CISO Challenge #3

Writing and maintaining SIEM use cases for network log data is cumbersome

Many companies that don’t have a dedicated NDR solution in place yet, aim to analyse network logs with their SIEM. However, writing reliable use cases for network log data with a SIEM is difficult for several reasons. First, NetFlow/IPFIX, which is the dominant industry standard for network traffic logging, logs each connection direction separately. SIEMs typically lack functions to create a holistic view of these individual log entries. Secondly, SIEMs lack specific machine learning models for network traffic. Third, there can easily be billions of data points per day, causing major scalability issues. And lastly, due to the massive amount of data points, the accuracy of use cases must be very high to avoid too many false positives.

Exeon’s approach

ExeonTrace’s algorithms, which are based on research from ETH Zurich, reconstruct a consistent representation from billions of network log data points. This allows ExeonTrace to run advanced detection models on billions of data points on a single commodity VM with high accuracy
ExeonTrace comes with use cases that combine supervised ML, unsupervised ML, expert knowledge, and traditional IOCs
These use cases are managed by Exeon

Benefits for CISOs and security teams

Scalable, high-quality detection for network traffic logs, with very few false positives
Use cases are updated by Exeon
No need to manually write and maintain use cases

Future-Proof NDR

ExeonTrace brings ready-made use cases

With ExeonTrace one does not have to write complicated queries because we bring ready-made visualisations and use cases.

Other challenges you might have:

Are you facing other challenges that we didn't cover yet?

We are very happy to discuss them with you personally. Just book a live demonstration of ExeonTrace.

Main benefits of ExeonTrace

Comprehensive Visibility

Visibility into your IT network to identify weaknesses before they are exploited by attackers (exposed services, shadow IT, insecure and risky communication etc.)

No traffic mirroring

Algorithms are analysing light-weight network log data

Reduced SOC workload

Ready-made use cases and ML models, automated cross-data correlation and intuitive visualisations make the SOC work more effective and efficient

Not affected by encryption

Metadata analysis is unaffected by network data encryption