IronNet Collective Defense platform enhancements reduce false positives

IronNet announced new capabilities of its cybersecurity platform to enable analysts to confirm that their enterprise network is safe.

IronNet Collective Defense platform

Available now, IronNet’s newest Collective Defense platform enhancements offer three key benefits:

  • Increasing alert fidelity by automatically correlating patterns of suspicious behavior across the attack kill chain, bringing to surface malicious threats that would have gone unnoticed based on a single indicator
  • Protecting managed and unmanaged devices from malware, ransomware, and advanced persistent threats (APTs)
  • Enabling timeline analysis of APTs and pattern-of-life threat-type investigations over extended time windows for threat hunting

These capabilities give companies and organizations more timely and relevant detections for faster response to network attacks before business value is lost. As the current Russia-Ukraine situation demonstrates, the ability to prove the positive is essential, especially when the threat of cyber warfare places the financial and energy sectors at great risk.

Nation-state cyber attacks have doubled over the last three years, and highly organized cyber criminal groups are increasingly backed by nation-states. At the same time, alert overload and a severe talent shortage continue to plague companies and organizations. McKinsey recently noted that 60% of enterprise-level SOC analysts analyze and triage less than 40% of their enterprises’ log data. Malicious threats are going undetected and/or uninvestigated.

The IronNet Collective Defense platform addresses these challenges by allowing companies and organizations to prove the safety and health of the network through correlated alerting, automated triage, and extended hunt support. The new threat engine improves alert fidelity and analyst workflow by enhancing risk scoring and alert prioritization, resulting in significantly reduced alert loads and investigation time.

“IronNet’s goal is to use best-in-class behavioral analytics to make existing tools smarter by converting data from information into actionable insights, focusing on unknown threats that signature-based detection tools often miss. Along with leveraging IronNet’s ability to enable real-time threat sharing in a Collective Defense Community, SOC analysts can better address the long-standing problem of having to manage too many false positives,” said Dean Teffer, PhD, IronNet Vice President of Detection and Analytics.

Sharper tools for hunting APTs as they hide in and move across the network

The additional platform enhancements also improve threat hunting by providing integrated malware and ransomware detection based on automated analysis of payloads as they traverse the network. These detections protect managed and unmanaged devices (e.g., OT and IoT) from ransomware and malware.

The platform’s hunt panel now features extended hunt, expanding the investigation window to 30, 60, and 90 days (per individual customer service level agreement) over metadata and the associated packet capture (PCAP) data. This capability offers IronNet customers a fully integrated hunt platform designed for easy pivoting from an isolated alert down to the metadata and full PCAP associated with that alert, providing more time to respond and triage based on longer-term historical analysis and historical context.

“Nation-states are wielding cyber as an element of national power. At IronNet, we are committed to our mission of ensuring that companies and organizations across the private and public sectors have the best technological capabilities at hand to defend their networks from the impact of cyber warfare, intellectual property theft, ransomware attacks, malicious system control, and other consequences of cyber attacks,” stated General (Ret.) Keith Alexander, IronNet Founder and Co-CEO.




Share this