Stamus Networks’ Clear NDR™: transforming network security with transparency
Stamus Networks recently unveiled Clear NDR™, the evolution of SELKS and the Stamus Security Platform. How do you see this offering revolutionizing network security in terms of openness and transparency?
The conventional cybersecurity vendor-customer relationship relies on enterprises trusting vendor technologies to perform as promised, often without a clear understanding of how these solutions function or protect their business. Within the context of network threat detection and response (NDR), this “black box” approach leaves network defenders with alerts but little to no evidence or context to identify real threats, understand incidents, or respond effectively. As a result, security operations centres (SOCs) are overwhelmed by a flood of alerts, and network defenders find it increasingly difficult to counter advanced cyberattacks. They struggle with slow, manual triage and validation processes and fragmented tools that impede swift threat detection and resolution.
Following several high-profile outages caused by cybersecurity software this year, it has become evident that organizations can no longer afford to simply trust “black box” defences. They need to have better visibility and control over their cybersecurity tools—and this is exactly what Clear NDR™ provides.
Clear NDR delivers the next generation of open, transparent, and effective NDR. Using either Clear NDR’s built-in automated response triggers or by integrating its rich network telemetry with customers’ AI-powered SIEM, this innovative system serves as the foundation for an autonomous SOC—providing high-fidelity threat detection, automated response, and unparalleled transparency. Network defenders are equipped with explainable, evidence-based results, empowering them to uncover serious threats and unauthorized activity before they cause harm to the organization.
Can you share more details about Stamus Networks’ vision for the future of open-source network security and its impact on network defenders?
Stamus Networks believes that defence is bigger than any one person, platform, company, or technology. Adversaries are joining forces to execute attacks, and we believe effective defence must be collaborative as well. This is the driving principle behind our open-source network security tools. And this commitment dates back to the founding of the company. Our founders, Éric Leblond and Peter Manev, are open-source experts and active members of the Open Information Security Foundation (OISF) —the organization that manages the Suricata open-source network security engine.
Built on an open-source foundation and powered by a tapestry of custom detection and response technologies, Clear NDR leverages the power of community to empower defenders to see more clearly and act more confidently—with detection they can trust and results they can explain.
What specific features of Clear NDR do you believe will set it apart from other network detection and response solutions currently available?
Clear NDR isn’t just another NDR solution. It’s the next generation of network defence and the key to unlocking a truly autonomous SOC. Clear NDR delivers:
Clear Visibility: Monitors activities across the entire attack surface.
Clear Detection: Provides transparent multi-layer detections network defenders can understand.
Clear Evidence: Outputs everything defenders need to quickly resolve an incident.
Clear Response: Results in the confidence security teams need to automate response.
These capabilities empower organisations to overcome alert fatigue and expedite threat detection and response. These technical advantages also translate into significant business benefits, including reduced risk, improved operational efficiency, and strengthened compliance.

Could you explain how the new system offers “evidence-based results” and how this will help speed up response times for network defenders?
Clear NDR provides network defenders with the “why” behind every security alert, including associated artefacts, event timelines, and the actual detection algorithms. Getting a bit more granular, the system provides Declarations of Compromise™ (DoC), a high-confidence and high-priority security event signaling a “serious and imminent” threat on an asset, and Declarations of Policy Violations™ (DoPV), which focus on unauthorized activity and policy violations, to help security teams quickly identify critical threats and unauthorized activity. These high-fidelity events, backed by comprehensive evidence, cut through the noise and drive rapid response.
Clear NDR also supports proactive threat hunting with guided workflows and intuitive tools for exploring the rich network data captured and synthesized by Clear NDR. Analysts can leverage pre-built hunting queries, explore suspicious patterns, and dive deep into historical data to uncover hidden threats that may have evaded traditional detection methods.
This proactive approach allows security teams to:
Eliminate alert fatigue: Clear NDR moves beyond basic alerts, providing high-fidelity threat and policy violation declarations backed by comprehensive evidence. This allows security teams to focus on real threats, not noise.
Accelerate threat response: Automate response to identified threats with confidence, minimizing dwell time and mitigating the impact of attacks.
Fuel AI-powered decision-making: Feed AI-enabled SIEMs with the richest source of network telemetry available. Clear NDR provides the critical network context needed for comprehensive threat analysis and automated response.
Gain unparalleled transparency: Understand exactly how threats are detected. Clear NDR’s open and transparent approach provides the evidence and metadata needed to explain and justify security decisions.
Looking ahead, how do you envision the evolution of network security over the next few years? What role do you foresee for Stamus Networks in this broader shift?
In addition to being more of a collaborative effort, we believe network security also will be greatly impacted by AI—and we’re already seeing this today.
Today, AI is used to aggregate source data and conduct multi-source analysis. Generative AI (GenAI) holds the potential for defenders to query this data in ways that can identify new indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs).
However, to unlock the potential of GenAI without the associated risks, it must be implemented with extreme transparency. In the context of threat detection, this means exposing the actual AI algorithms for threat detection and hunting. By doing so, cyber defenders can tune these models for their organization’s unique business and security requirements.
GenAI should be used in network security tools to empower cyber defenders to customise their defences, understand the “why” behind every alert, and confidently respond to threats. This is the future of network security, and Stamus Networks is leading the way with Clear NDR.