Cyber attacks are becoming more frequent and more serious. The most recent example is the worldwide attack on Microsoft's Exchange Server: In March, hackers infiltrated the system via four security holes. This allowed them to log in as administrator without a password and thus read emails or access passwords and devices of their victims in the network. An estimated 250,000 systems were affected - 30 per cent of them in the DACH region. The fact that so many companies in German-speaking countries fell victim to the attack is no coincidence. In many places the necessary security awareness is still lacking.

Attack on MS Exchange Server: BSI declares "red" alert for the first time in seven years

Cyber attacks are becoming more and more frequent and the damage caused to companies is correspondingly greater. Exposed entry points for hackers (Microsoft Exchange, SolarWinds, etc.) are just the tip of the iceberg. Phishing activities on employees are also becoming increasingly sophisticated. In short, whether hackers are active in your network is only a matter of time - if they're not already in it. Fast, reliable and holistic network monitoring for early detection of anomalies is therefore more important than ever.

Visibility NOW - complete visibility of network activities, faster than ever before

Ransomware is one of the most worrying cybersecurity threats for organisations worldwide. In February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory cautioning organisations against the "increased ransomware threat" in 2022. Without proper security controls in place, any organisation is vulnerable to the catastrophic impact of ransomware attacks.

Ransomware and the Need for NDR to Provide Robust Protection

We are often asked what exactly differentiates ExeonTrace from other Network Detection and Response (NDR) solutions. Our numerous conversations with security professionals show they find ExeonTrace’s data analysis approach most convincing. 

How does the analysis of existing network log data secure your IT infrastructure?

The average cost of a data breach is a whopping €3.18 million (or $3.86 million at the time of writing this article). As intruders on enterprise networks increased dramatically, it’s now critical to detect and eliminate threats before any real damage is done. This makes robust Network Detection and Response (NDR) vital to cyber security.

Next-Gen Network Detection & Response

Prevention and protection are still considered the means of choice when safeguarding one's own IT systems. However, the fact that this approach is not sufficient can now be read almost daily in the media. Current cases such as the attack on Microsoft Exchange, Colonial Pipeline in the United States or, most recently, Siegfried in Switzerland illustrate the dangers: Business interruptions, loss of trust among customers and partners, product defects or legal consequences.

NDR: The new pillar of cybersecurity

The Swiss cybersecurity provider Exeon Analytics AG has set itself the goal of becoming the leading "network detection and response" provider in Europe. Well-known investors see the potential of the Swiss solution and support the project with know-how and funds amounting to more than CHF4 million. The ETH spin-off Exeon already has a wide customer base in Switzerland, including two of the five largest Swiss banks and well-known logistics companies. The first major customers have also already been acquired in Germany and Austria. 

Swiss cyber security company Exeon accelerates European Go-to-Market

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be told about our company's core: the Exeon Team. In the first few months of 2022, our team grew by over 30%, and we are ambitious to expand even further in the future. With this mini blog series, our talented new colleagues will provide personal insights into working at Exeon and how they experienced their first days. In this first blog post, we interviewed Noè Canevascini, our new Recruitment and IT support intern. 

My first month at Exeon - Noè Canevascini, Recruitment intern and IT support. 

The Swiss IT security company Exeon Analytics warns against trusting third-party applications unconditionally, regardless of whether they are contract developments or standard solutions from renowned manufacturers. The problem with such applications is that they often require extensive authorisations or receive them unnecessarily. At the same time, such third-party software usually acts as a black box without transparency into the individual actions or data streams. 

Exeon recommends consistent monitoring of third-party applications

Swiss network detection and response (NDR) vendor Exeon Analytics is strengthening its commitment to the German market and has brought Michael Tullius on board as Sales Director Germany, an experienced security expert.

Exeon Analytics appoints Michael Tullius as Sales Director Germany

Intrusion incidents have become very common in recent years, with widescale cyberattacks affecting organisations virtually every week. Threat actors are constantly trying to break into enterprise networks and compromise business assets. To prevent a breach from occurring, many companies employ Intrusion Prevention Systems (IPS). In order to identify and prevent threats, these solutions rely on signature-based detection, which allows for automatic intrusion detection. However, this approach can cause various blind spots and weaknesses in network protection. Network Detection and Response (NDR) can overcome these drawbacks for more reliable and holistic protection against intrusions. 

