I don’t know exactly what is happening in my network

My SOC is flooded with alerts for networks that are irrelevant (e.g. guest WLANs) - Relevant alerts get lost

I can’t do traffic mirroring in my own or my outsourcer’s network

I need better threat detection than static IOCs

It is cumbersome for security analysts to analyse the data stored in the SIEM

I am required to store network log data, but the huge data volume makes this very expensive

I don’t know whether I can trust the third-party applications in my network

Network traffic encryption makes my tools, which rely on deep packet inspection, become blind

Whitelisting systems in SIEMs is risky and inconvenient

My current tools (e.g. IDS) create too many false alerts

Writing and maintaining SIEM use cases for network log data is cumbersome

I need to identify shadow IT

And how ExeonTrace solves them

Securing corporate networks has become increasingly demanding and more critical than ever. Based on regular exchanges with industry-leading security experts, we have compiled some of the main challenges for Chief Information Security Officers. Discover how the network analysis platform ExeonTrace adds to corporate cyber resilience through the most advanced Network Detection and Response solution.

CISO Challenges of Corporate Network Protection

As CEO and owner of a fast moving logistics company, I cannot afford any system interruptions due to cyber incidents. With ExeonTrace, we have found a Swiss solution to monitor our network and quickly detect cyber threats.

PostFinance has chosen ExeonTrace because of its open and future-proof architecture. Not needing any hardware sensors  and being able to control data flows, we didn’t have to make any significant changes to our existing infrastructure. We are also convinced by the cooperation with the competent and technically outstanding Exeon team.

We especially appreciate the comprehensive network visibility that ExeonTrace offers us. The anomaly detection is also extremely accurate and allows our analysts to focus on the essential threats.

I’m highly impressed by the technical abilities of this Network Detection &amp; Response solution. I can definitely sleep better knowing that we have ExeonTrace in our network.

For us as a managed security service provider, a reliable, fast and highly automated NDR solution like ExeonTrace is the key to long-term and satisfied customer relationships. We are therefore delighted to partner with the Exeon team!

Our mission is to make corporates more secure, provide quality cybersecurity solutions, and create awareness for cyber prevention rather than investing in damage control. For this, Exeon is a perfect partner!

As Co-CEO of alabus, a hidden champion in the field of business process optimization, protecting the data of our Swiss and international customers is of utmost importance to me. I rely on ExeonTrace to do this and am excited about how this solution helps us understand and secure our network.

Log data by x100

Raw traffic by x10'000

(incl. system and application logs)

E.g. data from firewalls, NetFlow, IPFIX, NetFlow, Secure Web Gateways, native clouds (Google, Amazon, Azure) 

ExeonTrace algorithms are built to also analyse cloud data. We currently support all clouds that can provide network flow data (e.g. AWS, GCP, Azure).

1. What is ExeonTrace’s strategic approach for companies moving workloads to cloud?

By relying on NetFlow which exports metadata about all communication that pass through all monitored network devices (also virtualised) it is possible to get a complete coverage of the own infrastructure. ExeonTrace monitors all endpoints for which it receives data. ExeonTrace offers the possibility to integrate with a CMDB and query DNS for hostname resolution. 

2. What network discovery and asset tracking capabilities does ExeonTrace have?

ExeonTrace can integrate events of EDR or XDR solutions into our correlation or feed our detection events into a SIEM solution. ExeonTrace relies on third-party products (i.e. SOAR, Firewalls) to trigger responses via API calls. Information provided by the CMDB can be used for the analysis as well.

 3. Does the product integrate with other sources or products to enrich detections or orchestrate a response action (i.e. - XDR, EDR, SOAR, etc)?  

Light-weight network log data

Stored in graph database, data reduction compared to input data by the factor x100 

The ExeonTrace NDR detection models are unaffected by encrypted payloads because they are designed to detect patterns based on metadata. Thus, the detection capabilities are independent of traffic encryption.

