www.stamus-networks.com Open in urlscan Pro
199.60.103.227  Public Scan

Form analysis
0 forms found in the DOM

Text Content

This website stores cookies on your computer. These cookies are used to collect
information about how you interact with our website and allow us to remember
you. We use this information in order to improve and customize your browsing
experience and for analytics and metrics about our visitors both on this website
and other media. To find out more about the cookies we use, see our Privacy
Policy.
Accept Don't ask me again
 * Solutions
   * Optimize your network security with NDR
   * Replace your legacy Intrusion Detection System
   * Streamline your Suricata deployment
   * Achieve Regulatory Compliance with NDR
 * Platform
   * Stamus Security Platform™
   * Stamus for cloud
   * Stamus on-premise
   * Stamus appliances
   * SELKS™ by Stamus Networks
 * Stamus Labs
   * SELKS™ by Stamus Networks
   * Suricata for Analysts (Book)
   * Lateral Movement Ruleset
   * Jupyter Playbooks for Suricata
   * GopherCAP™
   * Splunk App
   * Suricata Language Server™
   * Open NRD Threat Intel Feeds
   * Kibana Dashboards for Suri
 * Company
   * About us
   * Why Stamus
   * News
   * Events
   * Contact
   * Partners
   * Support
   * Careers
   * How to buy
   * NATO Live Fire Exercises
 * Resources
   * Blog
   * Library
   * Blue Team Diaries™ Podcast
   * Webinar Archive
   * Stamus Spotlight Newsletter
   * Russia-Ukraine Conflict
 * Schedule a Demo





UNPACKING THE 2024 GARTNER® NDR MARKET GUIDE: THE RETURN OF IDS

by Dallon Robinette | Aug 15, 2024 | Network Detection and Response, Stamus
Security Platform, IDS-IPS


Over the course of the last decade, Network Detection and Response (NDR)
naturally evolved out of earlier network security tools like Intrusion Detection
and Prevention systems (IDS/IPS). In that time, NDR has found a foothold in many
modern security strategies, offering unparalleled visibility into network
traffic and effective detection of both known and unknown threats. As the market
has grown and technology has advanced into the era of Artificial Intelligence
(AI), machine learning, and behavioral analytics, NDR systems moved beyond the
signature-based detection and indicators of compromise (IoC)-based threat
intelligence that preceded them.

Interestingly enough, what Gartner found in their “2024 Market Guide for Network
Detection and Response” is that “some providers have re-added intrusion
prevention system (IPS)-like modules, mixing threat intelligence and more
traditional pattern matching to complement behavioral analysis.” 

Gartner calls this “Network Defense in Depth”. At Stamus Networks we have long
considered the inclusion of IoC and traditional signature-based detection to be
part of a multi-layer defense strategy.

This blog post, the first in a series on the “2024 Market Guide for Network
Detection and Response”, seeks to explore Gartner key findings and share our
belief that the Stamus Security Platform aligns with Gartner observations on the
evolving NDR market. For nearly 10 years, Stamus Networks has been advancing the
state of the art for the fundamental building blocks of network security, and
IDS has been an important component. It's the inclusion of those capabilities
along with other advancements that helps establish the Stamus Security Platform
(SSP) as a comprehensive network security solution, addressing the complex
challenges faced by many organizations today.


GARTNER INSIGHTS ON NDR MARKET DIRECTION:

We feel the“2024 Gartner Market Guide for Network Detection and Response”
highlights four scenarios they believe NDR products will evolve into. In this
article, we are focusing on the section titled “Network Defense in Depth.” Here
is what Gartner said about this shift in market direction:

“Some NDR vendors integrate signature-based threat detection engines (e.g.,
Zeek, Suricata), traditionally components of intrusion detection and protection
systems (IDPS). As they add more modules, they position the NDR appliance as a
“second layer of defense,” positioned behind the perimeter controls adding
visibility on internal traffic (east-west)” (2024 Market Guide for NDR, pg. 5)

The authors go on to provide more detail later in the report:

