Automated detection of C&C channels
Based on AI algorithms, ExeonTrace detects covert communication channels to the outside that are hidden within billions of regular DNS and web traffic activities. ExeonTrace’s algorithms can identify novel communication channels, as used by APTs, for which no signatures exist yet.
Easy navigation through the attack pattern
ExeonTrace’s UI navigates you directly to the browsing tree or DNS activities of the malicious endpoint and singles out the suspicious activities to the malicious domain. Full visibility for a quick and easy response.
Verification of the response
After the attack has been contained and the malicious domain has been blocked, ExeonTrace automatically verifies that all malware has been removed and no C&C channel is still active. No alert is overlooked.
Ransomware settling in your network
Discover advanced ransomware starting to initiate hidden communication to the outside (e.g. hidden DNS, HTTP or HTTPS channels)
Ransomware spreading in your network
Detect ransomware scanning your network and endpoints initiating communication with other internal endpoints deviating from their normal communication pattern.
Ransomware collecting and stealing data
ExeonTrace detects internal endpoints collecting data from within the network. Furthermore, ExeonTrace detects endpoints sending abnormal amounts of data to the outside or sending data to unusual destinations.
Ransomware encrypting files on shares
ExeonTrace analyzes SMB data flows to detect clients reading and writing large amounts of data, which is a typical signal for ransomware encrypting data on file shares.
Internal Shadow IT: Rogue devices and unmonitored services in your own network
ExeonTrace automatically correlates network activities with your CMDB to detect rogue devices and unmonitored services. You don’t have an up-to-date CMDB in place? ExeonTrace allows you to build one based on your network data.
External Shadow IT: Use of unauthorized cloud services, file sharing platforms and other web tools
Employees often find weakness in the web proxy blacklist configuration and upload data to cloud services, file sharing platforms or other productivity web tools like file format converters. ExeonTrace detects such activities and allows you to enhance your blacklists.
See internal services exposing data to the outside
ExeonTrace shows you all internal services which are accessed by hosts from the Internet in a single view.
Drill down from services to clients, to raw log data
ExeonTrace provides powerful drilldown views that are reachable with the click of a button. Zoom-in from aggregated events to raw log data to understand your cyber threat exposure at different granularity levels.
Providing context during exposure analysis through data enrichment
ExeonTrace enhances displayed endpoints with CMDB data, information about network zones, active DNS resolution or even data collected by endpoint agents.
Define expected communication paths with the Internet
Ensure that all internal clients respect your Internet access policy, such as the mandatory use of proxy. Detect external clients which access your internal services via unauthorized channels.
Secure your critical server infrastructure
Verify that accesses to your critical server infrastructure are exclusively performed through your jump host architecture. Alert if an unauthorized endpoint accesses the server infrastructure.
Monitor administration and legacy protocols
Monitor the use of administration protocols, such as SSH or RDP, in your network. Detect the use of such protocols by unauthorized clients. Verify that legacy protocols, such as Telnet or FTP, are no longer or only in exceptional cases used within your network.