Modern cyberattacks are no longer carried out by exploiting technical vulnerabilities. Instead, attackers rely on compromised credentials, legitimate privileges, or internal accounts. As a result, attacks increasingly originate from within and often remain undetected for long periods by traditional security solutions.
Exeon Analytics, the Swiss cybersecurity specialist, announces today Exeon.UEBA, the new solution for analyzing user, entity, and application behavior that directly addresses this type of threat. UEBA (User and Entity Behavior Analytics) complements the established Network Detection & Response solution Exeon.NDR and extends security analytics beyond the network layer to identies and applications.
While Exeon.NDR has been analyzing network activity and detecting threats based on metadata for several years, Exeon.UEBA focuses on suspicious behavior within legitimately used systems. To achieve this, the solution analyzes log data from user and administrator identities, enterprise applications – including SaaS, custom, and legacy apps – APIs, service accounts, as well as access and infrastructure systems such as VPNs or IAM platforms.
Behavior analytics instead of isolated events
Exeon.UEBA correlates events across systems and evaluates them as coherent behavioral patterns. This makes it possible to reliably detect, for example, password spraying attacks across multiple applications, misuse of access to business-critical systems, or suspicious privilege changes – even when individual log entries appear harmless in isolation.
Using stream-based analytics, Exeon.UEBA processes very large log volumes in real time and delivers precise, prioritized alerts with full context, instead of overwhelming security teams with a flood of isolated events.
More efficient incident handling and lower SIEM costs
A key advantage of Exeon.UEBA is the operational relief it provides to Security teams. Intelligent correlation reduces false positives significantly and helps identify real threats more quickly. At the same time, the risk of false negatives is reduced, as complex, multi-stage attack patterns can also be detected.
In addition, Exeon.UEBA helps reduce SIEM costs. Through smart data handling – including normalization, deduplication, and aggregation of log data – only security-relevant alerts are forwarded to downstream SIEM or SOAR systems. This reduces data volumes, licensing costs, and manual analysis effort.
Flexible deployment with a built-on data sovereignty
Exeon.UEBA can be deployed fully on premises, in private cloud environments, or in air-gapped setups. All analysis is performed within the Exeon appliance, and sensitive identity data can be processed in encrypted or anonymized form, enabling organizations in regulated industries to use behavior analytics in a compliant manner while maintaining full control over their data.
“With UEBA, we are extending Exeon’s proven security analytics approach beyond the network layer to where modern attacks actually happen: identities and applications,” says Gregor Erismann, Co-CEO of Exeon Analytics. “Together with Exeon.NDR, organizations gain complementary visibility that closes critical detection gaps and enables faster, more efficient response.”
About Exeon Analytics
Exeon Analytics delivers holistic security analytics for organizations facing growing blind spots, encrypted traffic, and increasing regulatory pressure. Exeon’s products combine comprehensive data collection, highly efficient and scalable processing, and intelligent correlation to provide full visibility across networks, users, and applications – including custom-built applications, legacy systems, and hybrid environments.
By combining AI-based behavior analytics with flexible rule logic, Exeon reliably detects known and unknown threats, even at large data volumes. Alerts are contextual and action-oriented, enabling fast and confident response. As expert systems that integrate seamlessly into existing SOC and SIEM environments, Exeon solutions reduce complexity, lower SIEM costs, and support compliance with NIS2, DORA, GDPR, and data sovereignty requirements – on premises or in cloud environments. Customers such as PostFinance, SWISS International Air Lines, BonnNetz, Klinikum Dortmund, and the Swiss Federal Administration rely on Exeon Analytics to effectively detect cyber threats.