“Re-establishing a practice from the early days of network detection and
response — 10 years ago — some providers have re-added intrusion prevention
system (IPS)-like modules, mixing threat intelligence and more traditional
pattern matching to complement behavioral analysis. This creates a potential
additional revenue stream for the providers but also makes NDR a more
comprehensive product, detecting a broader set of anomalies. This benefits
organizations with smaller teams or fewer infrastructure security tools. This
“defense in depth” scenario, leveraging an additional source of threat
intelligence and signatures, has a stronger focus on north-south traffic,
improving the ability to catch data exfiltration or command and control (C2)
communication. This will primarily appeal to large security operation teams in
search of a customizable and multipurpose network security sensor.

Conversely, adding intrusion detection system (IDS)-like signatures might
negatively impact one of the expected benefits of NDR solutions: be a “turnkey”
and “low noise” product, highlighting only critical anomalies.” (pg. 7)

Here, we feel Gartner is emphasizing a growing trend towards multi-layered
defense strategies, where NDR solutions are fortified with “traditional”
intrusion detection and prevention system (IDS/IPS) capabilities. As outlined in
the report, some NDR vendors are integrating signature-based threat detection
engines, such as Suricata, to bolster their offerings and provide additional
revenue streams while enhancing visibility into internal traffic.

Based on our understanding, Gartner concludes their analysis by stating that a
multi-layered defense strategy involving IDS capabilities would appeal primarily
to larger security operations teams desiring a more customizable solution. They
also note that the common challenges of IDS — noise caused by an abundance of
non-critical alerts and tuning requirements that prevent a “turnkey”
installation — could have a negative impact on organizations.


A PROVEN, MULTI-LAYERED NDR SOLUTION 

The Stamus Security Platform (SSP) is uniquely positioned to address this
evolution in the NDR market as outlined in the “2024 Market Guide for Network
Detection and Response”. Proudly built on a robust Suricata foundation, SSP
offers comprehensive IDS capabilities as a core component of its NDR solution.

Stamus Networks has been intimately involved in both the development and ongoing
support of the Suricata IDS, going so far as to write the first and only
practical guide to optimizing Suricata and getting the most out of its robust
capabilities.

Unlike many vendors who view IDS as an add-on or a separate revenue stream,
Stamus Networks believes the inclusion of IDS capabilities to be essential for
effective threat detection and response. In fact, many vendors have used engines
like Suricata or Zeek “under the hood” for years, including elements of
signature-based detection in their product offering but not achieving the full
value these tools can provide. 

It is only recently that these vendors have started to promote the real value of
IDS as a component of a successful, multi-layered NDR. Unlike other vendors, the
Stamus Security Platform has seamlessly integrated IDS capabilities since the
very beginning, providing customers with all the benefits of IDS as part of a
multi-layered defense strategy without the challenges often associated with
signature-based detection methods.

Stamus Security Platform combines advanced behavioral analytics with proven
signature-based detection mechanisms to provide granular visibility into both
east-west and north-south traffic while uncovering both known and unknown
threats. This comprehensive approach enables organizations to identify and
respond to threats more effectively, while also gaining the ability to perform
in-depth threat-hunting and forensic activities often only provided by intrusion
detection (IDS) and network security monitoring (NSM) systems.

As for Gartner concerns about the potential impact of IDS-style signatures on
NDR system performance, SSP has proven that it is possible to tame the IDS alert
cannon and ensure minimal impact on system performance while maintaining high
detection accuracy. The primary method of achieving this is through Declarations
of Compromise™ (DoC) and Declarations of Policy Violations™ (DoPV). These are
high-confidence and high-priority security events generated by SSP signaling a
“serious and imminent” threat on an asset (DoC) or a definitive notification of
specific policy violations taking place in the organization (DoPV). These
automatically escalated events allow security teams to focus on critical alerts
without being overwhelmed by noise and false positives.


