IronNet has released IronRadar, a new solution designed to proactively and automatically update customers’ cybersecurity tools with malicious indicators for adversary infrastructure.
Developed by IronNet’s team of threat hunters, IronRadar uses a process that fingerprints a server and determines whether it is a command and control (C2) server while those servers are being stood up, even before a cyber attack is initiated.
IronRadar enriches the data creating purpose-built intelligence updates for blocking adversarial infrastructure, and was observed to have 98% accuracy over six months of testing.
“We know that Cobalt Strike and other open-source tools provide the framework for legitimate ‘red team’ activities,” said Don Closser, Chief Product Officer of IronNet.
“Unfortunately, open-source tools are being used by advanced persistent threat groups to gain access to systems, establish C2, and launch attacks. Thanks to our innovative and dedicated CyOC team, IronRadar can identify threats as new adversarial infrastructure servers appear and before they can be used in sophisticated cyber attacks.”, Closser continued.
“Detecting weaponized C2 servers before they connect to a network and inflict damage like ransomware and eCrimes is a daunting challenge for all organizations,” said Christopher Kissel, Research Vice President of Security and Trust Products, at IDC.
“The launch of the purpose-built threat intelligence feed from IronNet is a game changer because it proactively blocks known, new, and unreported C2 infrastructures.”, Kissel continued.
IronRadar is the automated threat intelligence feed developed specifically to combat C2 behavior. This tool enables a customer’s SOC to:
- Actively block known C2 and emerging threat C2 IoCs.
- Integrate real-time threat intelligence into any security solution – SIEM, SOAR, Incident Response, and more.
- Accelerate threat response by exposing the adversaries and evolving tradecraft targeting infrastructure.
IronRadar integrates seamlessly with the IronNet Collective Defense platform, powered by AWS, which is the solution that can identify anomalous behaviors and deliver actionable attack intelligence to all the other participants in the IronNet community.
The Collective Defense platform serves as an early warning system for all participating companies and organizations, strengthening network security through correlated alerts, automated triage, and extended hunt support.