Stamus Networks Boosts AI in NDR for Enterprise-Scale Security

PARIS and INDIANAPOLIS – May 19, 2026 – Stamus Networks today announced a significant update to its flagship network security platform, aiming to deepen the role of artificial intelligence in security operations and scale its capabilities for the largest and most complex corporate environments. The release of Clear NDR U42.2 introduces a suite of enhancements designed to accelerate threat hunting and reduce the burden on overworked security analysts.

The update comes as security teams globally grapple with an ever-increasing volume of threats and a persistent shortage of skilled professionals. The core challenges in a modern Security Operations Center (SOC) often revolve around “alert fatigue”—an overwhelming stream of notifications that can obscure genuine threats—and the time-consuming process of investigating potential incidents. Stamus Networks' latest release directly targets these pain points by embedding AI more deeply into the investigation workflow and overhauling the primary interface for security analysts.

From Signal to Verdict: AI as an Analyst's Partner

A central pillar of the U42.2 release is the significant expansion of its Model Context Protocol (MCP) toolset. This framework allows AI agents and automated systems to interact directly with the Clear NDR platform's core investigative functions. With four new tools added, bringing the total to 14, AI agents can now perform tasks that were previously the exclusive domain of human analysts. This includes querying raw network telemetry, analyzing behavioral patterns across metadata, and validating the security posture by checking detection coverage.

This enhancement is designed to change the dynamic between AI and human operators. Instead of simply generating alerts, the AI becomes an active partner in the investigation.

"We introduced the MCP integration in Clear NDR to extend investigative capabilities into the AI workflow," said Éric Leblond, co-founder and CTO of Stamus Networks. "With U42.2, AI agents can query raw network events, validate detection coverage, analyze behavioral patterns across metadata, and guide analysts directly to the underlying evidence without disrupting the investigation process. That is the type of architecture modern SOC teams require as AI becomes more deeply integrated into security operations."

The update also streamlines the crucial step of moving from an automated detection to a human-led investigation. The platform's high-confidence alerts, known as Declarations of Compromise® and Declarations of Policy Violations®, now include direct hyperlinks into the newly redesigned analyst console. This seemingly small change represents a significant efficiency gain, eliminating manual steps and allowing analysts to pivot from an AI-generated finding to the complete evidentiary context with a single click.

Built for the Enterprise: Scaling Security Operations

Beyond the AI enhancements, Clear NDR U42.2 makes a strong statement about its readiness for large-scale deployments. The company announced significant performance and scalability improvements, claiming support for environments with 500 or more network probes. In conjunction with its Host Insights™ feature, the platform can now simultaneously track security parameters across 500 million hosts.

These figures position the platform to compete for contracts with very large enterprises and Managed Security Service Providers (MSSPs), which manage security for multiple clients and face immense data volumes. In the competitive Network Detection and Response (NDR) market, which includes players like Vectra AI, Darktrace, and ExtraHop, the ability to scale effectively without compromising performance is a critical differentiator. Stamus Networks is signaling that its solution is not just for mid-sized organizations but is architected for the most demanding network environments.

Further bolstering its enterprise credentials, the release adds new REST API endpoints. This allows for tighter integration with third-party tools, including Security Orchestration, Automation, and Response (SOAR) platforms, enabling organizations to incorporate Clear NDR's rich network intelligence into their broader, automated security workflows.

A Modern Experience for the Front-Line Defender

Recognizing that technology is only as effective as the people using it, Stamus Networks has also invested heavily in the user experience. The U42.2 update introduces a major redesign of the Clear NDR Analyst Operations Console. The company states the new interface is faster, more responsive, and features improved navigation, richer data visualizations, and more intuitive contextual tooltips.

"Effective threat hunting and incident investigation depend on analysts having fast access to the right data and workflows," noted Peter Manev, co-founder of Stamus Networks. The redesign focuses on minimizing "operational friction," based on the principle that every second an analyst spends navigating a tool is a second not spent focused on a threat.

This focus on the analyst is also reflected in the addition of 32 new threat hunting filter sets and 23 advanced protocol analytics dashboards. According to Manev, these new assets are born from years of field experience, particularly in complex Operational Technology (OT) and Internet of Things (IoT) environments where non-standard protocols and diverse device behaviors can make investigations notoriously difficult.

This combination of a powerful open-source core—Clear NDR is built upon Suricata, the world's leading open-source network security engine—with a refined, analyst-centric user experience and enterprise-grade scalability, provides a transparent and highly customizable alternative to more "black box" proprietary systems. For organizations that value control and visibility into how their security tools work, this open approach remains a compelling part of the platform's appeal. Clear NDR U42.2 is available now for existing enterprise customers.