Enhancing Zero Trust environments with IronDefense
As I mentioned last week in "Industry analysts validate IronNet in Network Detection and Response market," June was a busy month of validation by industry analysts for IronNet's IronDefense and IronDome solutions. Forrester, for example, named us a representative vendor in its new NowTech: Network Analytic and Visibility, Q2, 2020 research, which covers the implementation of Zero Trust environments.
Key factors to Zero Trust environments
A key factor to delivering the benefits of a Zero Trust environment is the ability to monitor network, devices, workload, and people using analytics and visibility tools such as IronDefense and taking the outputs of that data to automate and orchestrate security responses. It is precisely for these reasons why Forrester recommends in its NowTech report that adding a NAV solution such as IronDefense is a critical component for network detection, asset management, and overall Zero Trust capabilities.
IronDefense’s ability to monitor network traffic and its ability to apply advanced behavioral analysis to identify anomalous activity within your network addresses some of the key factors and capabilities that Forrester recommends its clients to consider. We enable our customers to:
- Passively identify changes within your infrastructure - Understanding which assets are present in your network and how devices and access change over time in your network is critical to understanding your risk coverage and establishing confidence in the metrics you collect as a security organization. IronDefense identifies these patterns of behaviors and integrates with your SIEM, ITSM, or other IT or security tools to provide up-to-the minute visibility of your network. This visibility is especially important in our current COVID-19 world where enterprises are experiencing new norms from employees working primarily from home.
- Identifying patterns of communication for network micro-segmentation - Understanding traffic flows, communication patterns, and protocol usage is a crucial determinant of how to apply network segmentation within a Zero Trust environment. IronDefense identifies patterns of behaviors within a network by entity and can distinguish between normal, anomalous, suspicious, and malicious traffic. This can be outputted into an enterprise’s SOAR for automated network segmentation using their existing playbooks or integrated with their analyst workbench (typically their SIEM or GRC tool) to allow manual investigation and subsequent segmentation of the network traffic based on risk.
- Improve threat detection across the kill chain. Gaining visibility and understanding risk coverage gaps in your infrastructure — and applying a network behavioral detection solution such as IronDefense — may be the only opportunity to detect suspicious behavior in the environment. IronDefense leverages proven behavioral analysis techniques that detect beaconing, lateral movement, credential phishing, and other threats where endpoint products failed or, in the case of IoT or Operational Technology (OT), are not available.
Adding IronDefense alongside your existing cybersecurity infrastructure improves the capabilities and value of those investments by providing the visibility that enables your security team to proactively take action on stealthy threats. It also helps reduce the impact of an attack by enhancing your ability to mitigate the risk of an attacker breaching your network and their ability to steal sensitive data or cause harm to your organization as in the case of destructive attacks like ransomware.
In my next blog, I will analyze Omdia's "On the Radar: IronNet Cybersecurity applies analytics, threat intelligence for collective defense" report.