Stamus Clear NDR

Stamus Clear NDR (formerly Stamus Security Platform) is a Network Detection and Response system that monitors network traffic to detect threats and unauthorized activity. The system consists of two components: Clear NDR Probes and Clear NDR Central Server, which can be deployed in private cloud, public cloud, on-premise, or hybrid environments. Clear NDR Probes inspect and analyze network traffic using deep packet inspection to perform real-time threat detection. The probes enrich events with metadata and capture network protocol transactions, flow data, extracted files, and full packet capture. This data is delivered to the Clear NDR Central Server for additional analytics and processing. The system employs multiple detection mechanisms including artificial intelligence, machine learning, advanced heuristics, signatures, and indicators of compromise. It monitors both north-south and east-west traffic across the attack surface, including agent-less systems, cloud workflows, lateral movement, and encrypted communications. Clear NDR provides attack timelines and evidentiary artifacts for incident investigation and response. The system generates declarations of compromise and policy violations that can be used to automate threat response directly or feed network data to SIEM platforms for correlation with endpoint and other data sources. The platform is built on Suricata and provides transparent detection methods with detailed context and evidence for security operations teams.