How Network Detection and Response (NDR) Fills the Security Gaps of Intrusion Prevention Systems (IPS) 

ExeonTrace, our future-proof Network Detection & Response platform, has been recognised as one of the best network security providers by Cybernews. ExeonTrace is an AI-driven network analysis solution that can detect and eliminate sophisticated cyberthreats before they cause any harm to organisations.  

Exeon featured as a top network security provider 

Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches.

Why Organisations Need Both EDR and NDR for Complete Network Protection

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be told about our company's core: the Exeon Team. In the first few months of 2022, our team grew by over 30%, and we are ambitious to expand even further in the future. With this mini blog series, our talented colleagues will provide personal insights into working at Exeon. In this blog post, we asked Louis Leclair, our backend development intern, to tell us about his 6-months long internship at Exeon. 

My internship at Exeon – Louis Leclair, Back-End Developer Intern

Due to complex and distributed IT processes, rising personnel costs and an increasing need for IT security solutions, more and more companies are opting for Managed Security Services (MSS). In this case, an IT service provider takes over the development and operation of a suitable, individually adapted security architecture consisting of individual IT security services. However, there are significant differences between the individual Managed Security Service Providers (MSSP). To better understand what distinguishes the MSS offering of our successful partner Ensec, we asked its CTO Rolf Scheurer for an interview.

Managed Security Services with Ensec and Exeon

With the analysis of metadata instead of the otherwise common Deep Packet Inspection (DPI), the Swiss cybersecurity company Exeon Analytics is establishing a modernised and future-proof Network Detection & Response (NDR) solution in the European market. The metadata analysis is - in contrast to the established DPI-based procedures - not affected by encrypted data traffic. This is relevant as modern cyber attacks such as APTs, ransomware and lateral movements rely heavily on encrypted communications for attack instructions from remote command and control (C&C) servers

Exeon revolutionises NDR through metadata analysis 

IS4IT Group, a leading provider in the field of cyber security, and the Swiss security expert Exeon Analytics, headquartered in Zurich, have concluded a joint service partnership. The company will provide service and support in Germany for Exeon. The two providers signed a corresponding agreement in June. 

IS4IT and Exeon Analytics AG agree on service partnership 

Women are significantly underrepresented in cybersecurity. Even though this trend is shifting, today, women only represent about a quarter of the cyber workforce. Considering the explosive growth and consequential talent shortage in cybersecurity, it is crucial to encourage more women into the cyber industry.

The importance of Diversity in Cybersecurity

An NDR solution allows an enterprise to strengthen its security defence against advanced cyberthreats and other non-malware attacks. As more enterprises opt to leverage cloud technologies and IoT devices in their IT environment, having an NDR solution is a must for any company that wants to become cyber resilient in today's information age.

NDR Evaluation Criteria

Boosted by the continual advancement of digital technologies, cyberattacks are increasing in number and sophistication. The variety of legacy and modern IT systems in use, the interconnection of appliances (that used to run isolated), and the vast number of third-party suppliers are increasingly challenging to holistically protect the IT landscape.

SOC Visibility Triad and the role of NDR solutions

Modern networks have a multitude of third-party systems in use. Consequently, third-party applications have become a security-relevant priority in order to protect one's network. Security teams require complete transparency over their IT/OT network.

Third-party cyber risks – and how ExeonTrace can provide complete system transparency

"Network Detection & Response" has quickly established itself as the leading method for identifying hackers in networks at an early stage, before they cause any damage. Network Detection & Response" is thus becoming an increasingly central pillar of a modern cybersecurity architecture. The Swiss provider Exeon Analytics AG alone has tripled its customer base over the past year.

