Future-proof Network Detection & Response
ExeonTrace’s future-proof approach is based on metadata analysis and therefore does not require any traffic mirroring. ExeonTrace’s algorithms are especially built for the analysis of encrypted data which cannot be analysed with traditional Network Detection & Response (NDR) solutions.
ExeonTrace also allows for the analysis of multiple data sources including native cloud applications and is therefore the leading solution for highly virtualised and distributed networks.
In a more schematic way, this is how ExeonTrace works:
Light-weight network log data
E.g. data from firewalls, NetFlow, Secure Web Gateways, IPFIX, native clouds (Google, Amazon, Azure)
Full representation of IT activities
Stored in graph database with data reduction compared to input data by the factor x100
High-end visualisation, intuitive GUI, fast and interactive drilldowns
Supervised and unsupervised ML models, expert use cases, threat correlation, integrate additional logs
Graphic representation of security incidents, incident prioritisation, API triggering alerting and response
Combining the best from traditional Network Detection & Response solutions and SIEMs
ExeonTrace works with light-weight log data as SIEMs do, while traditional Network Detection & Response solutions rely on traffic mirroring. For the data analysis, ExeonTrace provides specialised detection algorithms for network log data - like traditional NDRs.
Log data by x100
Raw traffic by x10'000
(incl. system and application logs)
ExeonTrace compared to Traditional Network Detection & Response
- ExeonTrace is specifically built for the analysis of meta data.
- Larger companies that use traditional NDR report a decrease of their network performance due to the bandwidth required for mirroring. Since ExeonTrace uses very light-weight logs there is no such effect on the network performance.
- ExeonTrace is applied virtually: it uses logs from existing network infrastructure (proxy, NetFlow, cloud flow logs, etc.). No hardware/agents required.
- Proxy analysis provides full visibility into HTTP(S) (traditional NDR solutions are blind when it comes to HTTPS details).
- Instead of getting the data only from core switches, ExeonTrace integrates log data from many and distributed collection points, which results in detailed visibility and superior analytics.
ExeonTrace relies on network log data instead of traffic mirroring
ExeonTrace doesn’t effect network performance
ExeonTrace requires no hardware sensors
ExeonTrace enables full visibility into HTTP(S)
ExeonTrace gets log data from many collection points
ExeonTrace compared to SIEM
- ExeonTrace takes the data, transforms it into algorithms, and then stores it in the graph database which allows customers to reduce the typical data volume by about a factor of 100.
- With ExeonTrace one does not have to write complicated queries because we bring ready-made visualisations and use cases.
- ExeonTrace works with its graph database, while the SIEM will always have to search the old logs.
- SIEMs are missing algorithms that contain network specific knowledge (that ExeonTrace provides).
ExeonTrace brings intuitive data visualisation
ExeonTrace brings ready-made use cases
ExeonTrace is faster when it comes to navigating the data
ExeonTrace brings advanced detection
Need more information?
Watch the video to see how the analysis of existing network data secures your IT infrastructure