Stamus Networks, a global provider of high-performance network-based threat detection and response (NDR) systems, announced at Black Hat USA the integration of Infoblox BloxOne® Threat Defense threat intelligence feed and active indicators into the Stamus Security Platform™, the company’s flagship NDR system. This powerful combination allows users to achieve enhanced threat coverage by detecting threats and unauthorized activity linked to suspicious and known-bad hosts in both DNS-based and non-DNS based network communications.
Inner Workings of Extended Threat Coverage
Infoblox BloxOne Threat Defense active indicators and the Stamus Security Platform work together to identify network communications with malicious hosts. The integration uses a series of periodic API calls to extract threat intelligence from Infoblox BloxOne Threat Defense and update a DNS-based threat intelligence feed that can be pulled into the Stamus Security Platform.
There is also an optional Declaration of Compromise™ (DoC) definition for the Stamus Security Platform, which may be used to trigger a notification or an automated response when the NDR system identifies devices on the network using any protocol to communicate with hosts or domains included in the Infoblox BloxOne Threat Defense active indicators feed.
Key benefits include:
- Real-time threat intelligence integration – Stamus Security Platform customers gain a powerful new source of up-to-the-minute threat intelligence to identify malicious and unauthorized activity on the network.
- Comprehensive threat visibility – Joint Infoblox and Stamus Networks customers can now benefit from streamlined threat detection and improved visibility into their network activity. This enhanced visibility helps customers monitor traffic patterns, detect suspicious behavior more accurately, and gain a comprehensive view of potential security threats across their network.
- Enhanced detection and alerts – By monitoring active indicator domain activity on protocols such as HTTP and TLS, the Stamus Security Platform can detect and alert on actual connections to potentially harmful domains.
“Cybercriminals collaborate to execute attacks, so the cybersecurity industry must unite to defend against them,” said Stamus Networks CEO Ken Gramley. “We are working closely with Infoblox to enhance our integration with advanced data enrichment and automated responses. This collaboration helps security experts identify and address threats more proactively, respond faster to incidents, and strengthen overall security.”
Participation in the Infoblox Ecosystem Program
The integration of Infoblox BloxOne Threat Defense active indicators into the Stamus Security Platform marks the first milestone in Stamus Networks’ participation in the Infoblox Ecosystem Program. The Infoblox Ecosystem offers a set of integrations that unifies organizations’ security ecosystem, enabling seamless data exchange and automated response across diverse solutions. The integrations enable the broader cybersecurity ecosystem to work in unison to detect and remediate threats and empower organizations to eliminate silos, optimize security orchestration automation and response (SOAR) solutions, and enhance threat detection and response.
“We welcome Stamus Networks to the Infoblox Ecosystem Program,” said Seshamani Narasimhan, vice president, Corporate Strategy and Partnerships, Infoblox. “Their certified integration will enable more security teams worldwide to benefit from the east-west network visibility and NDR capabilities of the Stamus Security Platform.”
SOURCE: PRNewsWire