Network Detection & Response establishes itself as central cybersecurity pillar

Compromised servers are likely to be used as relays and as an entry point for various attacks against corporate networks, such as ransomware attacks. Besides relying on ExeonTrace’s automated detection, Exeon’s customers can retrospectively check the network behaviour of potentially vulnerable servers using the “Client server pairs” visualization, as outlined in our previous post on the detection of Log4j.
The ExeonTrace NDR solution itself doesn’t use Spring and is therefore unaffected by the vulnerability.

Severe vulnerability in the Spring Framework

In this blog post, we explain how to work with threatfeeds in ExeonTrace for the detection of devices compromised through the Log4j vulnerability. Our first blog post provides you with more technical background information.

Threat Hunting and Detection of the Log4j Exploit using the ExeonTrace NDR - Part II

Corporate IT networks are the foundation of today's information age and protecting them is a crucial element to ensure the proper functioning of IT solutions. As most organisations become heavily dependent on computer networks to facilitate work operations, a disruption in network service can have catastrophic consequences on the affected entity.

Why ExeonTrace is the NDR of choice for CISOs of industry-leading companies across Europe

Zurich/Bassersdorf, 15.02.2022 - ISPIN is now working with cybersecurity company and ETH spin-off Exeon Analytics to expand its Managed Security Services with the Network Detection & Response (NDR) platform ExeonTrace. Customers now benefit from Exeon's advanced network analytics as well as individual consulting and support from ISPIN's experienced cybersecurity experts. 

ISPIN expands its Managed Security Services with Exeon Analytics

Every year the crème de la crème of the Swiss Start-up scene meets in Zurich for the annual Swiss Startup Award ceremony. What a night! We are thrilled to be named among the Top 5 Swiss startups by the industry event of the year: Top 100 Swiss Startup Award. A big thank you to our customers, team and investors for their ongoing trust and support.



Exeon amongst the Top 5 Swiss Startups

A wide-spread cyber-attack against multiple government agencies, critical infrastructure providers and private sector organizations such as FireEye was made public this December. The attackers breached their victims' IT networks by compromising the software supplier SolarWinds, which allowed them to install a Remote Access Trojan (RAT) through SolarWinds' software update mechanism. In this blog you learn how ML-based detection mechanisms contain such attacks before signatures or Indicators Of Compromise (IOCs) are publicly known.

Detecting the highly evasive Sunburst attack using an (old) ML model

The global financial stability is increasingly at risk thorugh cyber attacks, claims the IMF according to a recent report. The authors argue that cyber attacks become easier to undertake, increasingly sophisticated and, as an effect, much more prevalent.

Cyber attacks threaten financial stability

Today, companies collect huge amounts of security-relevant data for cyber monitoring. But the problem lies in efficiently analyzing this data - especially across different data sources. Extended Detection and Response (XDR) reveal new possibilities with the help of AI.

XDR – A new weapon in the fight against cyber threats

When a company realizes that its protection concept has failed, it is often already too late. What to do? The Network Detection and Response (NDR) concept offers a new arsenal for cyber defense. Cybersecurity has so far been focusing on preventive measures. Once an attacker managed to get past these measures, the company network lays defenseless in front of them. Today, thanks to AI-supported network monitoring, such attacks can now be stopped, before it is too late.

Prevention is only half the battle

Read full article of “Digital Watchdog: Exeon Analytics’ software raises alarm when cybercriminals hack a network.” Discover how criminals target the IT infrastructure of a state or a company through an advanced persistent threat (APT) and how Exeon’s alarm system which is designed purely as a software-as-a-service (SaaS) solution protects leading companies.

Exeon is featured in the latest issue of Handelszeitung

In this interview, originally published by IT-markt, our CEO and Founder David Gugelmann talks about how Exeon strengthens the cybersecurity within companies with our AI-supported network monitoring. 

Detect and eliminate cyber threats before damage occurs

The March issue of the BILANZ business magazine contains an exciting article about Exeon and our CEO aka "Crime-Stopper" David Gugelmann. You can read the article in the following link

BILANZ Magazine

Smart Cyber Security made in Switzerland! That is what Exeon stands for. Thanks to DreamLab, Datastore AG and Swiss Cyber Security Days for making the diversity of Swiss Cybersecurity solutions visible! Check out the Swiss Cybersecurity Start-Up Map.

