At Stamus Networks, we have always been driven by a commitment to openness, transparency, and innovation. Today, we are proud to announce the next evolution of our products: the introduction of Clear NDR™, a unified brand and architecture for network threat detection and response solutions.
With this release, the Stamus Security Platform becomes Clear NDR - Enterprise, and SELKS evolves into Clear NDR - Community. This transformation marks the convergence of our solutions into a single platform, designed to deliver unparalleled network visibility, explainable threat detection, and actionable response for both enterprise and open-source users.
What is Clear NDR™?
Clear NDR™ is an open and transparent network threat detection and response (NDR) system that empowers defenders with the deep network insights needed to build a more efficient and secure AI-powered autonomous security operations center (SOC).
Clear NDR is focused on solving five primary challenges facing security teams today:
- Detection of and response to attacks that evade other controls
- Lack of confidence in automated incident response
- Lack of visibility into the modern hybrid attack surface
- Missing explainable event context and evidence
- Alert fatigue caused by the overwhelming volume of security events
It can be deployed as a stand-alone NDR solution or integrated into an organization’s AI-driven security operations center, delivering powerful network data that supports even more sophisticated cross-platform threat detection and enterprise-wide automation.
Unlike other solutions, Clear NDR uses a tapestry of transparent threat detection and response technologies – including AI, machine learning, advanced heuristics, signatures, and IoC matching – in a highly customizable system – supported by extensive metadata and evidence – that delivers detection you can trust with results you can explain.
In summary, Clear NDR delivers:
- Clear Visibility - monitor activities across your entire attack surface
- Clear Detection - transparent detections you can understand
- Clear Evidence - everything you need to quickly resolve the incident
- Clear Response - the confidence you need to automate your response
Developed as an open core solution, Clear NDR is available in two editions:
- Clear NDR - Community: A free, open-source solution – licensed under GPLv3 –that builds on the legacy of SELKS, by retaining all original SELKS features and adding new ones.
- Clear NDR - Enterprise: A comprehensive commercial network detection and response solution for organizations with advanced security needs.
Together, these editions serve a wide range of users, from individual security practitioners to large-scale enterprise SOC teams.
Why the change?
The rebranding and unification of our products under the Clear NDR name were driven by a desire to simplify and streamline our offerings while delivering even greater value to our users. Historically, SELKS and the Stamus Security Platform (SSP) were separate code bases, each with its own development and maintenance paths. This division sometimes created challenges for users and limited the speed at which we could innovate.
By consolidating these code bases into a single architecture, we are now able to focus our resources on delivering a unified, cohesive platform. This means faster updates, more robust features, and a consistent user experience across both the Community and Enterprise editions. In the future, users wishing to update from the Community edition to the Enterprise edition will be able to do so easily without losing any of their data.
The name Clear NDR was chosen to reflect the product’s core principles of openness, transparency, efficacy, and clarity. These values are at the heart of everything we do, and they guide our mission to help organizations build more effective and efficient security operations.
Clear NDR™ - Community: Building upon the legacy of SELKS
For our open-source users, Clear NDR - Community is a major step forward. While it retains the trusted capabilities of well-loved SELKS, Clear NDR - Community builds upon that legacy and introduces several key enhancements that make it easier to use and more powerful than ever.
One of the most significant changes is the replacement of the ELK stack (ElasticSearch, Logstash, and Kibana) with OpenSearch and Fluentd. This change was driven largely by changes to the licensing terms that made the ELK stack incompatible with the open core architecture of Clear NDR. Users will also notice a redesigned user interface that aligns with the Enterprise edition, providing a more intuitive and responsive experience.
Clear NDR - Community also introduces advanced features previously available only to commercial users. For example, customizable deep linking into third-party systems and contextual resources simplifies and accelerates incident response, enabling users to investigate and resolve threats more efficiently.
For current SELKS users, transitioning to Clear NDR - Community is a seamless process. All existing SELKS functionality is preserved, and additional tools like Arkime, EveBox, and CyberChef are still included. The platform’s modernized architecture ensures compatibility with existing workflows while unlocking new possibilities for innovation.
To download Clear NDR - Community, please visit our Clean NDR™ User Docs: https://docs.clearndr.io/docs/start/getting-started/
As of January 1, 2025, Stamus Networks will no longer actively enhance SELKS. However, the GitHub repository and community resources will remain available, ensuring that SELKS users can continue to access the platform if needed.
Clear NDR™ - Enterprise: The next evolution of Stamus Security Platform
Clear NDR - Enterprise is the next evolution of the Stamus Security Platform, continuing to deliver advanced NDR capabilities designed for large-scale, complex environments. The rebranding extends to its core components, with the Stamus Central Server and Stamus Network Probes now being known as the Clear NDR Central Server™ and Clear NDR Probes™.
While the primary focus of the upcoming release (U41) is on operational improvements, such as updates to the operating system and the underlying Suricata engine, we are also preparing for a major feature release in Q2 2025. This feature update will introduce enhancements that further empower enterprise SOC teams with the tools they need to detect and respond to threats across their networks.
For organizations seeking a scalable, enterprise-grade NDR solution, Clear NDR - Enterprise offers unparalleled capabilities, including integration with AI-driven SOC workflows, centralized management of distributed probes, and comprehensive network insights.
Looking ahead
The launch of Clear NDR™ represents a new chapter for Stamus Networks and our users. By unifying our product architecture, we are laying the foundation for a future of rapid innovation and greater value for both Community and Enterprise users.
In the coming months, we will continue to expand the capabilities of both Clear NDR - Enterprise and Clear NDR - Community, with major updates planned for the former in Q2 2025. These updates will introduce new features and enhancements that further empower security teams to defend their networks with confidence and efficiency.
We are excited about the opportunities this transformation creates and we invite you to join us on the journey. Whether you are an open-source user exploring Clear NDR - Community or an enterprise seeking an advanced NDR solution, Clear NDR™ offers the transparency, efficacy, and clarity you need to succeed.
To stay updated with new blog posts and other news from Stamus Networks, make sure to subscribe to the Stamus Networks blog, follow us on Twitter, LinkedIn, and Facebook, or join our Discord.
