An ecosystem-wide IronNet to catch bad behaviours

When SolarWinds was unveiled as the conduit for a number of attacks upon state and federal agencies, as well as private companies in the United States, Russian intelligence was identified as having carried out these attacks.

According to a news outlet, at least 24 tech companies like Intel, Microsoft, Cisco, VMware, Nvidia, and even FireEye have been targeted, along with one hospital and one university.

What chance do these organisations have against a nation-state with the will and resource to infiltrate and exfiltrate, persistently? At least one MNC has claimed it managed to fend off Russia’s advances. But what are the chances of a single hospital or university, doing so?

Cybersecurity company IronNet Cybersecurity (“IronNet”) is of the opinion that no man is an island, and the same goes for companies, when it comes to protecting against cyberattacks.

Perhaps, the tables can turn when there is collective knowledge and collective effort by the whole ecosystem, against nation-state threats.

Real-time collaboration

According to the company’s VP in APJ, Gaurav Chhiber, there are solutions to help increase an ecosystem’s knowledge of threats.

Last September, the company won a UK-based cybersecurity award for its IronDome Collective Defense Platform which offers real-time behavioural threat intelligence sharing and collaboration capabilities.

It can be described as the industry’s first automated solution for linking players in an ecosystem within a secure defense architecture.

Gaurav explained, that at some level it is crowdsourcing among different security operation centres (SOCs).

“Not only are we sharing information, we are enabling complete collaboration, where a SOC analyst in organisation A can chat with SOC analyst from organisation B, on the common threats that have been correlated in near real-time.”

It works based on traffic that IronNet can ingest, and can integrate with solutions from other vendors that have SIEM, SOAR and EDR platforms, Gaurav said.

“But we do have to run the analytics based on our proprietary detection tools (before sharing with rest of ecosystem).”

One thing IronNet is very proud of, is the analytics and maths that their data scientists have worked on in the last 7 years.

“We spend a lot of time perfecting the detection capabilities using our behavioural analytics algorithms,” Gaurav said. That is the glue that enables Collective Defense.

Operationalising technologies

According to Gaurav, the founder of IronNet had noted the lack of working operational technology for real-time sharing of threat info between different sectors, agencies and countries, during his tenure as Director of the National Security Agency (NSA)

After General Keith Alexander left NSA to found IronNet, he made it the company’s mission to solve this huge gap in threat info-sharing.

Collective Defense, is a solution that operationalises technology deployed in a given ecosystem to facilitate defense that is collaborative, while maintaining traffic anonymity.

This is something regulators can value if for example, they want to have visibility of “bad” behaviour between the different investments, or critical information infrastructures (CII) across a region.

Being able to correlate network behaviour between one environment and environment of another ecosystem player, can inform the responses that SOCs can take individually, or collectively, to mitigate threats.

Unique capabilities

IronNet employs a high percentage of former NSA, FBI and DOD employees with offensive and defensive cyber experience.

“When you apply all that to a cybersecurity company that supports the public and private sector, you see very different capabilities,” Gaurav said.

To add, there are also CyOps or cybersecurity operations centres, where ‘hunters’ with decent amount of experience in aforementioned agencies, offer advanced level advisory and ticket support to customers who need their experience and expertise.