Switzerland is becoming a leading player in cybersecurity technologies

Exeon extends the ExeonTrace detection & response solution. ExeonTrace can now evaluate network, system and application log data for AI-supported detection of cyber threats. ExeonTrace automatically links this data and provides the analyst with an overall view.

Exeon takes the next step towards a comprehensive cybersecurity offering

The expert panel consisting of SIX, Cyverse and Exeon Analytics agree: Yes! For our CEO David Gugelmann the main competitive advantage of Zurich is clear: “Zurich is home to engineers who have received a world-class education.”

Read the whole article or re-watch the webinar in the following link.

Zurich as a cybersecurity Hotspot?

David Gugelmann, CEO & Founder of Exeon Analytics in the Podcast "upbeat" of HZ handelszeitung.ch/upbeat. Interview also available in Apple Podcast and Spotify (video and article in German).

HZ Interview, "How the startup Exeon gets through the corona crisis"

More than hundreds of thousands of Microsoft Exchange servers have been hacked globally, whereas the DACH region seems to be highly affected. This article explains how ExeonTrace can help to detect the intrusion through automated and manual network analysis.

How ExeonTrace can help detect the Microsoft Exchange hack

Zurich, February 15, 2021 - Various media are reporting today on a warning from the cybersecurity company Eset. The latter had reported that the hacker group "Evilnum" has been targeting Switzerland fintech companies since December 2020. With so-called spear phishing emails, i.e. attacks against selected targets in the company, recipients are to be tricked into clicking on a link to a ZIP file and extracting it.

Cyberattack on Swiss fintechs: surveillance can prevent fatal consequences

The remote code execution vulnerability against Apache Log4j2 [https://nvd.nist.gov/vuln/detail/CVE-2021-44228] is one of the most severe vulnerabilities we have seen for a long time. It’s so severe because the vulnerability is very easy to exploit and the Log4j logging library is used by many Java applications. Thus, one must assume that nearly any larger organization is potentially affected, either due to software developed in-house or via Java software provided by suppliers. After giving some background, we’ll explain how one can identify exploited systems using our ExeonTrace NDR software in this blog post.

Threat Hunting and Detection of the Log4j Exploit using the ExeonTrace NDR

Zurich, September 22, 2022 - With ExeonTrace, the Swiss security company Exeon Analytics offers an intrusion detection solution that goes far beyond the capabilities of traditional intrusion prevention systems (IPS). In particular, ExeonTrace can detect zero-day attacks, against which IPS solutions cannot provide protection due to their signature-based detection. While such systems are suitable for automated detection and defense against known attacks, they must be complemented by other security solutions for comprehensive protection. 

Reliable intrusion prevention even for encrypted network traffic and zero-day attacks

Digital transformation has witnessed a boost in recent years, especially in the wake of the COVID19 pandemic, which accelerated the adoption of digital technologies by several years in just a few months. Integrating digital technology in business has brought significant benefits. However, it also opened the door wide for new security risks and vulnerabilities.

The Importance of an NDR Solution to Early Detect Supply Chain Attacks in Corporate Networks

Exeon Analytics’ contribution to the NATO Cyber Defense Conference (CyCon 2019). Our research paper “Detection of Malicious Remote Shell Sessions”, to which researchers from ETH Zürich, Kudelski Security, armasuisse W+T and Exeon Analytics contributed, has been presented at this year’s CyCon. The publication is available in the following link.

CyCon 2019

We are proud to be winner of the factory1 program and are very happy to push forward our international expansion with Kapsch Group, a leading operator of critical infrastructure networks.

Winner of the Kapsch Factory1 Program

Exeon is expanding its Executive Management with an experienced Chief Marketing Officer. Gregor Erismann, who will take up the position on February 1, 2021, was previously a member of the Executive Board and CMO of the digital agency Namics. With this move, Exeon strengthens its Go-to-Market with the aim of becoming Europe's leading provider of Network Detection & Response solutions. 