1. What is ExeonTrace’s approach to handling encrypted traffic?

The ExeonTrace analytics stack uses independent life-cycle policies for the raw logs and for the highly aggregated log data stored in the built-in graph database (reduction ~ 100x compared to incoming NetFlow/Corelight logs). The graph database contains all relevant information required to run the detection models and to conduct investigations and threat hunting. Thus, if desired, one can quickly delete the raw logs from the system to reduce storage space. With such a policy, 1 TB of storage can be sufficient to store a history of 3 months of traffic for 10'000 internal endpoints in the graph database. 

2. How are network traffic and meta data stored in ExeonTrace?  

Full representation of IT activities

High-end visualisation, intuitive GUI, fast and interactive drilldowns

The ExeonTrace NDR shows all connections inside a network in a very intuitive way using specialised visualisations. These views show relevant information like active services, clients-server interactions, used protocols and so on. Besides incident handling support and threat hunting, these visualisations provide a very intuitive way to identify shadow IT. malesuada ullamcorper 

1. How can ExeonTrace be used to improve network visibility and network monitoring?

In the visualisation, ExeonTrace offers filtering based on geoip, network ranges or ips, protocols and traffic volume. ExeonTrace will classify the direction of each flow, so that it is possible to filter for clients and server connections. For traffic filtering of the input, tcpdump-like filters are supported.

2. How can traffic be filtered?

 We provide different roles for the different user groups. While regular users can only access information dashboards, other roles allow for configuration capabilities of different levels. We provide a manual that can be downloaded directly from the GUI.

3. Do the graphical user interface(s) of ExeonTrace differ for the various user groups?

Visibility

Supervised and unsupervised ML models, expert use cases, threat correlation, integrate additional logs

Proxy/secure web gateways & DNS log data to detect hidden c&c channels or other policy violations, active directory to correlate user login behaviour. ExeonTrace offers detailed visualisation dashboards that enable threat hunting and a complete overview of all network activities.

1. Beyond traditional network detections, what other type of detection functionality does ExeonTrace have and in what environments?

 ExeonTrace network module is focused on reconnaissance, lateral movement, command and control and exfiltration. By incorporating AD we can also detect account discovery and credential access techniques. The descriptions of various detection events rely on the definitions of the MITRE ATT&CK framework.

2. What MITRE ATT&CK Integration is available with the solution? Does the product classify detections by ATT&CK technique?

The ExeonTrace NDR analyses L3/L4 via Netflow and L7 data for DNS. The corelight sensors analyse all ISO/OSI layers and can for example extract files from HTTP streams.

3. Which ISO/OSI layers and supported protocols can ExeonTrace interpret to detect events?

Anomaly Detection

Graphic representation of security incidents, incident prioritisation, API triggering alerting and response

Alarms are visualized on the built-in dashboard. Further, alarms can be forwarded via REST APIs to a SIEM, ticketing solution or SOAR system, or be sent via mail. Reports show the number of confirmed/whitelisted anomalies. Also, the system health is exposed via the dashboard and the REST API.

1.Please describe reporting mechanisms with regard to detection accuracy, false positive rates and computing resource consumption.

 High-availability relies on underlying technologies (e.g. VMWare ESXi etc.). Backups of databases/configuration can be written to external systems (custom configuration).

2. How would one implement high-availability, zero-downtime and mission critical operation with ExeonTrace? Are there critical dependencies (e.g. internet connection)?

Besides supporting the respective analyst with additional information and a complete visualisation of the network (non-invasive), ExeonTrace has the capabilities to trigger API calls to Firewalls, SOARs or other security frameworks.

 3. Which response mechanisms (invasive, non-invasive) are supported by ExeonTrace?

Response

Visibility into your entire IT/OT network and all its interfaces to identify vulnerabilities (exposed services, shadow IT etc.) and malicious attack patterns in real-time. 



Comprehensive Visibility

Algorithms are unaffected by encrypted payloads since they are built to detect attack patterns based on metadata and not deep packet inspection.



Not affected by encryption

Analysis of light-weight network log data instead of data-heavy traffic mirroring. Metadata can be exported from existing network sources (switches, firewalls etc.) without hardware sensors.

Light-weight log data

As an established Swiss NDR solution, based on a decade of research at ETH Zürich, we maintain a high level of innovation and privacy, which is incorporated in our ExeonTrace platform.



