SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
Ransomware
#
Advanced Persistent Threat Protection
#
NDR

Video: 10 Minute IT Jams - An update from IronNet

Fri, 13th May 2022
FYI, this story is more than a year old
Author image
By Mitchell Hageman, Managing Editor

The cyber security landscape is evolving - and so too are the strategies needed to defend against mounting digital threats. At the forefront of this battle is a company with its roots planted firmly in governmental experience and innovation.

Iron Net, a cyber defence firm founded by retired American four-star General Keith Alexander - the longest-serving director of the US National Security Agency and founding commander of the US Cyber Command - is seeking to transform how organisations approach collective cyber resilience. The company's Chief Technology Officer, Michael Ehrlich, spoke with Tim and It Jams about Iron Net's origins, the value of network-based defence and the urgent call for collaborative action in fighting cybercrime.

"When General Alexander was the head of the US National Security Agency, it was really his job to defend in cyberspace the US government," Ehrlich explained. "But he felt that also extended to defending critical infrastructure. The challenge was he had no visibility over anything happening across most of the US government and certainly no real-time visibility into anything happening in cyberspace against our critical infrastructure companies."

This frustration was twofold. Not only did Alexander worry about the inability to see attacks developing against vital assets, but he was also struck by the consistently slow speed with which threats were discovered.

"It just takes too long today to find new attacks," Ehrlich said. "Whether it's ransomware, the wrong time to find it is when a screen comes up on your monitor and says, 'hey, you've been ransomed.' The right time to find it is weeks or months prior."

After retiring from decades of service, Alexander founded Iron Net, which, in Ehrlich's words, "has been around for about eight years now." The company, he explained, sets out to achieve two core objectives.

"We help find bad faster," Ehrlich stated. This is achieved "through network traffic analysis," where Iron Net's primary security product monitors and analyses network data. But the company's second innovation is what it calls its 'collective defence platform'. Here, information from multiple organisations is aggregated, anonymised and shared, providing what he described as a "real-time view across public and private sectors."

For Ehrlich, network traffic analysis is a deliberate choice in an industry packed with tools. Drawing on his own nearly 25 years in the cyber industry - 18 of them with the US intelligence community, much of it developing and deploying offensive capabilities - he argued that no one is entirely immune to breaches.

"I absolutely know that anyone can be breached," he said. "A really good adversary is going to be able to subvert your endpoint agents... The adversary out there, they're smart, they're clever, they can make most of your infrastructure lie to you and look like you were never there."

However, what adversaries cannot hide is their need to use the network. "If they want to operate on your network, it has to be there... That's really why we focus on network traffic analysis and NDR because, as I say, the truth is in the traffic."

A defining concept for Iron Net is the power of "collective defence" - but what does that actually mean? Ehrlich sketched a scenario familiar to many security teams: while organisations might have a good grasp of what is happening within their own networks, very few have any notion of whether those threats are also affecting their peers.

"The idea behind collective defence is to anonymise a much greater amount of data at a much lower level than we do today, from multiple organisations, bring that up into a single platform that we can then analyse... and provide insights back to customers," Ehrlich said. This can drive discovery of brand new attacks, facilitate collaboration, and enable what Iron Net calls "attack intelligence."

So how does "attack intelligence" differ from the now-ubiquitous "threat intelligence" that many cyber security professionals purchase and use? Ehrlich used a colourful analogy to illustrate the point.

"Threat intelligence is intelligence that was derived after a breach that you don't know about, that happened sometime in the past - maybe a week, maybe a year, maybe two years... For folks I talk to, when they subscribe to threat intelligence feeds, the thread intel they get is rarely actionable, relevant and timely. It's a big pile of stuff, like a big pile of jelly beans and you know that the butterscotch one is in there somewhere, but do I really have to taste all of them to get that one jelly bean that I like?"

By contrast, "because we have this aggregated view of what's happening across multiple organisations, we can send you just the butterscotch jelly beans... we can tell you when things that are happening in other sectors, other organisations in your community, when something has been identified there as malicious, we can tell you in real time that that same thing... is also affecting you. I don't give you a pile of 4,000 jelly beans; I give you two."

He continued: "So attack intelligence is relevant, timely and actionable for the recipient. It's a subset of threat intelligence - it's the good part."

But introducing such a collaborative model is not without its hurdles. While the company has improved at securing buy-in, largely by clarifying what is actually shared, Ehrlich acknowledged that legal and regulatory concerns remain a barrier, particularly outside the United States.

"When we started this five years ago, we started with five of the largest energy utilities in the US... It took our developers about nine months to get the first operational model up and running; it took our lawyers and those companies' lawyers about two years to come to an agreement that the companies were willing to share anonymised data in real time with no human intervention."

Now, though, things move more swiftly. "Nowadays, more companies, more and more organisations, realise that, you know, it's not 'me against the adversary' - it's got to be 'us against the adversary'. And so they're starting to see it as a team sport and they are absolutely willing to contribute," Ehrlich said.

As organisations worldwide grapple with an ever-changing threat landscape, Ehrlich believes that the spirit of mutual defence is not just an innovation, but a necessity. "It's got to be us against the adversary," he concluded.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Barracuda boosts threat detection with multimodal AI upgrade
BlueVoyant launches tailored Microsoft Security optimisation service
Mid-market APAC firms boost cybersecurity but lag in AI use
Panaseer launches tool to automate enterprise compliance tasks
Innovation forges a secure & sustainable technology future
Top stories
New report reveals major security flaws in multimodal AI models
AI trends in video surveillance focus on ethics, hybrid models
Broadcom forces VMware clients to roll back crucial updates
Fortinet launches FortiGate 700G with AI & quantum protection
DXC launches solution with SAP & Microsoft to boost AI use