Network detection and response company IronNet has launched a new solution designed to “proactively and automatically update a customer's cyber tools with malicious indicators for adversary infrastructure," the company announced in a prepared statement.
Dubbed IronRadar, the solution “fingerprints” a server to determine whether it is a command and control (C2) service while those servers are being stood up — even before initiation of a cyberattack, the company explained.
Developed by IronNet’s threat hunter team, IronRadar enriches the data by creating purpose-built intelligence updates to proactively block adversarial infrastructure. IronNet touts 98% accuracy over six months of testing or IronRadar.
IronNet states that IronRadar enables a customer’s security operations center (SOC) to:
- Actively block known C2 and emerging threat C2 indicators of compromise
- Integrate real-time threat intelligence into any security solution
- Accelerate threat response by exposing the adversaries and evolving tradecraft targeting infrastructure.
Don Closser, chief product officer of IronNet, explained the advantages to IronRadar:
“We know that Cobalt Strike and other open-source tools provide the framework for legitimate ‘red team’ activities. Unfortunately, open-source tools are being used by advanced persistent threat groups to gain access to systems, establish C2, and launch attacks. Thanks to our innovative and dedicated (sic) team, IronRadar can identify threats as new adversarial infrastructure servers appear and before they can be used in sophisticated cyberattacks.”
IronRadar Available From AWS Marketplace
IronRadar is available for all networks — beyond the IronNet Collective Defense platform community — as an annual subscription sold directly from the Amazon Web Services (AWS) Marketplace. Once installed, customers can easily upgrade to join the Collective Defense community at any time.
IronNet notes that the Collective Defense platform serves as an early warning system for all participating companies and organizations. Correspondingly, it strengthens network security through correlated alerts, automated triage and extended hunt support.
Christopher Kissel, research vice president of Security and Trust Products at IDC, a market intelligence firm, believes that IronRadar is a cybersecurity industry “game changer”:
“Detecting weaponized C2 servers before they connect to a network and inflict damage like ransomware and eCrimes is a daunting challenge for all organizations. The launch of the purpose-built threat intelligence feed from IronNet is a game changer because it proactively blocks known, new and unreported C2 infrastructures.”
IronNet Teams with CISA on National Cyber Defense
Founded in 2014 by General (Ret.) Keith Alexander, IronNet in August 2022 struck an agreement to share information from its Collective Defense platform with the Cybersecurity and Infrastructure Security Agency (CISA), to help the federal agency defend against increased cyber threats against U.S. interests. IronNet is a member of the Joint Cyber Defense Collaborative (JCDC).
IronNet employs a number of former NSA cybersecurity operators with offensive and defensive cyber experience while offering a managed security service partner program. Alexander is the former director of the NSA.