Future-proof NDR approach
ExeonTrace’s future-proof approach is based on metadata analysis and therefore does not require any traffic mirroring. ExeonTrace’s algorithms are especially built for the analysis of encrypted data which cannot be analysed with traditional NDR solutions.
ExeonTrace also allows for the analysis of multiple data sources including native cloud applications and is therefore the leading solution for highly virtualised and distributed networks.
In a more schematic way, this is how ExeonTrace works:
Light-weight network log data
Log data from firewalls, virtual/physical switches (NetFlow, IPFIX), DNS, secure web gateways, clouds (Azure, Google, AWS)
Full representation of IT activities
Stored in graph database, data reduction compared to input data by a factor x100
Intuitive GUI, dedicated visualisations for network traffic, fast and interactive drilldowns
Supervised and unsupervised ML models, expert use cases, threat correlation, integrate additional logs
Graphic representation of security incidents, incident prioritisation, API triggering alerting and response
Combining the best from traditional NDRs and SIEMs
ExeonTrace works with light-weight log data as SIEMs do, while traditional NDRs rely on traffic mirroring. For the data analysis, ExeonTrace provides specialised detection algorithms for network log data - like traditional NDRs.
(incl. system and application logs)
ExeonTrace compared to Traditional NDR
- ExeonTrace is specifically built for the analysis of meta data.
- Larger companies that use traditional NDR report a decrease of their network performance due to the bandwidth required for mirroring. Since ExeonTrace uses very light-weight logs there is no such effect on the network performance.
- ExeonTrace is applied virtually: it uses logs from existing network infrastructure (proxy, NetFlow, cloud flow logs, etc.). No hardware/agents required.
- Proxy analysis provides full visibility into HTTP(S) (traditional NDR solutions are blind when it comes to HTTPS details).
- Instead of getting the data only from core switches, ExeonTrace integrates log data from many and distributed collection points, which results in detailed visibility and superior analytics.
ExeonTrace relies on network log data instead of traffic mirroring
ExeonTrace doesn’t effect network performance
ExeonTrace requires no hardware sensors
ExeonTrace enables full visibility into HTTP(S)
ExeonTrace gets log data from many collection points
ExeonTrace compared to SIEM
- ExeonTrace takes the input data, transforms it into algorithms, and then stores it in the graph database which allows customers to reduce the typical data volume by about a factor of 100.
- ExeonTrace works with its graph database, while the SIEM will always have to search the old logs.
- With ExeonTrace one does not have to write complicated queries because we bring ready-made visualisations and use cases.
- SIEMs are missing algorithms that contain network specific knowledge (that ExeonTrace provides).
ExeonTrace brings intuitive data visualisation
ExeonTrace is faster when it comes to navigating the data
ExeonTrace brings ready-made use cases
ExeonTrace brings advanced detection
ExeonTrace can be used with a SIEM or collect the data on its own.
Main benefits of ExeonTrace
Visibility into your IT network to identify weaknesses before they are exploited by attackers (exposed services, shadow IT, insecure and risky communication etc.)
Reduced SOC workload
Ready-made use cases and ML models, automated cross-data correlation and intuitive visualisations make the SOC more effective and efficient
Straightforward set-up (deployment within 1 day) as no additional hardware is needed
Cost-effective business continuity securing and sensitive data protection
Need more information?
Watch the video to see how the analysis of existing network data secures your IT infrastructure