Proactive mitigation of cyber threats

Detect and respond faster to
stealthy threats targeting
your enterprise

Our solution delivers unparalleled visibility, detection, and integrated
cyber hunt to security operation teams of all sizes.

IronDefense is a Network Detection & Response (NDR) platform that improves visibility across the threat landscape and amplifies detection efficacy within your network environment, allowing your SOC team to be more efficient and effective with existing cyber defense tools, resources, and analyst capacity.


IronDefense gives you:
  • Enhanced Visibility
  • Faster detection
  • Increased efficiency


"IronDefense detected threats six times better than our
current stack of cyber tools."
- CISO | Top-10 Global Sovereign Wealth fund
  • See more cyber threats. Faster.

    We need a new, more advanced weapon to detect unknown threats: network behavior-based AI models that detect sophisticated adversaries and shorten response time.

  • Is artificial intelligence worth the investment?

    This white paper explores whether AI is an effective way to gain economies of scale for faster, more efficient threat detection and response.

Why Thomson Reuters chose IronDefense

Richard Puckett

formerly Thomson Reuters CISO

A closer look at how IronDefense improves visibility, detection, and efficiency

Enhanced visibility

Real-time insights across industry threatscapes, human insights to detected threats, and higher-order analysis of anomalies correlated across groups of peers via IronDome Collective Defense integration.


Faster detection

Advanced network behavioral analysis that leverages proven AI/ML and analytics used to defend highly secure networks, allowing the ability to scale up analysis to the largest enterprises.


Increased efficiency

Experienced insights — a “second pair of eyes” — from some of the nation’s top defenders, applied via IronDefense’s Expert System to supplement limited cyber staff and to enable faster, more effective prioritization and mitigation/response.

Threat detection types

Cyber threats can be organized into three main categories: known knowns, known unknowns, and
unknown unknowns. The techniques required to detect them generally get more sophisticated as
they progress from known to unknown.

  • Known Knowns

    IronDefense can leverage all types of threat intelligence and contextual data to identify known threats.

    • Identifying bad IP or URL addresses based on a threat intelligence feed
    • Taking known indicators and searching across billions of metadata flows
  • Known Unknowns

    IronDefense leverages a range of behavioral analysis, machine-learning, and artificial intelligence detection models to counter evasion techniques used by attackers to bypass existing cyber defenses.

    • Supervised - Automating searches for vendor-identified “known bads”
    • Unsupervised - Anomaly detection in a growing dataset
  • Unknown Unknowns

    IronDefense works with IronDome for higher order analysis and peer collaboration across an industry to identify emerging threats targeting your business ecosystems.

    • Models determine network behavior features to extract and examine
    • IronNet SMEs label the data based on context and experience
    • IronNet SMEs train the models, which become more intelligent over time

How secure is your supply chain? Discover the weak spots and how to defend against indirect cyber attacks. Read More

IronDefense Services

IronNet offers customers a dedicated Customer Success team and real-time insights from the IronNet Cyber Operations Center (CyOC), which operationalizes IronDefense using the Detect, Alert, Analyze, Act, and Share methodology. We provide expert monitoring, cyber threat hunting, and response for our clients’ networks.

Thinking about
IronDefense advanced
threat protection?

The proof is within reach. Wherever you are. 


IronNet’s remote Proof of Value
(POV) program

A 30-day, remote IronDefense POV will give your organization insights into how IronDefense improves cyber defenses in your unique enterprise environment as you:
  • experience the automatic detection and prioritization of advanced threats
  • engage in a Cyber Threat Emulation exercise; and
  • see first hand how we fit into your organization’s workflow.
The IronNet team will provide guidance throughout the engagement process to design a solution that fits your unique business needs.

How it works

IronDefense ingests north-south traffic at your network perimeter and east-west traffic within your enterprise to provide full visibility across your network and full insights at the individual session level with its continuous PCAP capture capability. IronDefense can be deployed in the public cloud through Amazon Web Services (AWS) or on-premise as hardware.