Developed in Switzerland

Main benefits of ExeonTrace

Swiss made software

TOP 100 Swiss Startup Award

ETH spin-​offs

Alliance for Cybersecurity

Venture Kick

Venture Leaders

Swisscom StartUp Challenge

Swiss Fintech

Digital Switzerland

Swiss Economic Forum

Check out our latest Job Vacancies!

Join the Team!

Top5SwissBank

Alabus

University of Bern

V-Zug

PostFInance

Planzer

SWISS

3BankenIT

WinGD

itris

Corelight

IS4IT

ARES

TCSS

NetSec

Ensec

Trusted by 

Achieve complete network transparency

Monitor and understand complex networks through intuitive visualisations. Benefit from an extensive global map of traffic sources.



Immediately identify cyber threats

Leverage cutting-edge machine learning algorithms to detect sophisticated cyberthreats. Rapid network anomaly detection.



Detection

Respond quickly and effectively

Leverage AI-driven threat scoring and rapid investigation to analyse and respond immediately.



ExeonThreatReport - The quick and revealing security review

The ExeonThreatReport security review thoroughly assesses the security state of your internal network by analyzing network flow and DNS log data and/or web proxy log data. Get total network visibility. Fully understand your data flows. Quickly uncover risks, threats, and data breaches.

ExeonThreatReport

ExeonTrace's big data algorithms and machine learning extract hidden information from millions of network records. This allows for full visibility of your network as well as the quick detection and containment of threats and data breaches.

Focusing on what’s already inside your perimeter and where data leaves your network, the ExeonThreatReport is the ideal addition or alternative to a penetration test.

ExeonTrace is easy and light-weight to deploy, as it loads log data from Splunk, Elasticsearch or raw files.

Our engineers deploy ExeonTrace on-site in your data center, analyze your network traffic and provide you with our detailed ExeonThreatReport.

Get the Complete ExeonThreatReport or choose from:

Report types

Get full visibility, incl. communications patterns, data leaks, unusual services and access patterns, and misconfigured devices

Detect attacks: malware, lateral movement, horizontal and vertical scanning, covert channels

Uncover internal shadow-IT: Not registered devices and services

Analysis of your internal & external network traffic.

Network Report

Detect data leaks, such as browser plugins or software collecting data

Detect attacks: Malware and hidden HTTP(S) channels

Identify unauthenticated proxy access and unauthorized/outdated devices

Uncover external shadow-IT: Unauthorized cloud services and uploads

Analysis of the web activities of your internal devices.

Web Report

Other Services

Get in touch with our team to get thorough security state assessment of your internal network.

Get the ExeonThreatReport

Mit der Analyse von Metadaten statt der sonst üblichen Deep Packet Inspection (DPI) etabliert das Schweizer Cybersecurity-Unternehmen Exeon Analytics eine modernisierte und zukunftssichere Network Detection & Response (NDR) Lösung im europäischen Markt. Die Metadaten-Analyse ist – im Gegensatz zu den etablierten, auf DPI basierten Verfahren – von verschlüsseltem Datenverkehr nicht beeinträchtigt.
                                more

Exeon revolutioniert NDR durch Analyse von Metadaten

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be told about our company's core: the Exeon Team. In the first few months of 2022, our team grew by over 30%, and we are ambitious to expand even further in the future. With this mini blog series, our talented colleagues will provide personal insights into working at Exeon. In this blog post, we asked Louis Leclair, our backend development intern, to tell us about his 6-months long internship at Exeon. 
                                more

My internship at Exeon

Der Schweizer NDR-Hersteller (Network Detection and Response) Exeon Analytics verstärkt sein Engagement auf dem deutschen Markt und hat mit Michael Tullius als Sales Director Germany einen erfahrenen Security-Experten an Bord geholt.
                                more

Exeon Analytics ernennt Michael Tullius zum Sales Director Germany

Das Schweizer IT-Security Unternehmen Exeon Analytics warnt davor, Fremdanwendungen bedingungslos zu vertrauen, unabhängig davon, ob es sich um Auftragsentwicklungen oder um Standard-Lösungen renommierter Hersteller handelt. Problematisch ist bei solchen Anwendungen, dass sie oft sehr weitgehende Berechtigungen benötigen oder unnötigerweise bekommen. Dabei agiert solche Fremdsoftware meist als Blackbox ohne Transparenz in die einzelnen Aktionen oder Datenströme. 
 
