“We are incredibly proud of earning this prestigious top SE Labs AAA designation,” said IronNet Chief Product Officer, Don Closser. “Our IronDefense NDR solution not only is built by the finest data scientists in the industry but also is fine-tuned by human insights from elite cyber analysts who have brought to IronNet years of experience from the highest echelons of cybersecurity in both government and the private sector.”
Using IronDefense, SE Labs evaluators tested IronNet’s NDR solution against a range of tactics, techniques and procedures (TTP) designed to compromise systems and penetrate target networks in the same way criminals and other attackers breach target networks and supply chains. Full chains of attack were used, meaning that evaluators behaved as real attackers, probing targets using a variety of TTP and vectors before attempting to gain lower-level and more powerful access. Finally, the evaluators (“attackers”) attempted to complete their missions, which might have included stealing information, damaging systems, and connecting to other systems on the network.
Elaborating on IronNet’s highest possible rating for Enterprise Advanced Security NDR Detection, the SE Labs Intelligence-Led Testing Report notes that, “The results are strong and not one attack went undetected. IronNet IronDefense detected each attack at the execution stage, which is when it starts to run on a target. In two cases it also detected the threat as it was delivered to the target.”
At the core of IronDefense’s artificial intelligence (AI)-based detection capabilities is an industry-unique threat correlation engine that increases alert fidelity by automatically correlating patterns of suspicious behavior across the attack kill chain. These correlation-based detections bring to surface malicious threats that otherwise would have gone unnoticed based on a single indicator.
This IronDefense enhancement uses machine learning algorithms — infused by the insights of IronNet’s elite cyber analysts — to address the common challenges of alert overload and a severe talent shortage that continues to plague companies and organizations. Essentially by turning human expertise into code, IronDefense allows security operations center (SOC) analysts to detect threats early in the attack campaign for timely and relevant detections before business value is lost.
These automation capabilities also enable analysts to “prove the positive'' – in other words, to confirm that their enterprise network is safe from cyber attacks. IronNet’s best-in-class behavioral analytics make existing tools smarter by converting data to information to actionable insights, focusing on unknown threats that signature-based detection tools often miss.
In addition to enabling advanced detection capabilities that improve the signal-to-noise ratio, these correlation-based detections power the IronNet Collective Defense SM platform, which delivers real-time visibility across companies, sectors, states, and/or governments so community members can securely and anonymously share threat insights and expert commentary on how to triage similar attacks observed by other Collective Defense community members.
The SE Labs evaluators simulated tactics used by threat groups such as FIN7 & Carbanak, OilRig, APT3, and APT29 — all of which have been used in government espionage and attacks against the energy, financial, and US Retail Restaurant and Hospitality sectors. The APT29 threat group, for instance, has been attributed to Russia's Foreign Intelligence Service (SVR) and operating since at least 2008. It is known to target government networks in Europe and NATO member countries, research institutes, and think tanks and, as such, is on cyber defenders’ current radar in light of the Russia-Ukraine war.
The Collective Defense platform serves as an early threat warning system for all by giving all members relevant and actionable insight into potential incoming attacks.
