Exeon at Locked Shields 2026: Testing NDR where it matters most
Organized annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), Locked Shields is the world’s largest live-fire cyber defence exercise. 41 nations, thousands of participants, and coordinated cyberattacks executed in real time against teams defending critical national infrastructure. There is no safety net. The attacks are real. The pressure is real.
For cybersecurity vendors, participation in Locked Shields is one of the few opportunities to test technology against the kind of coordinated, multi-vector attacks that real nation-state actors deploy. Unlike vendor-run demos or controlled lab environments, Locked Shields provides no prior knowledge of attack scenarios, no favorable conditions, and no second chances. The results here speak for themselves.
This year, Exeon was proud to support Blue Team 1, the joint team of Switzerland, Germany, Austria, and Luxembourg, throughout the five-day exercise. The team secured 2nd place overall and ranked 1st in the technical resilience category, one of the core disciplines evaluated alongside situational awareness, legal, communication, and forensics.
Deploying Exeon.NDR in a live-fire environment
Exeon deployed Exeon.NDR across all four nations of Blue Team 1, trained analysts on its use, and provided support throughout the exercise. Under those conditions, the platform detected multiple command-and-control (C2) channels, lateral movement, and customized malware developed specifically for the scenario by the exercise’s Red Team.
This is what Locked Shields uniquely provides: not synthetic test data, but real attack telemetry generated by skilled adversaries operating under exercise conditions designed to replicate nation-state-grade threats.
As Philipp Lachberger, Head of Presales and Deployment at Exeon, reflected after the exercise:
“ The results are a strong validation of both Exeon.NDRs capabilities, and of the analysts who used it under pressure.”
Key Outcomes
- 2nd place overall for joint Blue Team 1 (Switzerland, Germany, Austria, Luxembourg)
- 1st place in the technical resilience category, where Exeon.NDR was deployed
- Detection of multiple C2 channels, lateral movement, and customized malware developed by the Red Team for the exercise
- Cross-border deployment and analyst training across all four participating nations of Blue Team 1
About Locked Shields
Locked Shields is an annual live-fire cyber defence exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia. It is widely regarded as the most complex and realistic exercise of its kind, challenging Blue Teams from participating nations to defend critical national infrastructure against sustained, advanced attacks under realistic conditions. The 2026 edition included 41 nations.
𝘗𝘩𝘰𝘵𝘰 𝘤𝘰𝘶𝘳𝘵𝘦𝘴𝘺 𝘰𝘧 Kommando Cyber