                                more

Exeon empfiehlt konsequentes Monitoring von Fremdanwendungen

Aufgrund von komplexen und verteilten IT-Prozessen, steigenden Personalkosten und einem zunehmenden Bedarf an IT-Sicherheits-Lösungen, entscheiden sich immer mehr Firmen für Managed Security Services (MSS). Dabei übernimmt ein IT-Dienstleister den Aufbau und Betrieb einer geeigneten, individuell angepassten Sicherheitsarchitektur bestehend aus einzelnen IT-Security Services. Allerdings gibt es massgebliche Unterschiede zwischen den einzelnen Managed Security Service Providers (MSSP). Um besser zu verstehen, was das MSS-Angebot unseres erfolgreichen Partners ensec auszeichnet, haben wir dessen CTO Rolf Scheurer um ein Interview gebeten. 
                                more

Managed Security Services mit Ensec und Exeon

As organisations require a reliable monitoring solution to protect their endpoints from potential threats. As Endpoint Detection and Response (EDR) only provides such protection to a certain extent, organisations must reinforce their security defences with a Network Detection and Response (NDR). Their combined detection capabilities can effectively protect organisations from sophisticated cyberattacks.
                                more

Why Organisations Need Both EDR and NDR for Complete Network Protection

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be told about our company's core: the Exeon Team. In the first few months of 2022, our team grew by over 30%, and we are ambitious to expand even further in the future. With this mini blog series, our talented new colleagues will provide personal insights into working at Exeon and how they experienced their first days. In this first blog post, we interviewed Noè Canevascini, our new Recruitment and IT support intern. 
                                more

My first month at Exeon

Ransomware is one of the most worrying cybersecurity threats for organisations worldwide. In February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory cautioning organisations against the "increased ransomware threat" in 2022. Without proper security controls in place, any organisation is vulnerable to the catastrophic impact of ransomware attacks.
                                more

Ransomware and the Need for NDR to Provide Robust Protection

Das Schweizer IT-Security Unternehmen Exeon Analytics hat die NDR-Plattform ExeonTrace um Cloud-Anbindungen und neue Anomaly-Handling-Funktionalitäten erweitert. Die aktuelle Version vereinfacht sowohl die Einführung als auch den nahtlosen Betrieb von NDR in On-Premise-, Cloud- und hybriden Umgebungen deutlich. Wie bereits die Vorgänger-Versionen ist das aktuelle Release komplett Software-basiert und kommt im Gegensatz zu herkömmlichen Lösungen ohne jede zusätzliche Hardware aus, was nicht nur Investitionen, sondern auch die Betriebskosten reduziert. 
                                more

Exeon vereinfacht den Einsatz von Network Detection and Response

Compromised servers are likely to be used as relays and as an entry point for various attacks against corporate networks, such as ransomware attacks. 
                                more

Severe vulnerability in the Spring Framework

Modern networks have a multitude of third-party systems in use. Consequently, third party applications have become a security-relevant priority in order to protect one's network. Security teams require complete transparency over their IT/OT network.
                                more

Third-party cyber risks – and how ExeonTrace can provide complete system transparency

Zürich/Bassersdorf, 15.02.2022 – ISPIN arbeitet ab sofort mit dem Cybersecurity-Unternehmen und ETH-Spin-off Exeon Analytics zusammen und erweitert ihre Managed Security Services mit der Network Detection & Response (NDR) Plattform ExeonTrace. Kunden profitieren nun von Exeon’s fortschrittlicher Netzwerkanalyse sowie individueller Beratung und Unterstützung durch die erfahrenen ISPIN Cybersecurity-Experten.
                                more

ISPIN erweitert ihre Managed Security Services mit Exeon Analytics

«Network Detection & Response» hat sich innert kürzester Zeit als führende Methode etabliert, um Hacker in Netzwerken frühzeitig zu identifizieren, bevor diese Schaden anrichten. Damit wird «Network Detection & Response» ein zunehmend zentraler Pfeiler einer modernen Cybersecurity-Architektur. Allein der Schweizer Anbieter Exeon Analytics AG hat im Laufe des vergangenen Jahres seine Kundenbasis verdreifacht.
 