Exeon strengthens Executive Team with experienced Chief Marketing Officer

Swisscom interviewed the StartUp Challenge alumni Exeon Analytics, Dotphoton and AAAccell. You can find the article in the following link.

Interview with Swisscom Startup Challenge Alumni

Today, most Network Detection and Response solutions rely on traffic mirroring and deep packet inspection (DPI). Traffic mirroring is typically deployed on a single core switch to provide a copy of the network traffic to a sensor which uses DPI to thoroughly analyse the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when it comes to encrypted network traffic. Metadata analysis has been specifically developed to overcome these limitations. By utilising metadata for analysis, network communications can be observed at any collection point and be enriched by information providing insights about encrypted communication.

Deep Packet Inspection vs. Metadata Analysis of NDR solutions

Swiss security company Exeon Analytics warns against relying only on traditional endpoint detection and response (EDR) solutions to secure endpoints. Numerous endpoints in modern, hybrid networks do not support the agents needed to do so, and where such agents are running, they can potentially be leveraged and disabled by sophisticated attacks. In addition, because of the trend toward home working and BYOD (Bring Your Own Device), IT and security teams often do not have access to privately owned employee endpoints that may also be used by additional family members. 


Exeon: EDR needs NDR for comprehensive security 

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be said about our company's core: the Exeon Team. Since the beginning of the year, our has grown by over 35%, and we are ambitious to expand further in the future. With this mini blog series, our new colleagues will provide personal insights into working at Exeon and how they experienced their first days. In this blog post, we interviewed Michael Tullius, our Sales Director for Germany.

My first month at Exeon – Michael Tullius, Sales Director Germany.

In almost every industry, start-ups have an innovative edge over larger enterprises. European start-ups, in particular, are excelling as "innovation wunderkinds" in the B2B space. In the cybersecurity industry, scale-ups like Exeon Analytics are setting new standards for innovation-led growth and product development.

Why Cybersecurity Start-ups are winning the Innovation Race

Swiss IT security company Exeon Analytics has enhanced the ExeonTrace NDR platform with cloud connectivity and new anomaly handling functionalities. The latest release significantly simplifies both the deployment and seamless operation of NDR in on-premise, cloud and hybrid environments. Like its predecessors, the current release is completely software-based and, unlike traditional solutions, does not require any additional hardware, reducing not only investments but also operating costs. The evolved architecture of the current version of ExeonTrace allows analysts to tailor the solution to their environment at the click of a button, and provides a flexible platform for deploying sophisticated and high-performance AI algorithms for intelligent detection of current threats, including zero-day exploits.

Exeon simplifies the deployment of Network Detection and Response

The Swiss cybersecurity company Exeon Analytics and the German EnBW Cyber Security GmbH have reached an agreement under which EnBW Cyber Security will distribute the Network Detection & Response (NDR) solution ExeonTrace in Germany and use it as a technical solution for the customers of its Security Operation Centre (SOC).

EnBW Cyber Security is partnering up with Exeon Analytics for managed service operations in Germany 

The Swiss security company Exeon Analytics was awarded the Cybersecurity & Privacy Solution of the Year Award sponsored by PwC at the Cyber Security Week in Luxembourg. A high-calibre jury awarded the prize to the Network Detection & Response (NDR) solution ExeonTrace for demonstrating excellence at all levels - from strategy to execution.

 Exeon wins the PwC Cybersecurity & Privacy Solution of the Year Award

I can’t do traffic mirroring in my own or my outsourcer’s network

I need to identify shadow IT

I am required to store network log data, but the huge data volume makes this very expensive

I don’t know whether I can trust the third-party applications in my network

Writing and maintaining SIEM use cases for network log data is cumbersome

It is cumbersome for security analysts to analyse the data stored in the SIEM

Network traffic encryption makes my tools, which rely on deep packet inspection, become blind

My SOC is flooded with alerts for networks that are irrelevant (e.g. guest WLANs) - Relevant alerts get lost

I need better threat detection than static IOCs

I don’t know exactly what is happening in my network

My current tools (e.g. IDS) create too many false alerts

Whitelisting systems in SIEMs is risky and inconvenient

On the 30th – 31st of March 2022, we will be attending the secIT in Hannover – the renowned conference for IT-Security-Experts. Our expert Michael Tullius will hold a presentation on the topic “ransomware attacks – and how modern network analysis can detect them before they cause significant damage”. Come by and visit us at stand 36.

