Future-proof Network Detection & Response

ExeonTrace’s future-proof approach is based on metadata analysis and therefore does not require any traffic mirroring. ExeonTrace’s algorithms are especially built for the analysis of encrypted data which cannot be analysed with traditional Network Detection & Response (NDR) solutions.

ExeonTrace also allows for the analysis of multiple data sources including native cloud applications and is therefore the leading solution for highly virtualised and distributed networks.

In a more schematic way, this is how ExeonTrace works:

Light-weight network log data

E.g. data from firewalls, NetFlow, Secure Web Gateways, IPFIX, native clouds (Google, Amazon, Azure)

ExeonTrace algorithms

Full representation of IT activities

Stored in graph database with data reduction compared to input data by the factor x100

Used for

Visibility

High-end visualisation, intuitive GUI, fast and interactive drilldowns

Anomaly Detection

Supervised and unsupervised ML models, expert use cases, threat correlation, integrate additional logs

Response

Graphic representation of security incidents, incident prioritisation, API triggering alerting and response

Combining the best from traditional Network Detection & Response solutions and SIEMs

ExeonTrace works with light-weight log data as SIEMs do, while traditional Network Detection & Response solutions rely on traffic mirroring. For the data analysis, ExeonTrace provides specialised detection algorithms for network log data - like traditional NDRs.

Traditional NDR
ExeonTrace
SIEM
Data collection
Data analysis
Data visualisations
Log data storage
Threat detection
Expensive traffic mirroring
Light-weight log data
Specialised detection algorithms for network log data
Manual data analysis
Intuitive data visualisations
No data visualisations
Limited long-term storage functionalities
Significant data reduction*

Log data by x100

Raw traffic by x10'000

Very expensive due to data volume
Relying on network traffic only
Holistic detection covering different data sources

(incl. system and application logs)

ExeonTrace compared to Traditional Network Detection & Response

ExeonTrace relies on network log data instead of traffic mirroring

ExeonTrace is specifically built for the analysis of meta data.

ExeonTrace doesn’t effect network performance

Larger companies that use traditional NDR report a decrease of their network performance due to the bandwidth required for mirroring. Since ExeonTrace uses very light-weight logs there is no such effect on the network performance.

ExeonTrace requires no hardware sensors

ExeonTrace is applied virtually: it uses logs from existing network infrastructure (proxy, NetFlow, cloud flow logs, etc.). No hardware/agents required.

ExeonTrace enables full visibility into HTTP(S)

Proxy analysis provides full visibility into HTTP(S) (traditional NDR solutions are blind when it comes to HTTPS details).

ExeonTrace gets log data from many collection points

Instead of getting the data only from core switches, ExeonTrace integrates log data from many and distributed collection points, which results in detailed visibility and superior analytics.

ExeonTrace compared to SIEM

ExeonTrace brings intuitive data visualisation

ExeonTrace takes the data, transforms it into algorithms, and then stores it in the graph database which allows customers to reduce the typical data volume by about a factor of 100.

ExeonTrace brings ready-made use cases

With ExeonTrace one does not have to write complicated queries because we bring ready-made visualisations and use cases.

ExeonTrace is faster when it comes to navigating the data

ExeonTrace works with its graph database, while the SIEM will always have to search the old logs.

ExeonTrace brings advanced detection

SIEMs are missing algorithms that contain network specific knowledge (that ExeonTrace provides).

Main benefits of ExeonTrace

Comprehensive Visibility

Comprehensive Visibility

Visibility into your entire IT/OT network and all its interfaces to identify vulnerabilities (exposed services, shadow IT etc.) and malicious attack patterns in real-time.

Not affected by encryption

Not affected by encryption

Algorithms are unaffected by encrypted payloads since they are built to detect attack patterns based on metadata and not deep packet inspection.

Light-weight log data

Light-weight log data

Analysis of light-weight network log data instead of data-heavy traffic mirroring. Metadata can be exported from existing network sources (switches, firewalls etc.) without hardware sensors.

Developed in Switzerland

Developed in Switzerland

As an established Swiss NDR solution, based on a decade of research at ETH Zürich, we maintain a high level of innovation and privacy, which is incorporated in our ExeonTrace platform.

Need more information?

Watch the video to see how the analysis of existing network data secures your IT infrastructure