THE POWER OF IDS IN A MODERN NDR SOLUTION

As unashamed IDS advocates, let us make it clear that we fully support the NDR
market’s shift towards multi-layered defense strategies. By incorporating IDS
capabilities into a comprehensive NDR solution such as the Stamus Security
Platform, we believe organizations will experience the following benefits:

 * Enhanced Threat Detection: SSP's combination of behavioral analytics and
   signature-based detection provides a more complete view of network activity,
   enabling earlier identification of both known and unknown threats.
 * Reduced False Positives: SSP's advanced algorithms and optimization
   techniques minimize false positives, enabling organizations to get the
   benefits of IDS detection without the common challenges.
 * Improved Incident Response: With deeper insights into network traffic,
   security teams can respond to incidents more quickly and effectively and
   access the full scope of network traffic data available only to an IDS or NSM
   tool such as Suricata.
 * Cost Efficiency: By integrating existing IDS infrastructure (network sensors)
   into an NDR that is optimized for IDS functionality, organizations can reduce
   the complexity and cost associated with managing a home-grown IDS solution.
 * Regulatory Compliance: SSP's comprehensive visibility and threat detection
   capabilities — aided by Suricata-generated data — can help organizations meet
   their industry compliance requirements.


STAMUS SECURITY PLATFORM: LEADING THE NDR MARKET DIRECTION WITH IDS AT ITS CORE

We believe the  “2024 Gartner Market Guide for Network Detection and Response”
clearly outlines how the NDR market is shifting towards a “defense in depth”
approach that adds IDS capabilities to NDR offerings. The Stamus Security
Platform aligns perfectly with that trend, offering a comprehensive NDR solution
proudly built on top of the world’s most powerful open-source network security
engine — Suricata.


DOWNLOAD THE 2024 MARKET GUIDE FOR NETWORK DETECTION AND RESPONSE

Normally, Gartner reports are only available to Gartner clients. However, this
year Stamus Networks is offering a complimentary copy of the “2024 Market Guide
for Network Detection and Response” to equip defenders with strategic insights
on the NDR market. To download your copy, please visit our website here >>.

To stay updated with new blog posts from Stamus Networks, also make sure to
subscribe to the Stamus Networks blog, follow us on Twitter, LinkedIn, and
Facebook, or join our Discord.


ATTRIBUTIONS AND DISCLAIMERS

Gartner, Market Guide for Network Detection and Response, Jeremy D'Hoinne,
Thomas Lintemuth, Nahim Fazal, Charanpal Bhogal, 29 March 2024

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its
affiliates in the 

U.S. and internationally and is used herein with permission. All rights
reserved.



DALLON ROBINETTE




SCHEDULE A DEMO OF STAMUS SECURITY PLATFORM

REQUEST A DEMO


RELATED POSTS


UNPACKING THE 2024 GARTNER® NDR MARKET GUIDE: SECURING THE AGENTLESS ATTACK
SURFACE

The rapid proliferation of IoT devices, network devices, and cloud
infrastructure has drastically...


UNPACKING THE 2024 GARTNER® NDR MARKET GUIDE: THE CRITICAL ROLE OF AUTOMATED
RESPONSE

As any seasoned security professional will likely tell you, detecting a threat
is only part of the...


UNCOVERED WITH STAMUS SECURITY PLATFORM: LATERAL ACTIVE EXPLOITS

In this series of articles, we explore a set of use cases that we have
encountered in real-world...

ABOUT STAMUS NETWORKS ™

Stamus Networks believes in a world where defenders are heroes, and a future
where those they protect remain safe. As organizations face threats from
well-funded adversaries, we relentlessly pursue solutions that make the
defender’s job easier and more impactful. The global leader in Suricata-based
network security solutions, Stamus Networks helps enterprise security teams know
more, respond sooner and mitigate their risk with insights gathered from cloud
and on-premise network activity. Our Stamus Security Platform combines the best
of intrusion detection (IDS), network security monitoring (NSM), and network
detection and response (NDR) systems into a single solution that exposes serious
and imminent threats to critical assets and empowers rapid response. 

 * 
 * 
 * 
 * 
 * 

Indianapolis, USA Paris, France

contact@stamus-networks.com
Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.