SecIT, Hannover

On the 19th and 20th of September 2022, we will be attending the Rethink! IT Security in Hamburg - the leading European summit for IT and cybersecurity. Through an on-site booth and virtual matchmaking, we are looking forward to engaging and interacting with leading CISOs and IT security decision-makers.

Rethink! IT Security, Hamburg

As a forum for IT managers from the federal, state and local governments, the armed forces, European police authorities, the intelligence services, NATO, security solution providers and academia, Public-IT-Services (PITS) has been a crucial platform for exchanging views on new trends for more than ten years. Visit us at our booth. We look forward to seeing you!

PITS - Public-IT-Security, Hotel Adlon Berlin

We are excited to be part of this year’s Richmond IT Forum taking place on the 6th – 7thof April 2022 in Bad Ragaz. The aim of the conference is to provide senior industry professionals with access to new ideas, solutions and innovations that can drive their industries and businesses forward. We are looking forward to interesting keynotes, industry sessions and discussion groups.

Richmond IT Forum, Bad Ragaz

Our CEO & Founder Dr. David Gugelmann will join the information Security in Healthcare conference on the 31st of May 2022 as a speaker. The topic of the conference will be "The end of the pandemic - reflection and decision-making".

Information Security in Healthcare, Cham

This year we are participating in the Rethink! IT Security 2022 in Berlin from the 10th & 11th March 2022 - the summit around the topic of IT and cyber security. Both live in Berlin and online via the digital event platform hubs101, the leading IT security event brings together more than 200+ leading CISOs & IT security decision makers. Visit us at the Summit and discuss with us how your IT security can be protected more comprehensively.

Rethink! IT Security, Berlin

ISW is an established cybersecurity conference and exhibition where NTT Group companies and leading manufacturers present their latest cyber security solutions. Come to ISW in Frankfurt on 31st May and 1st June 2022 and meet our experts on-site. Learn how to eliminate vulnerabilities in time and detect potential threats early.

Information Security World (ISW) 2022, Frankfurt

We are excited to join the international Cyber Expo 2021 from the 29th - 29th of September at Olympia in London. We are looking forward to seeing you on-site.

International Cyber Expo, London

On November 11th, our COO Carola Hug will be speaking at the Women in Cyber Day to discuss how machine learning and big data can be used to detect hidden cyber threats in time. The Women in Cyber Day connects cyber professionals and provides a platform for exchange. Whether you are an expert, a professional or a student, you are welcome to attend.

Women in Cyber Security

Our Security Analyst Pilipp Leu will hold a session on "The adversary in your (cloud-)Network" at the Hacking Day 2021. The Hacking Day is a leading industry event with a keynote from the National Cyber Security NCSC.

Hacking day 2021 - Practical Session with Exeon

On the 26th - 27th of September 2022, we will be attending StrategieTage IT Security in the renowned "Schloss Bensberg". Through this exclusive networking platform, we will connect with industry leaders to discuss raising trends, developments, and innovation in the IT-Security sector.

StrategieTage IT Security V2, Cologne

We are very excited to be one of the five finalists for the cybersecurity & privacy solution of the year award by PwC Luxembourg. You can find more information about the event and pitching competition here.

PWC Cybersecurity & Privacy Day, Luxembourg

As the "Home of IT Security", it-sa stands for a comprehensive range of information, networking and knowledge transfer on data protection and IT security: it-sa Expo&Congress in Nuremberg brings IT security providers and IT security managers together in person. Online, the it-sa 365 dialog platform also brings them together between the exhibition dates under the motto "Solutions - Networking - Knowledge". We look forward to participating in it-sa this year and meeting you at our booth.

it-sa Expo & Congress, Nuremberg

The Cybersecurity Leadership Summit returns in November 8-10, 2022 to help senior leaders build an effective security posture to mitigate cyber risks and implement a culture of cyber awareness within your organization. Get first-hand experiences from CxOs, government officials and global academic experts as they address opportunities and challenges for enterprises along the intersection of security and business via engaging keynotes, panel sessions, and exclusive roundtables.

