I don’t know exactly what is happening in my network

Network traffic encryption makes my tools, which rely on deep packet inspection, become blind

Writing and maintaining SIEM use cases for network log data is cumbersome

I need better threat detection than static IOCs

My current tools (e.g. IDS) create too many false alerts

I need to identify shadow IT

It is cumbersome for security analysts to analyse the data stored in the SIEM

Whitelisting systems in SIEMs is risky and inconvenient

My SOC is flooded with alerts for networks that are irrelevant (e.g. guest WLANs) - Relevant alerts get lost

I am required to store network log data, but the huge data volume makes this very expensive

I can’t do traffic mirroring in my own or my outsourcer’s network

I don’t know whether I can trust the third-party applications in my network

On the 19th and 20th of September 2022, we will be attending the Rethink! IT Security in Hamburg - the leading European summit for IT and cybersecurity. Through an on-site booth and virtual matchmaking, we are looking forward to engaging and interacting with leading CISOs and IT security decision-makers.

Rethink! IT Security, Hamburg

On the 26th - 27th of September 2022, we will be attending StrategieTage IT Security in the renowned "Schloss Bensberg". Through this exclusive networking platform, we will connect with industry leaders to discuss raising trends, developments, and innovation in the IT-Security sector.

StrategieTage IT Security V2, Cologne

Our CEO & Founder Dr. David Gugelmann will join the information Security in Healthcare conference on the 31st of May 2022 as a speaker. The topic of the conference will be "The end of the pandemic - reflection and decision-making".

Information Security in Healthcare, Cham

As a forum for IT managers from the federal, state and local governments, the armed forces, European police authorities, the intelligence services, NATO, security solution providers and academia, Public-IT-Services (PITS) has been a crucial platform for exchanging views on new trends for more than ten years. Visit us at our booth. We look forward to seeing you!

PITS - Public-IT-Security, Hotel Adlon Berlin

And how ExeonTrace solves them

Securing corporate networks has become increasingly demanding and more critical than ever. Based on regular exchanges with industry-leading security experts, we have compiled some of the main challenges for Chief Information Security Officers. Discover how the network analysis platform ExeonTrace adds to corporate cyber resilience through the most advanced Network Detection and Response solution.

CISO Challenges of Corporate Network Protection

As CEO and owner of a fast moving logistics company, I cannot afford any system interruptions due to cyber incidents. With ExeonTrace, we have found a Swiss solution to monitor our network and quickly detect cyber threats.

PostFinance has chosen ExeonTrace because of its open and future-proof architecture. Not needing any hardware sensors  and being able to control data flows, we didn’t have to make any significant changes to our existing infrastructure. We are also convinced by the cooperation with the competent and technically outstanding Exeon team.

I’m highly impressed by the technical abilities of this Network Detection & Response solution. I can definitely sleep better knowing that we have ExeonTrace in our network.

For us as a managed security service provider, a reliable, fast and highly automated NDR solution like ExeonTrace is the key to long-term and satisfied customer relationships. We are therefore delighted to partner with the Exeon team!

We especially appreciate the comprehensive network visibility that ExeonTrace offers us. The anomaly detection is also extremely accurate and allows our analysts to focus on the essential threats.

Our mission is to make corporates more secure, provide quality cybersecurity solutions, and create awareness for cyber prevention rather than investing in damage control. For this, Exeon is a perfect partner!

As Co-CEO of alabus, a hidden champion in the field of business process optimization, protecting the data of our Swiss and international customers is of utmost importance to me. I rely on ExeonTrace to do this and am excited about how this solution helps us understand and secure our network.

Log data by x100

Raw traffic by x10'000

(incl. system and application logs)

E.g. data from firewalls, NetFlow, IPFIX, Secure Web Gateways, native clouds (Google, Amazon, Azure) 

ExeonTrace algorithms are built to also analyse cloud data. We currently support all clouds that can provide network flow data (e.g. AWS, GCP, Azure).

1. What is ExeonTrace’s strategic approach for companies moving workloads to cloud?

By relying on NetFlow which exports metadata about all communication that pass through all monitored network devices (also virtualised) it is possible to get a complete coverage of the own infrastructure. ExeonTrace monitors all endpoints for which it receives data. ExeonTrace offers the possibility to integrate with a CMDB and query DNS for hostname resolution. 

2. What network discovery and asset tracking capabilities does ExeonTrace have?

ExeonTrace can integrate events of EDR or XDR solutions into our correlation or feed our detection events into a SIEM solution. ExeonTrace relies on third-party products (i.e. SOAR, Firewalls) to trigger responses via API calls. Information provided by the CMDB can be used for the analysis as well.

 3. Does the product integrate with other sources or products to enrich detections or orchestrate a response action (i.e. - XDR, EDR, SOAR, etc)?  

Light-weight network log data

Stored in graph database, data reduction compared to input data by the factor x100 

The ExeonTrace NDR detection models are unaffected by encrypted payloads because they are designed to detect patterns based on metadata. Thus, the detection capabilities are independent of traffic encryption.

1. What is ExeonTrace’s approach to handling encrypted traffic?

The ExeonTrace analytics stack uses independent life-cycle policies for the raw logs and for the highly aggregated log data stored in the built-in graph database (reduction ~ 100x compared to incoming NetFlow/Corelight logs). The graph database contains all relevant information required to run the detection models and to conduct investigations and threat hunting. Thus, if desired, one can quickly delete the raw logs from the system to reduce storage space. With such a policy, 1 TB of storage can be sufficient to store a history of 3 months of traffic for 10'000 internal endpoints in the graph database. 

