Reliable intrusion prevention even for encrypted network traffic and zero-day attacks

Reliable intrusion prevention even for encrypted network traffic and zero-day attacks Zurich, September 22, 2022 - With ExeonTrace, Swiss security company Exeon Analytics offers an intrusion detection solution that goes far beyond the capabilities of traditional intrusion prevention systems (IPS). In particular, ExeonTrace can detect zero-day attacks, against which IPS solutions cannot provide protection due to their signature-based detection. While such systems are suitable for automated detection and defense against known attacks, they must be supplemented by other security solutions for comprehensive protection.

Depending on the research, 80 to 90 percent of global network traffic is encrypted today - and the trend is still rising. This encryption protects the confidentiality and integrity of sensitive business data. On the other hand, the signature-based detection approach of IPS and other solutions cannot be applied to encrypted payloads to detect and prevent intrusion attempts. To overcome this limitation, the firewall would have to decrypt all traffic, which can lead to a host of other security issues. ExeonTrace, on the other hand, is based on the analysis of metadata and is therefore also able to examine encrypted network communication and detect corresponding attacks.

NDR provides a complete picture instead of individual alarms

In addition, while IPS solutions typically generate individual alerts, they do not correlate these alerts to provide an overall picture of the threat landscape. This makes it difficult for security teams to distinguish a real threat from false alerts or to assess them based on their dangerousness. This limitation can significantly impact response time and give attackers a head start to break into the enterprise. Unlike IPS, ExeonTrace, as a network detection and response (NDR) solution, does not rely on signature-based detection of cyberattacks. Instead, it uses machine learning algorithms to examine network communications in near real-time.

First correlation provides big picture

For example, ExeonTrace establishes a baseline of "normal" network behavior via continuous analysis of raw traffic. If there are deviations from this, the solution first analyzes and correlates the anomalies and then generates alerts as appropriate to indicate a potential threat within the network environment. This AI-based process also enables detection of unknown zero-day attacks for which signatures do not yet exist. For example, the ExeonTrace NDR platform has an ML model that can detect the Domain Generation Algorithm (DGA) used in the 2020 SolarWinds Sunburst attack. The ML algorithms also detect novel malware for which a signature is not yet available.

"While IPS can detect known attacks and enable organizations to automatically remediate some network vulnerabilities, NDR solutions can help detect and respond to more sophisticated and yet unknown attacks," said Gregor Erismann, CCO of Exeon Analytics. "If the IPS fails or an attacker manages to penetrate the network, an NDR solution enables rapid detection and efficient handling." In addition, events from existing IPS/IDS solutions can easily be incorporated into threat assessments to provide organizations with comprehensive and continuous protection from attackers.

About Exeon Analytics

Exeon Analytics AG is a Swiss cybertech company specializing in protecting IT and OT infrastructures through AI-driven security analytics. The Network Detection and Response (NDR) platform ExeonTrace offers companies the ability to monitor networks, detect cyber threats immediately and thus effectively protect their own company's IT landscape - quickly, reliably and completely software-based.

The self-learning algorithms for early detection of cyber attacks were developed at ETH Zurich (Swiss Federal Institute of Technology Zurich) and are based on more than ten years of academic research. Exeon has received several awards, is internationally active and counts well-known companies such as PostFinance, V-Zug, SWISS International Airlines and the logistics group Planzer among its customers.

Press Contact: Gregor Erismann, CCO Exeon Analytics, gregor.erismann@exeon.com, +41 78 797 05 09