Cybersecurity Leadership Summit 2022, Berlin

We are excited to be part of the Swiss Cyber Storm Event in Berne on the 25th of October. Swiss Cyber Storm is the long established security conference setting the IT security agenda for Switzerland, where international speakers renown to a national audience. This audience stretches from students to techies, to security officers and CISOs.

Swiss Cyber Storm, Berne

On the 8th – 9thof November 2022 we will be visiting the Strategiegipfel Cyber Security in Berlin. The conference will assemble cybertech experts and industry leaders to address the implications of Cloud, ML, and AI on IT-Security.

Strategiegipfel Cyber Security, Berlin

We are excited to be part of the StrategieTage IT & IT Security on the 14th – 15th of November 2022 in Zurich. The conference will be a platform for C-levels and IT-Managers to exchange views on IT-strategies supporting the digital transformation of processes, products, and services.

StrategieTage IT & IT Security, Zurich

We are very pleased to participate in the traditional event of our partner ITRIS. Our CEO & Founder David Gugelmann will hold a speech on the topic "Future-proof Network Detection & Response for holistic visibility into enterprise networks".

ITRIS IT Security Day, Safenwil

And how ExeonTrace solves them

Securing corporate networks has become increasingly demanding and more critical than ever. Based on regular exchanges with industry-leading security experts, we have compiled some of the main challenges for Chief Information Security Officers. Discover how the network analysis platform ExeonTrace adds to corporate cyber resilience through the most advanced Network Detection and Response solution.

CISO Challenges of Corporate Network Protection

As CEO and owner of a fast moving logistics company, I cannot afford any system interruptions due to cyber incidents. With ExeonTrace, we have found a Swiss solution to monitor our network and quickly detect cyber threats.

PostFinance has chosen ExeonTrace because of its open and future-proof architecture. Not needing any hardware sensors  and being able to control data flows, we didn’t have to make any significant changes to our existing infrastructure. We are also convinced by the cooperation with the competent and technically outstanding Exeon team.

I’m highly impressed by the technical abilities of this Network Detection & Response solution. I can definitely sleep better knowing that we have ExeonTrace in our network.

For us as a managed security service provider, a reliable, fast and highly automated NDR solution like ExeonTrace is the key to long-term and satisfied customer relationships. We are therefore delighted to partner with the Exeon team!

We especially appreciate the comprehensive network visibility that ExeonTrace offers us. The anomaly detection is also extremely accurate and allows our analysts to focus on the essential threats.

Our mission is to make corporates more secure, provide quality cybersecurity solutions, and create awareness for cyber prevention rather than investing in damage control. For this, Exeon is a perfect partner!

As Co-CEO of alabus, a hidden champion in the field of business process optimization, protecting the data of our Swiss and international customers is of utmost importance to me. I rely on ExeonTrace to do this and am excited about how this solution helps us understand and secure our network.

Log data by x100

Raw traffic by x10'000

(incl. system and application logs)

E.g. data from firewalls, NetFlow, Secure Web Gateways, IPFIX, native clouds (Google, Amazon, Azure) 

ExeonTrace algorithms are built to also analyse cloud data. We currently support all clouds that can provide network flow data (e.g. AWS, GCP, Azure).

1. What is ExeonTrace’s strategic approach for companies moving workloads to cloud?

By relying on NetFlow which exports metadata about all communication that pass through all monitored network devices (also virtualised) it is possible to get a complete coverage of the own infrastructure. ExeonTrace monitors all endpoints for which it receives data. ExeonTrace offers the possibility to integrate with a CMDB and query DNS for hostname resolution. 