                                more

Network Detection & Response etabliert sich als zentraler Cybersecurity-Pfeiler

Today, most Network Detection and Response solutions rely on traffic mirroring and deep packet inspection (DPI). Traffic mirroring is typically deployed on a single core switch to provide a copy of the network traffic to a sensor which uses DPI to thoroughly analyse the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when it comes to encrypted network traffic. Metadata analysis has been specifically developed to overcome these limitations. By utilising metadata for analysis, network communications can be observed at any collection point and be enriched by information providing insights about encrypted communication.
                                more

Deep Packet Inspection vs. Metadata Analysis of NDR solutions

In this blog post, we explain how to work with threatfeeds in ExeonTrace for the detection of devices compromised through the Log4j vulnerability. Our first blog post provides you with more technical background information. 
                                more

Threat Hunting and Detection of the Log4j Exploit using the ExeonTrace NDR – Part II

The remote code execution vulnerability against Apache Log4j2 [https://nvd.nist.gov/vuln/detail/CVE-2021-44228] is one of the most severe vulnerabilities we have seen for a long time. It’s so severe because the vulnerability is very easy to exploit and the Log4j logging library is used by many Java applications. Thus, one must assume that nearly any larger organization is potentially affected, either due to software developed in-house or via Java software provided by suppliers. After giving some background, we’ll explain how one can identify exploited systems using our ExeonTrace NDR software in this blog post.
                                more

Threat Hunting and Detection of the Log4j Exploit using the ExeonTrace NDR

An NDR solution allows an enterprise to strengthen its security defence against advanced cyberthreats and other non-malware attacks. As more enterprises opt to leverage cloud technologies and IoT devices in their IT environment, having an NDR solution is a must for any company that wants to become cyber resilient in today's information age.
                                more

NDR Evaluation Criteria

Women are significantly underrepresented in cybersecurity. Even though this trend is shifting, today, women only represent about a quarter of the cyber workforce. Considering the explosive growth and consequential talent shortage in cybersecurity, it is crucial to encourage more women into the cyber industry. 
                                more

The importance of Diversity in Cybersecurity

Boosted by the continual advancement of digital technologies, cyberattacks are increasing in number and sophistication. The variety of legacy and modern IT systems in use, the interconnection of appliances (that used to run isolated), and the vast number of third-party suppliers are increasingly challenging to holistically protect the IT landscape. 
                                more

SOC Visibility Triad and the role of NDR solutions

Computer networks are the foundation of today's information age and protecting them is a crucial element to ensure the proper functioning of most IT solutions. As most organisations become heavily dependent on computer networks to facilitate work operations, a disruption in network service can have catastrophic consequences on the affected entity.
                                more

Why ExeonTrace is the NDR of choice for CISOs of industry-leading companies across Europe

We are often asked what exactly differentiates ExeonTrace from other Network Detection and Response (NDR) solutions. Our numerous conversations with security professionals show they find ExeonTrace’s data analysis approach most convincing. 
                                more

How does the analysis of existing network log data secure your IT infrastructure?

Digital transformation has witnessed a boost in recent years, especially in the wake of the COVID19 pandemic, which accelerated the adoption of digital technologies by several years in just a few months. Integrating digital technology in business has brought significant benefits. However, it also opened the door wide for new security risks and vulnerabilities. 
                                more

The Importance of an NDR Solution to Early Detect Supply Chain Attacks in Corporate Networks

Die IS4IT-Gruppe, ein führender Anbieter im Bereich Cybersicherheit, und der Schweizer Security-Experte Exeon Analytics mit Sitz in Zürich haben eine gemeinsame Service-Partnerschaft abgeschlossen. Das Unternehmen wird für Exeon den Service und Support in Deutschland übernehmen. Eine entsprechende Übereinkunft haben die beiden Anbieter im Juni unterzeichnet. 
                                more

IS4IT und Exeon Analytics AG vereinbaren Service-Partnerschaft

Prevention and protection are still considered the means of choice when trying to safeguard one's own IT systems. However, the fact that this approach is not sufficient can now be read almost daily in the media. 
                                more

