Exeon revolutionises NDR through metadata analysis

Zurich, 27 July 2022 - With the analysis of metadata instead of the otherwise common Deep Packet Inspection (DPI), the Swiss cybersecurity company Exeon Analytics is establishing a modernised and future-proof Network Detection & Response (NDR) solution in the European market. The metadata analysis is - in contrast to the established DPI-based procedures - not affected by encrypted data traffic. This is relevant as modern cyber attacks such as APTs, ransomware and lateral movements rely heavily on encrypted communications for attack instructions from remote command and control (C&C) servers. Traditional NDR solutions typically detect such operations using comprehensive data analysis, but this cannot be done in the case of encrypted traffic. Exeon's technology is based on metadata, which is fully available even in the case of encrypted traffic.

"While the DPI approach offers detailed analysis of individual data packets, it requires an immense amount of computing power and is blind when it comes to encrypted network traffic," explains Gregor Erismann, CCO of Exeon Analytics. "Metadata analysis allows us to overcome these limitations. By analysing metadata, network communication can be observed at any capture point and enriched with information that provides insight into encrypted communication."

Monitor encrypted traffic

The ExeonTrace NDR solution enables security teams to monitor all communications, including encrypted traffic, even in complex and distributed IT/OT networks with very high bandwidth. To provide security teams with information about all network traffic, metadata analysis captures a variety of attributes about network communications, applications and actors. For example, it records source/destination IP addresses, session duration, protocols used (TCP, UDP) and the type of services used. In addition, log data analysis can capture many other important attributes that are effective in detecting and preventing advanced cyber attacks. These include, for example, DNS and DHCP information, the assignment of users to systems based on DC log data, or various object hashes of JavaScripts and images.

Efficient storage and facilitated forensics

Analysis of metadata, supplemented by system and application logs, enables security teams to detect network vulnerabilities (e.g. shadow IT) and cyber threats early, as well as sharpen visibility into the entire IT/OT network. In addition, lightweight metadata enables efficient storage of historical records, which greatly facilitates forensic investigations. In addition, the use of an NDR solution based on the metadata approach enables monitoring of all traffic on the enterprise network to identify suspicious activity and vulnerabilities on all network-connected devices - including IoT devices.

Press contact: Gregor Erismann CCO Exeon Analytics, gregor.erismann@exeon.com, +41 78 797 05 09