On-demand demo

Follow the workflow from alert through action on a credential phishing investigation. See how analysts use IronDefense and IronDome to hunt, analyze, verify, and take action on this common use case. Each video is approximately 2 minutes. Click each step to explore. 

Scenario: Credential Phishing

Products: IronDefense + IronDome

Outcome: Collective Defense enables faster prioritization and response
Part 1
Part 2
Part 3
Part 4
Part 5
Part 1

Detect & correlate

In the first part of this credential phishing demo, we walk through how the IronDome Detection Correlation Dashboard is used to see how our detection correlates with industry peers and what information on detection, triage, and response has already been shared with the community before starting our own investigation.

Key takeaways: 
  • Increase visibility within your environment with IronDefense 
  • Gain ability to quickly focus in on activity of interest
  • Enhance visibility across your industry: Are your peers seeing anything similar? Have they already been impacted?
  • "Collective SOC" as a force multiplier
IronNet-On-demand Demo-Part 1-Detect and correlate@2x


Part 2

Investigate in the SIEM

In part two of this credential phishing demo, learn how a SOC uses the IronDefense Splunk App as part of their standard SIEM workflow before pivoting into IronDefense for deeper investigation.

Key takeaways: 
  • In addition to new analytics, gain visibility into details that a SIEM alone won't have access to 
  • Improve effectiveness of your existing tools, centralize your team view on the interface you use most
IronNet-On-demand Demo-Part 2-Investigate in the SIEM@2x


Part 3

Verify with peer insights

In part three of of this credential phishing demo series, you’ll see how a SOC analyst conducts an investigation of a detected credential phishing, how other SOC peers across the industry have rated and triaged similar alerts via IronDome Collective Defense sharing, and what the activity summary tells us about the alert.

Key takeaways: 
  • Reduce the fatigue of responding to an alert
  • Provide explanations / summaries
  • Gain easy access to all related information to drive understanding
  • Ensure teams are not duplicating work  
  • Improve efficiency and effectiveness for your security team by summarizing the most important information from the activity
IronNet-On-demand Demo-Part 3-Verify with peer insights@2x


Part 4

Accelerate the investigation

Part four of this credential phishing demo series explores the Expert System within IronDefense, which acts as a virtual SOC assistant to speed up investigations. We also walk through what the individual full-packet level details tell us about the event and how to run an enterprise-wide hunt across all networks and all flows.

Key takeaways: 
  • Ironnet provides the details about "why" we scored alerts the way we did
  • Save time by automating manual tasks and empowering your team to focus on what matters most
  • Ensure consistency across your workflows, empowering new team members and closing the learning gap 
  • Incorporate external and internal knowledge at-this-time checks (age of domain, blocklists, umbrella) + behavioral trends (anyone in your company go here)
IronNet-On-demand Demo-Part 4-Accelerate the investigation@2x


Part 5

Pivot from analysis to action in your SOAR

In the final part of this credential phishing demo series, find out how you can pivot from IronDefense to response using the SOAR of your choice. IronDefense works seamlessly with the SOAR of your choice so that you can take action using your existing response playbooks.

Key takeaways: 
  • IronDefense is deeply integrated with SOARs to provide detailed response capabilities that are customizable to your specific needs. 
  • Most NDRs focus on single action response. We have that capability, too, but our perspective is that for real-world scenarios in multi-segment networks working through a SOAR are critical especially given the noisiness of modern networks.
IronNet-On-demand Demo-Part 5-Pivot from analysis to action@2x


Schedule a live demo today

Our Collective Defense platform – founded on our IronDome and IronDefense products – enables organizations to build a more proactive, more effective defense starting immediately. Find out why organizations across industries and around the world rely on us to enhance their cybersecurity posture. Contact our team to learn how Collective Defense can work for you.