In addition to spotting known threats, detection based on advanced behavioral data analysis can see better across the network — into the realm of “unknown unknown” threats. With behavior-based analysis, you get greater visibility into the types of attacks that are hardest to detect, such as modified malware, malware-less attacks, newly engineered attacks, and those masquerading as benign entities.
What are unknown unknown threats?
Malware leveraging new zero-day vulnerabilities
New Advanced Persistent Threats (APT) groups
Attacks targeting legacy equipment with limited or no cyber defenses
How can AI enable detection of unknown unknown threats?
Training predictive models to identify and classify all anomalies in a network
Applying human intelligence and intuition at scale to network anomalies
Increasing the amount of data from industry, supply-chain, or geographic-level analysis to build better AI models and achieve greater visibility into incoming threats across similar companies and/or sectors.
Seeing around the corner
How can you see the unknown across today’s vast cyber landscape with bad actors at every turn? IronDefense is IronNet’s massively scalable Network Traffic Analysis platform that leverages advanced behavioral analysis and integrated hunt to detect cyber threats capable of evading traditional cyber security tools.
“As we look to defend our estate as it integrates with various cloud environments, we were impressed by IronNet’s capabilities, especially in side-by-side testing with other analytic and detection platforms in the market today.”
– Richard Puckett
VP Security Operations Strategy and Architecture
Customer use cases
Increasing visibility into the threat landscape
A large holding company needed to maximize the organization’s cybersecurity investments for 200 portfolio companies by validating detection of various threats. The customer defined 39 test cases of known and unknown threats, of which IronNet detected 95%.
The company now can confidently prove to its stakeholders that it is identifying more threats and mitigated risk of an attack.
Reducing the impact of an attack
An energy company faced a DNS tunneling attack (attributed to a third-party vendor with access to the corporate domain) that went undetected by the customer’s other cybersecurity tools. Using the DNS tunneling analytic in IronDefense and IronNet’s hunt services, we detected and reported to the company SOC within three hours of the activity occurring.
The asset had at least three types of malware on its host — and the customer was able to reduce dwell time and mitigate potential compromise of the corporate network. IP and sensitive information was protected, and IronNet improved the SOC’s effectiveness.
IronNet’s mission is to deliver the power of collective defense to defend companies, sectors, and nations. Our team consists of expert offensive and defensive cybersecurity operators with unmatched experience defending commercial and government networks against advanced threats.