See more cyber threats.

Network Traffic Analysis (NTA) that halts sophisticated hackers.

Cyber threats are now ever-present and increasingly unpredictable. Traditional approaches, such as signature-based detection, can’t keep up.

We need a new, more advanced weapon: network behavior-based AI models that detect unknown threats — and shorten response time.

Learn more about next-generation NTA.

A closer look at detecting advanced threats…

In addition to spotting known threats, detection based on advanced behavioral data analysis can see better across the network — into the realm of “unknown unknown” threats. With behavior-based analysis, you get greater visibility into the types of attacks that are hardest to detect, such as modified malware, malware-less attacks, newly engineered attacks, and those masquerading as benign entities.

What are unknown unknown threats?

  • Malware leveraging new zero-day vulnerabilities
  • New Advanced Persistent Threats (APT) groups
  • Attacks targeting legacy equipment with limited or no cyber defenses

How can AI enable detection of unknown unknown threats?

  • Training predictive models to identify and classify all anomalies in a network
  • Applying human intelligence and intuition at scale to network anomalies
  • Increasing the amount of data from industry, supply-chain, or geographic-level analysis to build better AI models and achieve greater visibility into incoming threats across similar companies and/or sectors.

AI for Cybersecurity


Hype or High Priority?

Companies, organizations, and governments across sectors worldwide are looking for better ways to fight back against sophisticated, relentless hackers. Is AI the new defense tool? This white paper explores four ways machine learning, applied in a practical and focused way, can strengthen cybersecurity defense.

Seeing around the corner

How can you see the unknown across today’s vast cyber landscape with bad actors at every turn? IronDefense is IronNet’s massively scalable Network Traffic Analysis platform that leverages advanced behavioral analysis and integrated hunt to detect cyber threats capable of evading traditional cyber security tools.

“As we look to defend our estate as it integrates with various cloud environments, we were impressed by IronNet’s capabilities, especially in side-by-side testing with other analytic and detection platforms in the market today.”

– Richard Puckett
VP Security Operations
Strategy and Architecture

Gain Insight Quickly

  • Find the truth
    within the traffic.

    Existing security tools can be fooled, and log management stores can be altered. That’s why IronDefense examines the network traffic itself, making it much harder for an attacker to evade detection.

  • Detect
    unknown threats.

    The IronDefense platform uses advanced analytics, machine learning (ML), and artificial intelligence (AI) techniques to identify anomalous network traffic behavior patterns associated with advanced threats.

  • Risk prioritization, not just
    anomaly detection

    Anomaly detection alone is not enough. IronDefense collects enterprise, third-party, and other sources of contextual data and then draws on the nation’s top cyber offensive and defensive experts to analyze and rank the severity of the threat.

  • Pivot fast from
    detection to investigation.

    IronDefense’s built-in cyber hunt capabilities and full-PCAP analysis functionality enable security teams to quickly pivot from detection and triage to active hunt and remediation, all within a single user interface.

Customer use cases

Increasing visibility into the threat landscape

A large holding company needed to maximize the organization’s cybersecurity investments for 200 portfolio companies by validating detection of various threats. The customer defined 39 test cases of known and unknown threats, of which IronNet detected 95%.

The result?

The company now can confidently prove to its stakeholders that it is identifying more threats and mitigated risk of an attack.

Reducing the impact of an attack

An energy company faced a DNS tunneling attack (attributed to a third-party vendor with access to the corporate domain) that went undetected by the customer’s other cybersecurity tools. Using the DNS tunneling analytic in IronDefense and IronNet’s hunt services, we detected and reported to the company SOC within three hours of the activity occurring.

The result?

The asset had at least three types of malware on its host — and the customer was able to reduce dwell time and mitigate potential compromise of the corporate network. IP and sensitive information was protected, and IronNet improved the SOC’s effectiveness.


Discover more in the “Why behavior-based NTA matters” eBook.