IronNet is FedRAMP Ready
Meeting strict security requirements accelerates the Collective Defense mission
As IronNet leads the movement toward Collective Defense in cybersecurity, we have continued to strengthen our alignment with the needs of federal agencies and the companies that support them. This sector has critical security needs, and it recognizes that a traditional approach to cybersecurity is no longer enough, especially as adversaries, more and more, are accessing targets through weak spots in the supply chain. In fact, according to Accenture, indirect attacks now account for 40% of security breaches, making visibility across the private/public ecosystem through Collective Defense even more paramount.
To that end, IronNet is proud to announce that we have achieved FedRAMP Ready for Agency Authorization status, as approved by the Federal Risk and Authorization Management Program (FedRAMP). This government-wide compliance program provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Within that context, IronNet’s IronCloud offering, the cloud service component of IronNet’s Collective Defense platform, is available on Amazon Web Services (AWS) GovCloud and listed in the FedRAMP marketplace.
What doesFedRAMP Ready status mean?
To be awarded FedRAMP Ready, In-Process, or Authorized status, vendors and products go through a detailed and demanding audit of their data security processes and technology. This is a three-step process, the first step being the Readiness Assessment which resulted in IronNet’s FedRAMP Ready for Agency Authorization status. FedRAMP Ready status indicates a third party assessment organization (3PAO) attests to IronNet’s security capabilities, and a Readiness Assessment Report has been reviewed and deemed acceptable by the FedRAMP Program Management Office (PMO). The Readiness Assessment Report documents the Cloud Service Provider’s system information, compliance with federal mandates, and capability to meet FedRAMP security requirements. Step 2 is a full security assessment by the 3PAO. They conduct penetration testing, review the security system plan, and conduct a full audit of the system. A risk-based decision of the Agency granting IronNet’s IronCloud the Authority to Operate (ATO) for use of the system is the final step in the process.
IronNet’s achievement of Ready status for our IronCloud offering means the FedRAMP PMO has determined that IronNet can meet the FedRAMP security requirements and could be granted an Agency ATO.
Meeting government’s unique security needs
Until now, threat actors have been able to stay one step ahead of overextended government SOC teams, who typically are limited to conventional cybersecurity techniques and tools that have limited visibility for detecting unknown threats. IronNet is committed to partnering with government and commercial organizations to transform today’s approach to cybersecurity by working together to protect critical networks and data. We are answering the U.S. Cyberspace Solarium Commission’s call for collaboration: "Collective defense in cyberspace requires that the public and private sectors work from a place of truly shared situational awareness."
After all, the government is the backbone of our nation and states. Safeguarding its continuity and availability of services is critical, especially as cyber attacks become more sophisticated and numerous. But you need visibility to protect this foundation. As IronNet Founder and Co-CEO General (Ret.) Keith Alexander mentioned in “Winning the Cyber War with Collective Defense,” “One of the frustrations when I had U.S. Cyber Command was that we couldn’t see attacks on our country. With automatic, machine-speed threat sharing and collaboration between public and private enterprises, we now can arm the commercial sector with the ability to see threats, share that knowledge with each other, and anonymously share that information with the government so that they can use all the levels of power at their disposal to defend the nation.”
Improving security through Collective Defense
IronNet is founded on the concept that Collective Defense should be a key component of national level cybersecurity. Our core products, IronDefense and IronDome, were built around the idea of taking behavioral cyber threat intelligence and sharing it, in real-time, across multiple industry sectors (and voluntarily with the government) to facilitate the ability of companies to work together and defend their enterprises collaboratively as a unified front.
By focusing on network traffic and behavior, network detection and response can detect everything from a known bad Indicator of Compromise flagged through a threat intelligence feed to unknown malware using malicious behavior patterns. To be even more secure, Collective Defense enables correlated threat detection at network speed. What this means is that stakeholders in a public-private IronDome ecosystem can paint a bigger picture of an attack well beyond any single enterprise or organization, in turn pivoting to triage and collective response much more quickly.
Learn more about Collective Defense in the “Stronger as One” eBook.