Organizations are on the move to the cloud as part of their digital transformation. But they might be unaware of unknown threats that slipped past endpoint and firewall detection. A network detection and response solution is needed to embolden analysts on any team to gain visibility across the entire threat landscape.
IronNet’s IronDefense solution enables advanced and early visibility of unknown cyber threats that might have snuck past endpoint and firewall detection and entered the network, whether on-premises or in the cloud. And IronNet is in the process of adding enhanced capabilities to the solution.
IronNet’s latest NDR updates allow security operations center analysts to use IronDefense to detect VPN abuse such as high failed logins, password spray and suspicious login times. Additional analytics updates enable detection of ongoing patterns of fixed-interval and randomized-timing beacon activity as well as the detection of DNS tunnels using advanced encoding techniques being leveraged by attackers.
Additionally, new sensors are auto-commissioned and auto-upgraded without requiring interaction from the SOC staff.
And, from a more ecosystem perspective, IronDefense enables customers using SentinelOne EDR to create and update network inventory as well as isolate a device in a SentinelOne-deployed network remotely from the entity page in the IronDefense UI. Similar capability exists for CarbonBlack and Crowdstrike endpoints.
"We strive always to integrate best-in-class behavioral analytics to stay ahead of ever-changing tactics, techniques and procedures used by nation-state adversaries and cyber-criminal organizations,” said Raj Sivasankar, IronNet vice president of product management. “Our goal is to deliver enhanced, broad and early visibility of threats on enterprise networks–well before business impact.”
The update to the IronDefense solution is proof that IronNet continues to empower security teams to do more with fewer resources. This is of vital importance as organizations seem to struggle to find the level of security talent needed to secure the network against advanced and less sophisticated cyberattacks.
IronNet’s advanced threat detection technology and proactive threat intelligence allow the IronNet Collective Defense platform, powered by AWS, to serve as an early warning system for organizations participating in IronNet’s shared defense approach to cybersecurity.
Edited by Erik Linask