IronNet has launched IronRadar, a new solution designed to proactively and automatically update customers’ cybersecurity tools with malicious indicators for adversary infrastructure.
Developed by IronNet’s team of elite threat hunters, IronRadar uses an innovative process that fingerprints a server and determines whether it is a command and control (C2) server while those servers are being stood up, even before a cyber attack is initiated. IronRadar enriches the data creating purpose-built intelligence updates for proactively blocking adversarial infrastructure, and was observed to have 98% accuracy over six months of testing.
“We know that Cobalt Strike and other open-source tools provide the framework for legitimate ‘red team’ activities,” said Don Closser, Chief Product Officer of IronNet. “Unfortunately, open-source tools are being used by advanced persistent threat groups to gain access to systems, establish C2, and launch attacks. Thanks to our innovative and dedicated CyOC team, IronRadar can identify threats as new adversarial infrastructure servers appear and before they can be used in sophisticated cyber attacks.”
IronRadar is now available for all networks beyond the IronNet Collective Defense platform community as an annual subscription – sold directly from the Amazon Web Services (AWS) Marketplace makes it cost effective and easy to buy and scale. Once installed, customers can easily upgrade to join the Collective Defense community at any time.
“Detecting weaponized C2 servers before they connect to a network and inflict damage like ransomware and eCrimes is a daunting challenge for all organizations,” said Christopher Kissel, Research Vice President of Security and Trust Products, at IDC. “The launch of the purpose-built threat intelligence feed from IronNet is a game changer because it proactively blocks known, new, and unreported C2 infrastructures.”
IronRadar is the only existing automated threat intelligence feed developed specifically to combat C2 behavior. This easy-to-use tool enables a customer’s SOC to:
- Actively block known C2 and emerging threat C2 IoCs.
- Integrate real-time threat intelligence into any security solution – SIEM, SOAR, Incident Response, and more.
- Accelerate threat response by exposing the adversaries and evolving tradecraft targeting infrastructure.
IronRadar integrates seamlessly with the IronNet Collective Defense platform, powered by AWS, which is the only solution that can identify anomalous behaviors and deliver actionable attack intelligence to all the other participants in the IronNet community. The Collective Defense platform serves as an early warning system for all participating companies and organizations, strengthening network security through correlated alerts, automated triage, and extended hunt support.