IronNet has announced new automation capabilities of its cybersecurity platform to enable security operations center (SOC) analysts to ‘prove the positive’ – in other words, to confirm that their enterprise network is safe from cyber attacks. Available now, IronNet’s newest Collective Defense platform enhancements offer three key benefits:
- increasing alert fidelity by automatically correlating patterns of suspicious behavior across the attack kill chain, bringing to surface malicious threats that would have gone unnoticed based on a single indicator protecting managed and unmanaged devices from malware, ransomware, and advanced persistent threats (APTs) enabling timeline analysis of APTs and pattern-of-life threat-type investigations over extended time windows for threat hunting. These capabilities give companies and organizations more timely and relevant detections for faster response to network attacks before business value is lost. The ability to prove the positive is essential, especially when the threat of cyber warfare places the financial and energy sectors at great risk. Nation-state cyber attacks have doubled over the last three years, and highly organized cyber criminal groups are increasingly backed by nation-states. At the same time, alert overload and a severe talent shortage continue to plague companies and organizations. McKinsey recently noted that 60 percent of enterprise-level SOC analysts analyze and triage less than 40 percent of their enterprises’ log data. Malicious threats are going undetected and/or uninvestigated.
The IronNet Collective Defense platform addresses these challenges by allowing companies and organizations to prove the safety and health of the network through correlated alerting, automated triage, and extended hunt support. The new threat engine improves alert fidelity and analyst workflow by enhancing risk scoring and alert prioritization, resulting in significantly reduced alert loads and investigation time.
Dean Teffer, PhD, Vice President of Detection and Analytics, IronNet, said, “IronNet’s goal is to use best-in-class behavioral analytics to make existing tools smarter by converting data from information into actionable insights, focusing on unknown threats that signature-based detection tools often miss. Along with leveraging IronNet’s ability to enable real-time threat sharing in a Collective Defense Community, SOC analysts can better address the long-standing problem of having to manage too many false positives.”
Sharper tools for hunting APTs as they hide in and move across the network
The additional platform enhancements also improve threat hunting by providing integrated malware and ransomware detection based on automated analysis of payloads as they traverse the network. These detections protect managed and unmanaged devices (e.g., OT and IoT) from ransomware and malware.
The platform’s hunt panel now features extended hunt, expanding the investigation window to 30, 60, and 90 days (per individual customer service level agreement) over metadata and the associated packet capture (PCAP) data. This capability offers IronNet customers a fully integrated hunt platform designed for easy pivoting from an isolated alert down to the metadata and full PCAP associated with that alert, providing more time to respond and triage based on longer-term historical analysis and historical context.
General (Ret.) Keith Alexander, Founder, Co-CEO, IronNet, said, “Nation-states are wielding cyber as an element of national power. At IronNet, we are committed to our mission of ensuring that companies and organizations across the private and public sectors have the best technological capabilities at hand to defend their networks from the impact of cyber warfare, intellectual property theft, ransomware attacks, malicious system control, and other consequences of cyber attacks.”