IronNet, Inc. announced enhanced capabilities of its network detection and response (NDR) solution, IronDefense. Recognized with the highest possible rating for Enterprise Advanced Security NDR Detection by SE Labs, IronDefense enables advanced and early visibility of unknown cyber threats that have slipped past endpoint and firewall detection and entered the network, whether on-premises or in the cloud. With IronNet's latest NDR updates, Security Operations Center (SOC) analysts can use IronDefense to detect VPN abuse such as high failed logins, password spray, and suspicious login times, any of which may be indicative of a brute force attack or unauthorized access attempts.

Additional analytics updates enable detection of ongoing patterns of both fixed-interval and randomized-timing beacon activity as well as the detection of DNS tunnels using advanced encoding techniques being leveraged by attackers. The IronNet product team also has evolved IronDefense's ease of use. Specifically, new sensors can now be auto-commissioned and auto-upgraded without requiring interaction from the SOC staff.

From an ecosystem perspective, IronDefense enables customers using SentinelOne endpoint detection and response (EDR) to create and update network inventory as well as isolate a device in a SentinelOne-deployed network remotely from the Entity page in the IronDefense user interface. Similar capability exists for CarbonBlack and Crowdstrike endpoints. IronNet continues to empower security teams to do more with fewer resources, especially as organizations struggle to find the level of security talent needed to secure the network against both advanced and less sophisticated cyber attacks.

The IronDefense product updates, suitable for organizations with more cyber-mature teams, complement IronNet's new proactive command and control (C2) threat intel feed, IronRadarSM. Developed by IronNet's team of elite threat hunters, IronRadar scours the internet fingerprinting servers to determine whether they are C2 infrastructure while being stood up, even before a cyber attack, such as ransomware, is initiated. Available now on AWS Marketplace for a free 14-day trial, IronRadar allows organizations with less sophisticated cybersecurity infrastructure to proactively and automatically update their existing cybersecurity tools to be able to block suspicious and malicious indicators of adversary infrastructure as they are being set up.

IronNet's advanced threat detection technology and proactive threat intelligence allow the IronNet Collective DefenseSM platform, powered by AWS, to serve as an early warning system for all companies and organizations participating in IronNet's shared defense approach to cybersecurity.