian Wheezy 64 bit packaging repositories...

Slides of SELKS lightning talk at hack.lu

After giving a talk about malware detection and suricata, Eric Leblond gave a lightning talk to...

SELKS privacy dashboard

Introduction

SELKS 1.0 is featuring a privacy dashboard. This is a dashboard focusing on HTTP and...

Let's talk about SELKS 1.0

Stamus Networks is proud to announce the availability of SELKS 1.0 stable release. SELKS is both...

SELKS 1.0 RC1 is out

Stamus Networks is proud to announce the availability of SELKS 1.0 RC1. This is the first release...

Scirius v0.8

Stamus Networks is proud to announce the availability of the version 0.8 of Scirius, the web...

A Suricata application for Splunk

Thanks to the EVE JSON events and alerts format that appear in Suricata 2.0, it is now easy to...

SELKS 1.0 beta2 is available

Stamus Networks is proud to announce the release of SELKS 1.0 beta2. This is the second public...

Scirius on Ubuntu LTS

The Ubuntu used in this tutorial:

Announcing Scirius v0.3

Stamus Networks is proud to announce the release 0.3 of Scirius, our web interface for Suricata...

Announcing Scirius v0.1

Stamus Networks is proud to announce the first release of Scirius, its Suricata ruleset web...

Eric Leblond's talk at HES2014

I've given a talk entitled "Suricata 2.0, Netfilter and the PRC" at the Hackito Ergo Sum conference.

Stamus Networks technical blog

This is the first blog post on Stamus Networks technical blog. You will find here posts focused on...