2. What network discovery and asset tracking capabilities does ExeonTrace have?

ExeonTrace can integrate events of EDR or XDR solutions into our correlation or feed our detection events into a SIEM solution. ExeonTrace relies on third-party products (i.e. SOAR, Firewalls) to trigger responses via API calls. Information provided by the CMDB can be used for the analysis as well.

 3. Does the product integrate with other sources or products to enrich detections or orchestrate a response action (i.e. - XDR, EDR, SOAR, etc)?  

Light-weight network log data

Stored in graph database with data reduction compared to input data by the factor x100 

The ExeonTrace NDR detection models are unaffected by encrypted payloads because they are designed to detect patterns based on metadata. Thus, the detection capabilities are independent of traffic encryption.

1. What is ExeonTrace’s approach to handling encrypted traffic?

The ExeonTrace analytics stack uses independent life-cycle policies for the raw logs and for the highly aggregated log data stored in the built-in graph database (reduction ~ 100x compared to incoming NetFlow/Corelight logs). The graph database contains all relevant information required to run the detection models and to conduct investigations and threat hunting. Thus, if desired, one can quickly delete the raw logs from the system to reduce storage space. With such a policy, 1 TB of storage can be sufficient to store a history of 3 months of traffic for 10'000 internal endpoints in the graph database. 

2. How are network traffic and meta data stored in ExeonTrace?  

Full representation of IT activities

High-end visualisation, intuitive GUI, fast and interactive drilldowns

The ExeonTrace NDR shows all connections inside a network in a very intuitive way using specialised visualisations. These views show relevant information like active services, clients-server interactions, used protocols and so on. Besides incident handling support and threat hunting, these visualisations provide a very intuitive way to identify shadow IT. malesuada ullamcorper 

1. How can ExeonTrace be used to improve network visibility and network monitoring?

In the visualisation, ExeonTrace offers filtering based on geoip, network ranges or ips, protocols and traffic volume. ExeonTrace will classify the direction of each flow, so that it is possible to filter for clients and server connections. For traffic filtering of the input, tcpdump-like filters are supported.

2. How can traffic be filtered?

 We provide different roles for the different user groups. While regular users can only access information dashboards, other roles allow for configuration capabilities of different levels. We provide a manual that can be downloaded directly from the GUI.

3. Do the graphical user interface(s) of ExeonTrace differ for the various user groups?

Visibility

Supervised and unsupervised ML models, expert use cases, threat correlation, integrate additional logs

Proxy/secure web gateways & DNS log data to detect hidden c&c channels or other policy violations, active directory to correlate user login behaviour. ExeonTrace offers detailed visualisation dashboards that enable threat hunting and a complete overview of all network activities.

1. Beyond traditional network detections, what other type of detection functionality does ExeonTrace have and in what environments?

 ExeonTrace network module is focused on reconnaissance, lateral movement, command and control and exfiltration. By incorporating AD we can also detect account discovery and credential access techniques. The descriptions of various detection events rely on the definitions of the MITRE ATT&CK framework.

2. What MITRE ATT&CK Integration is available with the solution? Does the product classify detections by ATT&CK technique?

The ExeonTrace NDR analyses L3/L4 via Netflow and L7 data for DNS. The corelight sensors analyse all ISO/OSI layers and can for example extract files from HTTP streams.

3. Which ISO/OSI layers and supported protocols can ExeonTrace interpret to detect events?

Anomaly Detection

Graphic representation of security incidents, incident prioritisation, API triggering alerting and response

Alarms are visualized on the built-in dashboard. Further, alarms can be forwarded via REST APIs to a SIEM, ticketing solution or SOAR system, or be sent via mail. Reports show the number of confirmed/whitelisted anomalies. Also, the system health is exposed via the dashboard and the REST API.

ExeonTrace Xlog

Turn NDR into XDR

Extend your cyber security capabilities and processes with ExeonTrace Xlog

Extend Your Analytics

Reduce the workload

Xlog, the analytics toolbox for your custom log data

Artificial Intelligence

Enhanced Visibility

Fast detection with minimum false alarms

More storage and faster data retrieval

Unique algorithms

Xlog Module: Cross-data threat detection

Better events

Better detection

Better alerts

Better response