2. How are network traffic and meta data stored in ExeonTrace?  

Full representation of IT activities

High-end visualisation, intuitive GUI, fast and interactive drilldowns

The ExeonTrace NDR shows all connections inside a network in a very intuitive way using specialised visualisations. These views show relevant information like active services, clients-server interactions, used protocols and so on. Besides incident handling support and threat hunting, these visualisations provide a very intuitive way to identify shadow IT. malesuada ullamcorper 

1. How can ExeonTrace be used to improve network visibility and network monitoring?

In the visualisation, ExeonTrace offers filtering based on geoip, network ranges or ips, protocols and traffic volume. ExeonTrace will classify the direction of each flow, so that it is possible to filter for clients and server connections. For traffic filtering of the input, tcpdump-like filters are supported.

2. How can traffic be filtered?

 We provide different roles for the different user groups. While regular users can only access information dashboards, other roles allow for configuration capabilities of different levels. We provide a manual that can be downloaded directly from the GUI.

3. Do the graphical user interface(s) of ExeonTrace differ for the various user groups?

Visibility

Supervised and unsupervised ML models, expert use cases, threat correlation, integrate additional logs

Proxy/secure web gateways & DNS log data to detect hidden c&c channels or other policy violations, active directory to correlate user login behaviour. ExeonTrace offers detailed visualisation dashboards that enable threat hunting and a complete overview of all network activities.

1. Beyond traditional network detections, what other type of detection functionality does ExeonTrace have and in what environments?

 ExeonTrace network module is focused on reconnaissance, lateral movement, command and control and exfiltration. By incorporating AD we can also detect account discovery and credential access techniques. The descriptions of various detection events rely on the definitions of the MITRE ATT&CK framework.

2. What MITRE ATT&CK Integration is available with the solution? Does the product classify detections by ATT&CK technique?

The ExeonTrace NDR analyses L3/L4 via Netflow and L7 data for DNS. The corelight sensors analyse all ISO/OSI layers and can for example extract files from HTTP streams.

3. Which ISO/OSI layers and supported protocols can ExeonTrace interpret to detect events?

Anomaly Detection

Graphic representation of security incidents, incident prioritisation, API triggering alerting and response

Alarms are visualized on the built-in dashboard. Further, alarms can be forwarded via REST APIs to a SIEM, ticketing solution or SOAR system, or be sent via mail. Reports show the number of confirmed/whitelisted anomalies. Also, the system health is exposed via the dashboard and the REST API.

1.Please describe reporting mechanisms with regard to detection accuracy, false positive rates and computing resource consumption.

 High-availability relies on underlying technologies (e.g. VMWare ESXi etc.). Backups of databases/configuration can be written to external systems (custom configuration).

2. How would one implement high-availability, zero-downtime and mission critical operation with ExeonTrace? Are there critical dependencies (e.g. internet connection)?

Besides supporting the respective analyst with additional information and a complete visualisation of the network (non-invasive), ExeonTrace has the capabilities to trigger API calls to Firewalls, SOARs or other security frameworks.

 3. Which response mechanisms (invasive, non-invasive) are supported by ExeonTrace?

Response

Visibility into your entire IT/OT network and all its interfaces to identify vulnerabilities (exposed services, shadow IT etc.) and malicious attack patterns in real-time. 



Comprehensive Visibility

Algorithms are unaffected by encrypted payloads since they are built to detect attack patterns based on metadata and not deep packet inspection.



Not affected by encryption

Analysis of light-weight network log data instead of data-heavy traffic mirroring. Metadata can be exported from existing network sources (switches, firewalls etc.) without hardware sensors.

Light-weight log data

As an established Swiss NDR solution, based on a decade of research at ETH Zürich, we maintain a high level of innovation and privacy, which is incorporated in our ExeonTrace platform.



Developed in Switzerland

Main benefits of ExeonTrace

Swiss made software

TOP 100 Swiss Startup Award

ETH spin-​offs

Alliance for Cybersecurity

German Mittelstand

Venture Kick

Venture Leaders

Swisscom StartUp Challenge

Swiss Fintech

Digital Switzerland

Swiss Economic Forum

Check out our latest Job Vacancies!

Join the Team!

Top5SwissBank

3BankenIT

WinGD

SWISS

PostFInance

Planzer

University of Bern

itris

Ensec

ARES

Corelight

Alabus

IS4IT

TCSS

NetSec

Trusted by 

Achieve complete network transparency

Monitor and understand complex networks through intuitive visualisations. Benefit from an extensive global map of traffic sources.



Immediately identify cyber threats

Leverage cutting-edge machine learning algorithms to detect sophisticated cyberthreats. Rapid network anomaly detection.



Detection

Respond quickly and effectively

Leverage AI-driven threat scoring and rapid investigation to analyse and respond immediately.



Chief Information Security Officer's challenges – and how Exeon addresses them

We appreciate being in contact with a lot of Chief Information Security Officers. And we understand that while the attack surface and complexity of Cyber Security are growing, resources and budgets are limited.

This is why we compiled some of the most frequently mentioned CISO challenges – and how ExeonTrace effectively helps to master them, making ExeonTrace a trusted and powerful tool for various situations CISOs and security teams are facing every day.

First

Are you facing other challenges that we didn't cover yet?

We are very happy to discuss them with you personally. Book a live demonstration of ExeonTrace.

Chief Information Security Officer's challenges – and how Exeon addresses them

CISO Challenge #1

I don’t know exactly what is happening in my network

CISO Challenge #2

Network traffic encryption makes my tools, which rely on deep packet inspection, become blind

CISO Challenge #3

Writing and maintaining SIEM use cases for network log data is cumbersome

CISO Challenge #4

I need better threat detection than static IOCs

CISO Challenge #5

My current tools (e.g. IDS) create too many false alerts

CISO Challenge #6

I need to identify shadow IT

CISO Challenge #7