CISO Challenge #9
My SOC is flooded with alerts for networks that are irrelevant (e.g. guest WLANs) - Relevant alerts get lost
Security specialists are indisputably key to secure the company infrastructure. It is therefore of highest importance they can concentrate on the relevant incidents and are not flooded with unnecessary alerts.
Exeon's approach
- ExeonTrace allows you to configure its sensitivity individually for network zones
- If needed, the Exeon engineers support with setting up a policy that immediately escalates detected incidents in high-criticality zones (e.g. your server network)– while incidents in low-criticality zones are only escalated in case of repeated violations or not at all
Benefits for CISOs and security teams
- Less alerts, and especially less false alerts
- SOCs can focus on relevant incidents
What if you could dramatically reduce false alerts?
While risk-based alerting enhances security, issues such as false alerts, complexity, evolving cyber-threats, resource allocation and data quality must be addressed.
This is exactly what our new whitepaper explains - find out how Network Detection & Response is the solution to this CISO challenge.
How future-proof cybersecurity helps: Network Detection & Response
The Network Detection & Response solution ExeonTrace obtains log data from many collection points.
Instead of getting the data only from core switches, ExeonTrace integrates log data from various and numerous distributed collection points, resulting in detailed visibility and superior analytics. This approach never gets outdated as it consistently learns and adapts.
Network Detection & Response (NDR) solutions maintain continuous surveillance over network traffic, endpoints, and various data sources to pinpoint potential instances of suspicious or malicious activities. They gather and consolidate information from diverse sources, including network devices, servers, applications, and endpoints. This encompasses network logs (NetFlow, IPFIX, firewall logs), communication logs, events, alerts, and connections generated by the system or initiated by internal servers.
NDR normalizes and enriches the collected data to ensure uniformity and to maximize contextual information. Enrichment involves adding meta-data, asset details, user information, and evaluating the potential impact of the event, such as its source and destination. This approach facilitates even more thorough monitoring of potential anomalies, providing contextual insights into network traffic and user behavior.
Through real-time behavioral analysis of network traffic and user actions, coupled with comprehensive contextual information, NDR enhances the precision of individual risk assessments. This capability enables swift identification and response, even in the face of advanced incidents and advanced persistent threats (APTs).
Unique benefits of ExeonTrace
Comprehensive visibility
Visibility into your entire IT/OT network and all its interfaces to identify vulnerabilities (exposed services, shadow IT etc.) and malicious attack patterns in real-time.
Not affected by encryption
Algorithms are unaffected by encrypted payloads since they are built to detect attack patterns based on metadata and not deep packet inspection.
Light-weight log data
Analysis of light-weight network log data instead of data-heavy traffic mirroring. Metadata can be exported from existing network sources (switches, firewalls etc.) without hardware sensors.
Developed in Switzerland
As an established Swiss NDR solution, based on a decade of research at ETH Zürich, we maintain a high level of innovation and privacy, which is incorporated in our ExeonTrace platform.