While the benefits of this approach are well documented, misconceptions remain.


IronNet Blog

Executive Commentary, Threat Research, and Analysis from the IronNet team.

Is your data secure in a Collective Defense ecosystem?

While the benefits of this approach are well documented, misconceptions remain.

If you know one thing about IronNet you know this: we believe in Collective Defense. And while the benefits of this approach are well documented, misconceptions remain.

In a previous post by IronNet Senior Security Strategist Greg Conti, we examined the misconception that working together in a Collective Defense system diminishes your competitive advantage. We now understand that no organization is equipped to defend alone against cyber attacks. Threat information isn’t a competitive advantage; instead, it benefits the sector at large by keeping the shared cyber landscape healthy.

What about data security?

Another misconception about Collective Defense is that it compromises data security. Not true: The information shared in IronNet’s Collective Defense platform, IronDome, isn’t public, and corporate data privacy is protected through anonymized data sharing and encryption upon transit to and from the ecosystem. In other words, no company must give up data ownership or privacy to reap the benefits of working together: improved visibility across the threat landscape, faster time to response, and improved effectiveness of existing cybersecurity investments.

At IronNet, we practice data minimization, meaning we remove information that is not necessary for the purposes of Collective Defense. We take the following steps to ensure data minimization:

  1. Data protection

IronNet uses a rigorous, automated process to prevent disclosure of sensitive information. We leverage customer input and security expertise to identify metadata that contains sensitive information, in turn eliminating enterprise-identifying information such as IP addresses, domains, intellectual property (IP), and personally identifiable information (PII).

  1. Encryption

All data sent to IronDome, our Collective Defense solution, is encrypted before transmission. This encrypted information is pushed to the IronDome data repository where it is stored and analyzed. Data within the IronDome system is encrypted while at rest. All transmissions back to a participant’s IronDefense system(s) are encrypted in the same manner.

  1. Data enrichment protection

Within CloudConnect, the purpose of enrichment is to retrieve up-to-date information about external domains and IP addresses to enhance the behavior detections of IronDefense. These enrichments require constant updating and connection to the public internet. The enrichments are then used to prioritize the IronDefense detections.

  1. Collective Defense correlation

Within IronDome, Collective Defense correlations identify how metadata from one instance of IronDefense is related to metadata from another instance of IronDefense. This includes correlating IP addresses, domains, and behavioral metadata from IronDefense’s detections. These correlations drastically improve the efficiency of the alert triage process.

IronNet’s user interface displays community correlations and analyst assessments.

Additional data protection measures

In addition to these efforts, we prevent the disclosure of sensitive information by restricting data access according to privacy best practices and regulatory requirements.

In practice, this means we restrict access to raw IronDome messages to IronDome data scientists, threat researchers, and analytics teams for the purposes of developing and applying IronDome analytical capabilities and improving the effectiveness of security protections. IronNet has achieved SOC 2 Type II certification, ensuring strong security policies and an internal controls environment for this type of work.

On the client side, no access to raw IronDome messages is provided. Instead, participants receive derived threat insights from IronDome that inform threat correlation, analyst assessment and commentary, and risk scoring analysis to locally detected behavioral patterns by the participant’s IronDefense instance. In other words, you get the insight without the risk.

IronNet’s IronDefense App for Splunk displays IronDome
community notifications to prioritize analyst workflow.

Cybersecurity in the data sharing economy

Collective Defense is gaining traction based on the simple concept that we’re stronger together. But our approach to data protection is anything but simple. IronNet has developed strict data protocols to ensure the utmost security of sensitive information while delivering the full benefits of a Collective Defense ecosystem.

To learn more about how Collective Defense can bolster your defense through collaboration, download our white paper, “6 Misconceptions About Collective Defense.”