Future-proof NDR approach

ExeonTrace’s future-proof approach is based on metadata analysis and therefore does not require any traffic mirroring. ExeonTrace’s algorithms are especially built for the analysis of encrypted data which cannot be analysed with traditional NDR solutions.

ExeonTrace also allows for the analysis of multiple data sources including native cloud applications and is therefore the leading solution for highly virtualised and distributed networks.

In a more schematic way, this is how ExeonTrace works:

Light-weight network log data

Log data from firewalls, virtual/physical switches (NetFlow, IPFIX), DNS, secure web gateways, clouds (Azure, Google, AWS)

ExeonTrace algorithms

Full representation of IT activities

Stored in graph database, data reduction compared to input data by a factor x100

Used for


Intuitive GUI, dedicated visualisations for network traffic, fast and interactive drilldowns

Anomaly Detection

Supervised and unsupervised ML models, expert use cases, threat correlation, integrate additional logs


Graphic representation of security incidents, incident prioritisation, API triggering alerting and response

Combining the best from traditional NDRs and SIEMs

ExeonTrace works with light-weight log data as SIEMs do, while traditional NDRs rely on traffic mirroring. For the data analysis, ExeonTrace provides specialised detection algorithms for network log data - like traditional NDRs.

Traditional NDR
Data collection
Data analysis
Data visualisations
Threat detection
Expensive traffic mirroring
Light-weight log data
Specialised detection algorithms for network log data
Manual data analysis
Intuitive data visualisations
No data visualisations
Relying on network traffic only
Holistic detection covering different data sources

(incl. system and application logs)

ExeonTrace compared to Traditional NDR

ExeonTrace relies on network log data instead of traffic mirroring

ExeonTrace is specifically built for the analysis of meta data.

ExeonTrace doesn’t effect network performance

Larger companies that use traditional NDR report a decrease of their network performance due to the bandwidth required for mirroring. Since ExeonTrace uses very light-weight logs there is no such effect on the network performance.

ExeonTrace requires no hardware sensors

ExeonTrace is applied virtually: it uses logs from existing network infrastructure (proxy, NetFlow, cloud flow logs, etc.). No hardware/agents required.

ExeonTrace enables full visibility into HTTP(S)

Proxy analysis provides full visibility into HTTP(S) (traditional NDR solutions are blind when it comes to HTTPS details).

ExeonTrace gets log data from many collection points

Instead of getting the data only from core switches, ExeonTrace integrates log data from many and distributed collection points, which results in detailed visibility and superior analytics.

ExeonTrace compared to SIEM

ExeonTrace brings intuitive data visualisation

ExeonTrace takes the input data, transforms it into algorithms, and then stores it in the graph database which allows customers to reduce the typical data volume by about a factor of 100.

ExeonTrace is faster when it comes to navigating the data

ExeonTrace works with its graph database, while the SIEM will always have to search the old logs.

ExeonTrace brings ready-made use cases

With ExeonTrace one does not have to write complicated queries because we bring ready-made visualisations and use cases.

ExeonTrace brings advanced detection

SIEMs are missing algorithms that contain network specific knowledge (that ExeonTrace provides).

ExeonTrace can be used with a SIEM or collect the data on its own.

Main benefits of ExeonTrace

Comprehensive Visibility

Visibility into your IT network to identify weaknesses before they are exploited by attackers (exposed services, shadow IT, insecure and risky communication etc.)

Reduced SOC workload

Ready-made use cases and ML models, automated cross-data correlation and intuitive visualisations make the SOC more effective and efficient

Rapid Deployment

Straightforward set-up (deployment within 1 day) as no additional hardware is needed


Cost-effective business continuity securing and sensitive data protection

Need more information?

Watch the video to see how the analysis of existing network data secures your IT infrastructure