NDR: The new pillar of cybersecurity

The average cost of a data breach is a whopping €3.18 million (or $3.86 million at the time of writing this article). As intruders on enterprise networks increased dramatically, it’s now critical to detect and eliminate threats before any real damage is done.
                                more

Next-Gen Network Detection & Response

Cyber attacks are becoming more frequent and more serious. The most recent example is the worldwide attack on Microsoft's Exchange Server: In March, hackers infiltrated the system via four security holes. This allowed them to log in as administrator without a password and thus read emails or access passwords and devices of their victims in the network. An estimated 250,000 systems were affected - 30 per cent of them in the DACH region. The fact that so many companies in German-speaking countries fell victim to the attack is no coincidence. In many places, especially in medium-sized businesses, the necessary security awareness is still lacking.
                                more

Attack on MS Exchange Server:  BSI declares "red" alert for the first time in seven years

Swiss cyber security provider Exeon Analytics AG is expanding into the European market with the ambition to become the leading «Network Detection and Response» provider in Europe. Well-known investors acknowledge the potential of the Swiss solution and support the project with know-how and funds amounting to around 4 million Swiss francs. The ETH spin-off Exeon already has a well-known customer base in Switzerland, including two of the five largest Swiss banks and logistics companies. The first major customers have also been won in Germany and Austria.
 
                                more

Swiss cyber security company Exeon accelerates European Go-to-Market

Visit NDRdaily and get daily insights on Network Detection & Response, Network Visibility and Cyber Resilience or signup to the newly launched industry newsletter. 
                                more

Our digital Cyber Security magazine „NDRdaily” is live now.

This webinar gives a brief introduction of the NIST framework and zooms in on the Detect function to elaborate on the changing implementations of a SIEM solution over the past years in the finance industry. Also, a live hack is conducted directly in the webinar to show how inducers discover and spread throughout a network and how a state-of-the art security architecture can help detect them. 
                                more

Webinar: State-of-the-art Cyber Security Architecture in the finance industry

Cyber attacks are becoming more and more frequent and the damage caused to companies is correspondingly greater. Exposed entry points for hackers (Microsoft Exchange, SolarWinds, etc.) are just the tip of the iceberg. Phising activities on employees are also becoming increasingly sophisticated. In short, whether hackers are active in your network is only a matter of time - if they're not already in it. Fast, reliable and holistic network monitoring for early detection of anomalies is therefore more important than ever.
                                more

Visibility NOW – complete visibility of network activities, faster than ever before

More than hundreds of thousands of Microsoft Exchange servers have been hacked globally, whereas the DACH region seems to be highly affected. This Blogpost explains how ExeonTrace can help to detect the intrusion through automated and manual network analysis. 
                                more

How ExeonTrace can help detect the Microsoft Exchange hack

The protection of customer data is of eminent importance, especially in the financial industry. To ensure their data security, financial institutions are therefore faced with the challenge of staying one step ahead of attackers and protecting their systems, processes and employees as best as possible...
                                more

Webinar: Protecting Customer Data against Breaches - Focus on the Financial Sector

Sunburst one of the largest cyberattacks in history with far-reaching, devastating effects that are still unforeseeable today...
                                more

Webinar @Swiss Cyber Forum: Sunburst Attack - core elements and key insights for enterprises

Zurich, February 15, 2021 - Various media are reporting today on a warning from the cybersecurity company Eset. The latter had reported that the hacker group "Evilnum" has been targeting Switzerland fintech companies since December 2020.
                                more

Cyberattack on Swiss fintechs: surveillance can prevent fatal consequences

Exeon is expanding its Executive Management with an experienced Chief Marketing Officer. Gregor Erismann, who will take up the position on February 1, 2021, was previously a member of the Executive Board and CMO of the digital agency Namics. With this move, Exeon strengthens its Go-to-Market with the aim of becoming Europe's leading provider of Network Detection & Response solutions. 
                                more

ExeonThreatReport - The quick and revealing security review

Report types

Network Report

Web Report

Discover our other services

Advisory Services

Implementation Services

Technical Support

NDR as a Service

Get the ExeonThreatReport