Use Cases: APTs, Ransomware, Shadow IT, and more
Security teams face numerous challenges in the pursuit of keeping company networks secure. By offering advanced intrusion detection and efficient detection and investigation capabilities, ExeonTrace can solve various challenges, such as data breaches, ransomware, shadow IT, visualisations, and security policies.
- Based on AI algorithms, ExeonTrace detects covert communication channels to the outside that are hidden within billions of regular DNS and web traffic activities. ExeonTrace’s algorithms can identify novel communication channels used by APTs, for which no signatures exist yet.
- ExeonTrace’s UI navigates you directly to the browsing tree or DNS activities of the malicious endpoint and singles out the suspicious activities to the malicious domain. Complete visibility for a quick and easy response.
- After the attack has been contained and the malicious domain has been blocked, ExeonTrace automatically verifies that all malware has been removed and no C&C channel is active anymore. No alert is overlooked.
Automated detection of C&C channels
Easy navigation through the attack pattern
Verification of the response
- Discover advanced ransomware starting to initiate hidden communication to the outside (e.g. hidden DNS, HTTP or HTTPS channels).
- Detect ransomware scanning your network and endpoints, initiating communication with other internal endpoints deviating from standard communication patterns.
- ExeonTrace detects internal endpoints collecting data from within the network. Furthermore, ExeonTrace detects endpoints sending abnormal amounts of data to the outside or sending data to unusual destinations.
- ExeonTrace analyses SMB data flows to detect clients reading and writing large amounts of data, which is a typical signal for ransomware encrypting data on file shares.
Ransomware settling in your network
Ransomware spreading in your network
Ransomware collecting and stealing data
Ransomware encrypting files on shares
- ExeonTrace automatically correlates network activities with your CMDB to detect rogue devices and unmonitored services. You don’t have an up-to-date CMDB in place? ExeonTrace allows you to build one based on your network data.
- Employees often find a weakness in the web proxy blacklist configuration and upload data to cloud services, file-sharing platforms or other productivity web tools like file format converters. ExeonTrace detects such activities and allows you to enhance your blacklists.
Internal shadow IT: Rogue devices and unmonitored services in your own network
External shadow IT: Use of unauthorised cloud services, file-sharing platforms and other web tools
- ExeonTrace shows you all internal services accessed by hosts from the Internet in a single view.
- ExeonTrace provides powerful drilldown views that are reachable with the click of a button. Zoom in from aggregated events to raw log data to understand your cyber threat exposure at different granularity levels.
- ExeonTrace enhances displayed endpoints with CMDB data, information about network zones, active DNS resolution or even data collected by endpoint agents.
See internal services exposing data to the outside
Drill down from services to clients, to raw log data
Providing context during exposure analysis through data enrichment
- Ensure that all internal clients respect your Internet access policy, such as the mandatory use of a proxy. Detect external clients which access your internal services via unauthorised channels.
- Verify that access to your critical server infrastructure is exclusively performed through your jump host architecture. Alert if an unauthorised endpoint accesses the server infrastructure.
- Monitor the use of administration protocols, such as SSH or RDP, in your network. Detect the use of such protocols by unauthorised clients. Verify that legacy protocols, such as Telnet or FTP, are no longer or only used within your network in exceptional cases.
Define expected communication paths with the internet
Secure your critical server infrastructure
Monitor administration and legacy protocols
Haven't found a use case for you?
We would gladly discuss your specific use cases in a tailored demonstration of the ExeonTrace Platform.