IronNet IronDefense is a network detection and response (NDR) platform that monitors network traffic to identify cyber threats. The platform ingests both north-south traffic at network perimeters and east-west traffic within enterprise environments to provide visibility across network infrastructure. IronDefense uses machine learning and artificial intelligence techniques for behavioral analysis to detect anomalous network activity. The platform includes an automated alert correlation engine that models adversarial attack techniques and pre-correlates anomalous activity by threat categories to improve risk scoring and alert prioritization. The platform offers continuous PCAP capture capability for session-level analysis and supports extended hunt windows of 30, 60, or 90 days for threat investigation. IronDefense can detect malicious payloads through optional streaming analytics that cross-reference files with a reputation database. The platform deploys virtual and physical sensors along with data collectors that can be positioned across hybrid environments, including public/private cloud, virtual networks, and on-premise infrastructure. IronDefense integrates with IronDome Collective Defense to provide real-time visibility into threats targeting supply chains, industries, or regions through correlation of anomalies across peer groups. The platform is designed to reduce alert load and investigation time for security operations center teams through automated triage and correlation capabilities.