Things to know when implementing IronNet


After selecting IronNet for your network detection and response platform, it’s time to implement it into your organization’s network and systems. There are some key considerations that go into getting IronNet ready to detect and alert you on unique threats across your network. This article will outline the steps and best practices to ensure a seamless installation and implementation of your new IronNet solutions. 

The lay of the land

What does your current cybersecurity stack look like? What gaps are you filling with IronNet’s network detection and response tools? Before adding IronNet to the mix, you’ll need to figure out where in the network you’re going to install IronNet’s sensors, and what traffic you will be analyzing. What technologies and products will IronNet integrate with or work alongside? Having a 10,000-foot view of your network layout will help you prepare for which systems will be involved in the implementation process and how to minimize disruptions to your workflow. 

Be clear about what gaps IronNet is going to fill in your current ecosystem. For example, let’s take an organization that has a SOC team doing some analysis and looking at threats in a SIEM. They are onboarding IronNet to add behavioral network detection and response to their current cyber operations. The SOC team will be the primary users of IronNet in their organizations and they can integrate it into their SIEM, so they see IronNet’s detections in a familiar view that they are used to working with.

Key roles and teams

What teams are responsible for the numerous parts of your cybersecurity ecosystem? Outlining the different roles of your cybersecurity processes and procedures in your company will prove invaluable for a clean IronNet installation. You’ll need to make all teams aware of their role in the installation and keep the lines of communication open among teams, so all can work together towards success. Having an executive sponsor to champion the process can orient all teams under one unified voice. If an internal executive stakeholder can oversee the full installation, it can expedite the process and align cross-functional groups to a single source of truth. 

A few key teams that may be tapped on the customer side are: 

  • Network teams 
  • SOC managers/directors
  • SOC analysts
  • Compliance team
  • Change management team
  • Other security teams

Notifying these teams in advance of their role in the implementation process leads to an easier setup. You’ll also work with the Onboarding Team at IronNet as well as a Customer Success Manager who knows the fine details of implementation and can help you bring all the pieces together in a timely manner. 

Order of events

Here are some of the major milestones you’ll reach during your implementation process:

  • Get our pre-imaged sensors and plug them in. IronNet will ship our sensors to you and walk you through how to plug them into your system. At this point, you will have already determined where the sensors will be placed based on what traffic you’ll be analyzing. 
  • Modify your firewall. You’ll need your security teams to make sure the firewall isn’t blocking anything IronNet needs for analysis. 
  • Set up your network so it passes through the sensor. The network team will configure the network so the traffic flows through the sensor and IronNet can analyze it for threats. 
  • Set up integrations. At this point IronNet is up and running, evaluating network traffic, and looking for threats. The final step is to integrate your IronNet instance with other products and technologies (e.g., EDR, SIEM) already in your security ecosystem for automations and more advanced capabilities.


Customers often have existing cyber security workflows in their organization. IronNet has several integrations built in and can therefore seamlessly connect with many of these processes and technologies. When you add IronNet into your system you’ll have more visibility of your network, so this new data can feed directly into your system. If you have a firewall, SIEM, and/or EDR, IronNet can integrate with those. You’ll see immediate benefits by doing this; your EDR can automatically block threats that IronNet detects, your SIEM view is now enhanced with IronNet’s detections as well, in the view you’re used to, and IronNet can feed new threats into the Firewall for better protection.  

Setting you up for success

IronNet has a hands-on approach in getting you up and running, but your team will be the main users of the product after that. Sign up for training (it’s included in your license) after you have IronNet set up so you can get the most out of what the solution has to offer. In addition to training, IronNet provides detailed technical documents about implementation and use of our products. And, you can always reach out to IronNet for help.

The key thing to know is you’re not on your own. IronNet is your partner for the full implementation process, and beyond

Want to keep reading?