IronNet, Inc. of McLean, VA announced on March 2 new automation capabilities of its cybersecurity platform to enable security operations center (SOC) analysts to “prove the positive” – in other words, to confirm that their enterprise network is safe from cyber attacks.
The ability to prove the positive is essential, especially when the threat of cyber warfare places the financial and energy sectors at great risk. Nation-state cyber attacks have doubled over the last three years, and highly organized cyber criminal groups are increasingly backed by nation-states. At the same time, alert overload and a severe talent shortage continue to plague companies and organizations.
The IronNet Collective Defense platform addresses these challenges by allowing companies and organizations to prove the safety and health of the network through correlated alerting, automated triage, and extended hunt support. The new threat engine improves alert fidelity and analyst workflow by enhancing risk scoring and alert prioritization, resulting in significantly reduced alert loads and investigation time.
“IronNet’s goal is to use best-in-class behavioral analytics to make existing tools smarter by converting data from information into actionable insights, focusing on unknown threats that signature-based detection tools often miss. Along with leveraging IronNet’s ability to enable real-time threat sharing in a Collective Defense Community, SOC analysts can better address the long-standing problem of having to manage too many false positives,” said Dean Teffer, PhD, IronNet vice president of detection and analytics.
The additional platform enhancements also improve threat hunting by providing integrated malware and ransomware detection based on automated analysis of payloads as they traverse the network. These detections protect managed and unmanaged devices (e.g., OT and IoT) from ransomware and malware.
The platform’s hunt panel now features extended hunt, expanding the investigation window to 30, 60, and 90 days (per individual customer service level agreement) over metadata and the associated packet capture (PCAP) data. This capability offers IronNet customers a fully integrated hunt platform designed for easy pivoting from an isolated alert down to the metadata and full PCAP associated with that alert, providing more time to respond and triage based on longer-term historical analysis and historical context.
“Nation-states are wielding cyber as an element of national power. At IronNet, we are committed to our mission of ensuring that companies and organizations across the private and public sectors have the best technological capabilities at hand to defend their networks from the impact of cyber warfare, intellectual property theft, ransomware attacks, malicious system control, and other consequences of cyber attacks,” stated General (Ret.) Keith Alexander, IronNet founder and co-CEO.
Source: IronNet
By Loren Blinde
March 4, 2022
