Challenge: This sovereign wealth fund with a $300B portfolio needed better visibility of network threats across its portfolio companies.
Why IronNet: The company chose a Collective Defense IronDome to reduce time to detection via threat sharing across its portfolio companies.
Of note: Speaking about a recent BotNet detection, the firm’s Chief Technology Officer notes that, “None of our other threat hunting tools sparked an alarm. This may suggest that we can turn off some of our other threat hunting tools and save money using IronNet.”
A prominent sovereign wealth fund maintains an expansive investment portfolio of more than $300 billion across multiple sectors. Although these portfolio companies provide regular updates to the sovereign wealth fund on a variety of matters, including cybersecurity, they were not in the habit of collaborating regularly with each other on these critical issues. In fact, most of the portfolio companies maintain their own independent Security Operations Center (SOC) team, and some share a managed security services provider (MSSP).
In both scenarios, neither the sovereign wealth fund nor its portfolio companies had a viable method for correlating Indicators of Compromise (IoCs) across multiple organizations. What’s more, they lacked the ability to detect malicious threat activity based on network behaviors.
Securing multiple companies through Collective Defense
To resolve this lack of real-time, widespread threat visibility, the sovereign wealth fund and its portfolio companies stood up an IronDome with the dual goals of reducing time to detection of unknown/novel threats and easing the resource burden on both its cybersecurity teams and its MSSP. Each customer opted for an on-premise appliance, connected to a virtual backend located in AWS.
The IronDome has produced multiple unique detections per week on average since being launched in January 2020. This arsenal of detection capabilities based on machine learning and human insights will allow the wealth fund IronDome participants to spot active malware beaconing using IronNet’s proprietary domain generation algorithm analytic; DNS abuse detected by the DNS tunneling detection analytic; potentially unwanted programs and policy violations; and more.
Sinister BotNet intrusion detected
In one instance, IronNet analytics detected a sinister BotNet intrusion attempt into the firm’s perimeter. The firm’s Chief Technology Officer said:
“None of our other threat hunting tools sparked an alarm. This may suggest that we can turn off some of our other threat hunting tools and save some money by using IronNet. This is IronNet value at work. Thank you, IronNet.”
IronNet delivers concrete value to this customer and its portfolio companies in the following ways:
Increased threat visibility
Behavioral analytics + “the power of intelligence in threat hunting” result in early detection of unknown threats.
Reduced impact of cyber threats
The detection allowed the firm “to act fast and catch a BotNet on our Firewall before it got inside our network” -- all within 24 hours of detection.
Maximized cybersecurity investment
In considering that they may be able to reduce other threat hunting tools, the firm can maximize their budgets and streamline their technology stack.
Indeed, this IronNet customer has strengthened its defense capabilities through the power of behavior analytics to detect novel threats and through threat sharing at network speed. In addition, it has improved its cybersecurity investments and the effectiveness of all stakeholder SOC and MSSP analysts.