Éric Leblond, Stamus Networks: The NDR is an indispensable tool
March 2024 by Marc Jacob
At InCyber Forum, Stamus Networks will introduce Stamus Security Platform (SSP), an NDR solution that uses deep packet inspection to uncover serious threats and unauthorized activities lurking in our enterprise customers’ networks. Éric Leblond, Chief Technology Officer (CTO) of Stamus Networks believes that NDR is an indispensable tool.
Global Security Mag: What will be your news during the 2024 International Cybersecurity Forum?
Éric Leblond: While we do not have any product-related news at this year’s conference, I am speaking on Wednesday on a very important topic – the importance of retaining sovereignty of security telemetry data.
Global Security Mag: What are the strong points of the solutions that you will present on this occasion?
Éric Leblond: We are showcasing the Stamus Security Platform at this year’s event. The Stamus Security Platform (SSP) is our flagship network-based threat detection and response system. SSP uses deep packet inspection to uncover serious threats and unauthorized activity lurking in networks of our enterprise customers. It uses a combination of machine learning, statistical algorithms, heuristics, threat intelligence matching, and signatures to detect discrete indicators of compromise which are automatically triaged to identify the most serious and immediate threats facing the organization. In addition, all events are enriched with extensive organizational context and network artifacts to present a robust timeline and trail of evidence which defenders can use to accelerate incident response.
Our customers use us to replace their aging legacy signature-based intrusion detection/ protection systems (IDS/IPS). They select SSP for its high-fidelity detections, more complete detection of weak attack signals – such as beacons, homoglyphs, anomalous activity, encrypted traffic analysis, dramatically better data and context, and the ability to trigger an automated response.
Global Security Mag: This year the FIC will have AI as its theme, what are the main cyber threats that arise from it?
Éric Leblond: We see some of the most dangerous threats posed by AI falling into one of three main categories:
1. The more successful use of deep fakes in social engineering attacks. Social engineering - via phishing or live communications - is already an incredibly effective attack vector. Deep fakes created using AI will make it even more difficult to distinguish legitimate communications from malicious ones.
2. More successful attempts at bypassing security defenses. AI can be used to analyze and exploit weaknesses in security systems. For instance, an attacker might train an AI to identify patterns that trick facial recognition or spam filters.
3. AI can bring automation - and speed - to historically manual hacking tasks such as network scanning and launching denial-of-service attacks.
Global Security Mag: Have you or will you integrate AI technologies into your solutions?
Éric Leblond: Yes. The Stamus Security Platform currently incorporates AI and Machine learning for very specific detection algorithms. We plan to continue to enhance this capability in the coming year using a very unique approach in which we expose all the details behind the algorithm so the defender can easily understand why a particular detection event triggered. This transparent approach to machine learning and AI stands in stark contrast to most of today’s closed systems for which the reason behind the detection event is often a mystery.
AI and machine learning can be extremely useful for many specific use cases – such as anomaly detection and pattern recognition – but they are not always the best mechanisms for detecting all threats. That is why at Stamus Networks, we deploy a number of different detection technologies, applying the most effective of these for the particular problem we’re trying to solve.
Global Security Mag: How must technologies evolve to counter these threats?
Éric Leblond: This will not be a surprise to anyone in the security business, but those of use developing technologies to combat these threats must continuously evolve or risk becoming ineffective. The most crucial areas where the pace of innovation must accelerate are 1) detection of increasingly sophisticated attacks, 2) machine augmentation of human intelligence for incident response, and 3) reduction of alert volume to allow small security teams to focus only on the most serious and imminent threats.
Global Security Mag: What message do you want to send to CISOs?
Éric Leblond: If you are not currently deploying a modern network security solution, we encourage you to evaluate the modern network detection and response (NDR) solutions. Many organizations are relying exclusively on endpoint detection and response (EDR) systems. While these play a crucial role in safeguarding enterprise networks, relying on EDR alone can create many blind spots where serious threats can be missed.
For example, we are seeing a dramatic increase in attacks against non-traditional targets – systems that are not your standard computing platforms. These systems on which EDR agents cannot be installed include operational technology devices, network infrastructure devices, BYOD devices, Internet of things (IoT) devices and specialized equipment like medical systems.
By monitoring the network with an NDR, organizations can obtain the most complete visibility into serious threats and unauthorized activity lurking in the network, including these devices which cannot be monitored by EDR.
Gartner has written extensively about network detection and response (https://www.gartner.com/en/documents/4022229), and recognizes approximately 20 vendors who are innovating in this space (including Stamus Networks).
Even if you don’t look at Stamus Networks, we encourage you to look closely at the category.