Use Cases: APTs, Ransomware, Shadow IT, and more

Security teams face numerous challenges in the pursuit of keeping company networks secure. By offering advanced intrusion detection and efficient detection and investigation capabilities, ExeonTrace can solve various challenges, such as data breaches, ransomware, shadow IT, visualisations, and security policies.

Case 01

Hidden data breaches through APT

Finding Advanced persistent threats (APTs) with AI-powered detection enabling automated threat hunting.

Use Case 01

Automated detection of C&C channels

Based on AI algorithms, ExeonTrace detects covert communication channels to the outside that are hidden within billions of regular DNS and web traffic activities. ExeonTrace’s algorithms can identify novel communication channels used by APTs, for which no signatures exist yet.

Easy navigation through the attack pattern

ExeonTrace’s UI navigates you directly to the browsing tree or DNS activities of the malicious endpoint and singles out the suspicious activities to the malicious domain. Complete visibility for a quick and easy response.

Verification of the response

After the attack has been contained and the malicious domain has been blocked, ExeonTrace automatically verifies that all malware has been removed and no C&C channel is active anymore. No alert is overlooked.

Case 02


Ransomware attacks typically go through different phases that span from days to months. ExeonTrace allows you to immediately detect attacks and react early before the attackers press the kill switch that encrypts your network.

Case 02

Ransomware settling in your network

Discover advanced ransomware starting to initiate hidden communication to the outside (e.g. hidden DNS, HTTP or HTTPS channels).

Ransomware spreading in your network

Detect ransomware scanning your network and endpoints, initiating communication with other internal endpoints deviating from standard communication patterns.

Ransomware collecting and stealing data

ExeonTrace detects internal endpoints collecting data from within the network. Furthermore, ExeonTrace detects endpoints sending abnormal amounts of data to the outside or sending data to unusual destinations.

Ransomware encrypting files on shares

ExeonTrace analyses SMB data flows to detect clients reading and writing large amounts of data, which is a typical signal for ransomware encrypting data on file shares.

Case 03

Shadow IT

Inventories and blacklists are often not updated, resulting in internal and external shadow IT threats. ExeonTrace can detect both.

Case 03

Internal shadow IT: Rogue devices and unmonitored services in your own network

ExeonTrace automatically correlates network activities with your CMDB to detect rogue devices and unmonitored services. You don’t have an up-to-date CMDB in place? ExeonTrace allows you to build one based on your network data.

External shadow IT: Use of unauthorised cloud services, file-sharing platforms and other web tools

Employees often find a weakness in the web proxy blacklist configuration and upload data to cloud services, file-sharing platforms or other productivity web tools like file format converters. ExeonTrace detects such activities and allows you to enhance your blacklists.

Case 04

Visualize your threat exposure

You can’t protect what you can’t see. ExeonTrace’s graph database, combined with specialised visualisations, allows you to easily browse billions of raw data points.

Case 04

See internal services exposing data to the outside

ExeonTrace shows you all internal services accessed by hosts from the Internet in a single view.

Drill down from services to clients, to raw log data

ExeonTrace provides powerful drilldown views that are reachable with the click of a button. Zoom in from aggregated events to raw log data to understand your cyber threat exposure at different granularity levels.

Providing context during exposure analysis through data enrichment

ExeonTrace enhances displayed endpoints with CMDB data, information about network zones, active DNS resolution or even data collected by endpoint agents.

Case 05

Enforce your security policies

Easily register your security policies in ExeonTrace to monitor and enforce them.

Case 05

Define expected communication paths with the internet

Ensure that all internal clients respect your Internet access policy, such as the mandatory use of a proxy. Detect external clients which access your internal services via unauthorised channels.

Secure your critical server infrastructure

Verify that access to your critical server infrastructure is exclusively performed through your jump host architecture. Alert if an unauthorised endpoint accesses the server infrastructure.

Monitor administration and legacy protocols

Monitor the use of administration protocols, such as SSH or RDP, in your network. Detect the use of such protocols by unauthorised clients. Verify that legacy protocols, such as Telnet or FTP, are no longer or only used within your network in exceptional cases.

Haven't found a use case for you?

We would gladly discuss your specific use cases in a tailored demonstration of the ExeonTrace Platform.