ExeonTrace vs. Competition

To deal with expanding attack surfaces of increasingly complex IT environments, network detection and response (NDR) solutions have undoubtedly become a crucial part of a robust cyber architecture. However, there are significant differences in NDR solution’s detection technologies and analysis capabilities. While most traditional NDR providers rely on deep packet inspection, more future-proof approaches such as ExeonTrace use metadata analysis.

Deep Packet Inspection

Deep Packet Inspection (DPI) relies on Traffic Mirroring and is a type of network filtering used to inspect the entire payload of packets flowing across specific connections or core switches. DPI’s analysis capabilities are limited to the network traffic transmitted on the monitored core switches and require large amounts of computing power, making it unsuitable for high-bandwidth networks. In addition, the rapid adoption of encryption (encrypted legacy protocols, SSL certificates etc.) hinders DPI to inspect the payloads, even though the customers provide terabits of mirrored packed payloads.

Metadata Analysis

Metadata Analysis (MA) has been developed to overcome the limitations of Deep Packet Inspection. Instead of being limited to only inspecting the traffic flowing across core switches, MA relies on log data (NetFlow/sFlow/syslog etc.) from multiple network sources (Switches, Cloud logs, Firewall etc.). For every packet passing through the network (via virtual and core switches), the source/destination IP address, session length, protocol (TCP, UDP) and types of services used are recorded and analysed. This provides security teams with real-time intelligence of all network traffic. NDR solutions relying on MA do not require any hardware sensors, can deal with ever-increasing network traffic and are completely unaffected by encryption. This approach supplemented by system- and application-logs (such as DC logs) allows for more insights than DPI.

Sensor/Switch

(Providing data for analysis)

Sensor/Switch

(Not providing data for analysis)

Data flow

(Visible)

Data flow

(Non-visible)

Device

What they see:

Only the traffic flowing via mirrored switches.

What we see:

All network communications passing through any physical and virtualised networks.


Trusted by

University of Bern
V-Zug
PostFInance
Planzer
SWISS

Capabilities

exeon

Traditional NDR solutions

Analysis of light-weight log data – no traffic mirroring, no additional hardware
Metadata analysis, unaffected by encryption
Holistic visualisation of IT network
Powerful Machine Learning algorithms

As CEO and owner of a fast moving logistics company, I cannot afford any system interruptions due to cyber incidents. With ExeonTrace, we have found a Swiss solution to monitor our network and quickly detect cyber threats.

Nils Planzer CEO & Owner Planzer
Nils Planzer

Why our customers continue to choose us over traditional NDR providers:

Supervised & Unsupervised ML algorithms

ExeonTrace is equipped with supervised and unsupervised machine learning algorithms designed to analyse billions of network interactions and detect sophisticated cyberattacks, such as APT, ransomware and lateral movement.

Metadata analysis unaffected by encryption and increasing bandwidths

Unlike NDR providers relying on deep packet inspection, ExeonTrace is entirely unaffected by traffic encryption and increasing bandwidths since its algorithms were specifically built for the analysis of metadata.

Holistic visibility into entire IT/OT network

By relying on Metadata Analysis, ExeonTrace provides complete visibility into all network communications passing through any physical, virtualised or cloud networks.

Analysis of light-weight log data

Analysis of light-weight log data (NetFlow/sFlow/syslog) instead of data-heavy traffic mirroring. Metadata can be exported from existing network sources (switches, firewalls etc.) without hardware sensors.

Efficient log data storage

By reducing input log data by a factor of 100, our specialised algorithms support light-weight storage of historical data for later inspection, making ExeonTrace optimal for high-bandwidth networks.

Do you want to see how ExeonTrace can protect your network?

Let us know and book a demonstration.