CISO Challenge #3
Writing and maintaining SIEM use cases for network log data is cumbersome
Many companies that don’t have a dedicated NDR solution in place yet, aim to analyse network logs with their SIEM. However, writing reliable use cases for network log data with a SIEM is difficult for several reasons. First, NetFlow/IPFIX, which is the dominant industry standard for network traffic logging, logs each connection direction separately. SIEMs typically lack functions to create a holistic view of these individual log entries. Secondly, SIEMs lack specific machine learning models for network traffic. Third, there can easily be billions of data points per day, causing major scalability issues. And lastly, due to the massive amount of data points, the accuracy of use cases must be very high to avoid too many false positives.
- ExeonTrace’s algorithms, which are based on research from ETH Zurich, reconstruct a consistent representation from billions of network log data points. This allows ExeonTrace to run advanced detection models on billions of data points on a single commodity VM with high accuracy
- ExeonTrace comes with use cases that combine supervised ML, unsupervised ML, expert knowledge, and traditional IOCs
- These use cases are managed by Exeon
Benefits for CISOs and security teams
- Scalable, high-quality detection for network traffic logs, with very few false positives
- Use cases are updated by Exeon
- No need to manually write and maintain use cases
Other challenges you might have:
Are you facing other challenges that we didn't cover yet?
We are very happy to discuss them with you personally. Just book a live demonstration of ExeonTrace.
Main benefits of ExeonTrace
Visibility into your IT network to identify weaknesses before they are exploited by attackers (exposed services, shadow IT, insecure and risky communication etc.)
No traffic mirroring
Algorithms are analysing light-weight network log data
Reduced SOC workload
Ready-made use cases and ML models, automated cross-data correlation and intuitive visualisations make the SOC work more effective and efficient
Not affected by encryption
Metadata analysis is unaffected by network data encryption