Today, we are proud to announce the general availability of Update 40 (U40) - the latest release of the Stamus Security Platform (SSP). Read the press release here >> (note: this won't be live until 9am ET).
This update not only brings some exciting new UI developments, but also some critical new features and improvements to Declarations of Compromise™ that will not only improve user quality of life, but also improve your ability to respond to threats faster and investigate easier.
Continue reading to see a breakdown of all the major new features and updates, including images where relevant.
Critical New Features in Stamus Security Platform U40
Declarations of Policy Violations™ (DoPV)
Declarations of Policy Violations™ (DoPV) are a new high-fidelity event category, similar to Declarations of Compromise™ (DoC), focused on unauthorized activity and policy violations, such as clear text passwords, outdated TLS versions, insecure cypher suites, and TOR browser usage. Custom DoPVs may be created by the user. This provides security and IT teams with definitive notifications of specific policy violations taking place in their organizations, which empowers them to address these problems before they result in a breach.
Custom Report Generator with Scheduler
U40 now includes a powerful custom report generator. Several pre-written PDF reports summarizing network security posture are available. This report generator gives analysts a simple mechanism to communicate findings to management and peers, facilitating better cross-organizational communications, and ultimately improving incident response.
Attack Surface Inventory
The newest version of SSP provides a detailed inventory of all active hosts on the network with dozens of attributes – such as hostname, device type, services running, users logged in, etc. – extracted and maintained for each. This new feature enables security teams to gain a complete picture of the attack surface they must defend.
Dynamic Code and Algorithm Updates
U40 adds the infrastructure for pushing new report-generating code and complex detection-as-code algorithms to SSP on the fly. This capability can be used to create customer-specific custom reports, and it will soon enable the dynamic ingestion of advanced new threat detection algorithms.
Improved DoC Handling
Attacker Tracking for Declarations of Compromise™
Previously, SSP included only the assets under attack for a Declaration of Compromise™. With U40, SSP tracks attacking assets also. Therefore, an asset listed in a DoC will be identified as either a target, an attacker, or both. This feature helps analysts quickly and unambiguously determine which assets are being used in the attack and which are the victims.
Improved Tuning for Declarations of Compromise
With U40, SSP users can suppress DoCs and DoPVs based on metadata using policy filters in the Hunt interface. This enables users to more finely tune their security event notifications and responses.
Conditional Behavior for DoC Webhook Response
Previously, SSP allowed users to configure multiple webhooks to initiate different actions or convey information to a third-party system when a DoC triggers. With U40, various conditions may be added to a given webhook. This enables the user to initiate different actions – such as block an IP, update user policy, quarantine device, or initiate a SOAR playbook – based on different parameters of a DoC.
Individual DoC and DoPV Events are now Available in Hunt Interface
With U40, SSP events associated with DoCs and DoPVs (called "Stamus Events”) are available to the user in the Hunt interface, allowing the user to include these high-confidence events in their threat hunt and to develop hunting filters based on them. This gives users another powerful tool to accelerate their threat hunting session.
Email Notification for Declarations of Compromise™ (DoC)
With U40, SSP can now generate an email notification to one or more email addresses when it detects a Declaration of Compromise™. This gives users an additional notification channel to accommodate organizational-specific workflows.
Accelerated End User Experience
More Flexible API User Privileges
Previously, API tokens inherited the privilege of the user associated with the access. With U40, each user account may set up multiple API tokens and assign different access privileges to each. This makes it easier to set up multiple API connections – each with different access privileges – under a single user account.
Improved User Experience Workflow
With U40, SSP now includes right-click drop down menus that can serve as pivot points for users during an investigation or hunt. This feature makes it easier for the analyst to access data associated with a host or event in many fewer clicks, accelerating event threat hunting, event triage, or incident investigation.
Structured Display of Detection Methods
Previously, the primary mechanism for the user to understand a detection method was by viewing the actual code. With U40, SSP organizes the elements of the detection method into easy to understand structural elements. This feature makes it easier for the analyst to more quickly understand why a given event triggered, thus accelerating event triage and incident investigation.
Performance Improvements & Security Patches
U40 includes various performance enhancements, such as disk space optimization for rulesets, to ensure that the Stamus Security Platform continues to perform flawlessly during times of peak traffic load and with maximum detections enabled. As always, the most recent release of SSP also includes security patches for the operating system and other embedded components as well as minor bug fixes.
Additional Support
Our team is eager to share the details of this new release with you and see how your organization can get the most benefit from all the exciting new features. Please let us know if you have any questions regarding the upgrade to U40 or if you would like to see a demonstration of these new capabilities.
If you are a current Stamus Security Platform customer then keep an eye out for information from your Customer Success Manager. We will be hosting a webinar for all existing Stamus customers and active prospects showcasing many of the above features.
A Final Thank You
We want to give thanks to our amazing Development and Quality Assurance teams here at Stamus Networks. Without them, none of this would be possible. A major release such as this is a massive achievement and it did not happen without the tireless work of a very talented and dedicated team, so please join us in thanking them for their work.
We look forward to continuing to improve the Stamus Security Platform, and we will be excited to share continued innovation with you all in the future.
To stay updated with new blog posts from Stamus Networks, also make sure to subscribe to the Stamus Networks blog, follow us on Twitter, LinkedIn, and Facebook, or join our Discord.