Identify advanced threats that are designed to evade even the best network and endpoint security products.

Request a Demo

IronDefense is our flagship platform that delivers massively scalable network behavioral analytics, integrated packet-level cyber hunt, and the application of tradecraft expertise to detect advanced threats often missed by existing commercial cybersecurity solutions.

IronDefense Features

IronDefense has a suite of analytics that target all segments of the cyber kill chain. Below are a few of our features.

Advanced Behavioral Detection

Leverages predictive models and behavioral analytics developed by data scientists from DARPA and the University of Chicago to identify threats at an unmatched speed and scale.

Integrated Cyber Hunt

Enables seamless pivot from detection to investigation by providing packet-level visibility and integrated data enrichments to help investigate threats at the "speed of thought."

Expert System

Orchestrates the acquisition of contextual data and application of tradecraft cyber expertise to determine the risk of identified anomalies to the organization.

IronDome Collective Defense

Native integration with IronDome delivers industry-level threat insights and visibility, enabling the identification of threats that are difficult to identify by any single company working in isolation.


  • Advanced detection using the latest behavioral detection methods

    IronDefense’s advanced behavioral detection, Expert System, and integrated real-time hunting enable the detection of rapidly evolving threats that are designed to evade even the best endpoint and firewall tools.

  • Unprecedented visibility across your enterprise

    IronDefense’s ability to process network flows and full-packet capture across an enterprise’s geographic, data center, and branch office networks enables unmatched visibility across an enterprise’s network. Integration with IronDome broadens the aperture, delivering near-real-time visibility throughout the industry sector.

  • Find threats with high precision and sensitivity

    IronDefense is designed at enterprise scale to find threats and anomalies commonly missed by other security solutions. Real-world and threat emulation testing by world-class cyber offense operators ensures a high-degree of sensitivity in identifying malicious activity while minimizing false positives.

  • Prioritize defenses on real, not theoretical threats

    IronDefense automatically applies our tradecraft operations playbooks to automate what a Tier III security analyst does to triage an alert from our advanced analytics. This is further refined through our near-real-time analysis of industry risk through IronDome, allowing your security operations analysts to optimize their efforts to mitigate risk to your organization and industry sector.

How It Works

IronDefense sensors are deployed at the requisite network terminal access points (TAP) within the enterprise network. The sensors collect full-packet capture (PCAP) from IronDefense integrated hunt and send network metadata, known as IronFlows, to the IronDefense backend for analysis. The IronDefense backend can be deployed as an on-premise hardware solution, which is hosted at IronNet’s datacenter, or delivered in the cloud through Amazon Web Services (AWS).

IronDefense ingests north-south traffic at your network perimeter and east-west traffic within your enterprise to provide full visibility.

IronDefense Solution Sheet

IronDefense Network Architecture

Want To Learn More?

Fill out this form and we'll send you a PDF to learn more about our product.

By submitting this form, you are confirming that you have read and agree to our Terms and Privacy Statement.