Delayed Nyse  -  05/27 04:00:02 pm EDT
3.120 USD   +6.48%
05/26Ironnet, Inc. Announces Resignation of André Pienaar
05/20IRONNET, INC. : Change in Directors or Principal Officers (form 8-K)
05/17INVESTOR NOTICE : June 21st Deadline in Lawsuit for Investors who Lost over $100,000 in IronNet, Inc shares announced by Shareholders Foundation
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

IronNet : January Threat Intelligence Brief

01/05/2022 | 02:18pm EDT
Jan 5, 2022

Looking back on December, I will say that the big news in the cyber world was, of course, the Log4j vulnerability. A remote code execution (RCE) vulnerability (CVE-2021-44228) with a CVSS score of 10.0 was identified within Log4j, a Java-based logging utility. Given the popularity of Log4j and Apache's projects, the list of organizations with vulnerable applications organizations may not even know they are running Log4j, as it may be used by a third-party framework or toolset.


At IronNet, we look to behavioral analytics to detect unknown threats on enterprise networks before adversaries succeed at their end-game: exploitation or exfiltration. First, we do the threat detection groundwork needed to spot abnormal network activity across our customers' networks. Second, our IronDefense NDR expert system scores these alerts, prioritizing the most interesting events to help cut down on alert fatigue. Finally, we take a Collective Defenseapproach to crowdsourced threat sharing in real time.

The January IronNet Threat Intelligence Brief

This ability to analyze and correlate seemingly unrelated instances is critical for identifying sophisticated attackers who leverage varying infrastructures to hide their activity from existing cyber defenses. As reported in the January Threat Intelligence Brief, our analysts review alerts from millions of data flows that are ingested and processed with big data analytics. We apply ratings to the alerts (benign/suspicious/malicious) and immediately share them with IronDome Collective Defenseparticipants.

Here is a snapshot of what we discovered across the IronDome communities in December, showing 841 correlated alerts across IronDome participant environments:


Given the unique cross-sector visibility and Collective Defense capabilities of IronDome, we are able to highlight the most frequent behaviors each month, in turn enabling us to track trends over time. For December, the most frequent behavior analytics were External Scanning (4999), Credential Phishing (1797), and C2 Rendevous (DGA) (1030).

Analysis of IOCs

In addition to correlated alerts, significant IronDome community findings revealed 471 Indicators of Compromise (IoC) that may pose risk to IronDome participant environments. For example, we analyzed the malicious domain signal2domain[.]online, known for suspicious traffic and attributed to malicious communicating files.

All the IoCs we analyzed are used to trigger alerts that are mapped to the Cyber Kill Chain to identify the stage and progression of the threat. They can be used to create detection rules for network, endpoint, or other security tools currently deployed to mitigate cyber risk in each IronDome participant's environment.

See the January Threat Intelligence Brief for the full list of recent IoCs.

The bigger picture of Collective Defense

Every month, IronNet's expert threat analysts create threat intelligence rules (TIRs) based on significant community findings from IronDome, malware analysis, threat research, or other methods to ensure timely detection of malicious behavior targeting an enterprise or other IronDome community participants.

In December, we created 3,599 threat intel rules of our 290,388 created to date. Some examples of this month's research related to indicators associated with malware delivery domains for Log4j, Dridex malware, Qakbot malware, and BlackTech Flagpro malware.

This combination of behavior-driven and IoC signature-based detection, alert ranking, and sharing ensures IronDome participants have the broadest view of threats facing their enterprise.

Log4j vulnerability and exploitation

As I mentioned, Log4j, an open-source Java logging library, was victim to a remote code execution (RCE) vulnerability (CVE-2021-44228) with a CVSS (Common Vulnerability Scoring System) score of 10.0. The vulnerability was found by Chen Zhaojun of Alibaba Cloud Security Team in a bug bounty program for the popular game Minecraft.

Attackers sent a malicious string of code to the vulnerable system, which was logged by Log4j, allowing the threat actors to load arbitrary Java code and gain control over the server. Any Java-based, internet-facing server is now vulnerable, and researchers have observed massive scanning activity for the vulnerability on the internet as threat actors seek to locate and exploit unpatched systems.

Additionally, several other CVEs have emerged in December, impacting billions of systems that use Java-based logging library:

You can see the latest industry news in the full brief or check out IronNet's threat intelligence web page.

About Ironnet
Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet, Inc. (NYSE: IRNT) is a global cybersecurity leader that is transforming how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today.


IronNet Inc. published this content on 05 January 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 05 January 2022 19:17:01 UTC.

© Publicnow 2022
All news about IRONNET, INC.
05/26Ironnet, Inc. Announces Resignation of André Pienaar
05/20IRONNET, INC. : Change in Directors or Principal Officers (form 8-K)
05/17INVESTOR NOTICE : June 21st Deadline in Lawsuit for Investors who Lost over $100,000 in Ir..
05/10INVESTOR NOTICE : Deadline in Lawsuit for Investors in IronNet, Inc. shares announced by S..
05/05IronNet, Inc. Updates Revenue Guidance for the Fiscal Year Ending January 31, 2022
05/02IRONNET, INC. Management's Discussion and Analysis of Financial Condition and Results ..
05/02IronNet, Inc. Auditor Raises 'Going Concern' Doubt
04/25IRONNET, INC. : Non-Reliance on Previous Financials, Audits or Interim Review (form 8-K)
04/25INVESTOR NOTICE : Lawsuit for Investors in IronNet, Inc. shares announced by Shareholders ..
More news
Analyst Recommendations on IRONNET, INC.
More recommendations
Financials (USD)
Sales 2023 33,9 M - -
Net income 2023 -88,7 M - -
Net cash 2023 28,6 M - -
P/E ratio 2023 -3,76x
Yield 2023 -
Capitalization 313 M 313 M -
EV / Sales 2023 8,40x
EV / Sales 2024 5,57x
Nbr of Employees 316
Free-Float 70,1%
Duration : Period :
IronNet, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends IRONNET, INC.
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus HOLD
Number of Analysts 4
Last Close Price 3,12 $
Average target price 4,63 $
Spread / Average Target 48,2%
EPS Revisions
Managers and Directors
Keith Brian Alexander Chairman, President & Co-Chief Executive Officer
William E. Welch Co-Chief Executive Officer & Director
James C. Gerber Chief Financial Officer
George Lamont Chief Information Officer
Fernando Maymi Chief Information Security Officer
Sector and Competitors
1st jan.Capi. (M$)
IRONNET, INC.-25.71%313
AVAST PLC-21.23%6 284
KNOWBE4, INC.-20.88%3 178
DARKTRACE PLC-14.64%2 924