The Challenge

Cyber incidents such as ransomware attacks, data breaches and IT disruptions, as well as the associated risks of business disruption in a dynamic IT/OT landscape, put companies on alert.

Distributed or hybrid networks are difficult to analyze and monitor. Added to this are the new compliance regulations, such as the NIS2 directive and the Digital Operational Resilience Act (DORA), which make management liable in the event of inadequate IT security measures. The right choice of suitable security solutions, risk assessments and ongoing training is imperative.

AppOmni

Exeon Analytics – the Solution from NetDescribe

ExeonTrace, the leading network security solution, uses machine learning for comprehensive network monitoring, providing instant detection of potential cyber threats and enabling fast and efficient responses to protect your organization.

As a reliable and intuitive software solution, ExeonTrace not only supports your security teams in their daily tasks, but also takes your network security to the next level.

So how does an AI-supported solution work? ExeonTrace’s algorithms create a unified view from the metadata, enabling companies to continuously analyze and monitor IT, cloud and OT networks via a single application. This prevents attackers from moving undetected between these environments, exploiting vulnerabilities, penetrating the infrastructure or bypassing existing security measures.

How ExeonTrace works
ExeonTrace analyzes security-relevant log data from the network and systems. As a software-only solution, ExeonTrace uses the company infrastructure (i.e. firewalls, switches, etc.) as data sensors and does not require any additional hardware appliances or sensors.

ExeonTrace’s future-proof approach is based on metadata analysis and therefore does not require traffic mirroring. ExeonTrace’s AI algorithms are specifically designed to analyze encrypted data that cannot be analyzed with traditional Network Detection & Response (NDR) solutions. ExeonTrace also enables analysis of multiple data sources, including native cloud applications, making it the leading solution for highly virtualized and distributed networks.

Why Exeon does not work with traffic mirroring: Most network traffic is already encrypted today. Conventional NDR solutions based on traffic mirroring are therefore unable to inspect a large proportion of this network traffic. In addition, ever-increasing bandwidths make traffic mirroring either very expensive or even completely impossible. In contrast, the metadata used by ExeonTrace can be collected simply by exporting the logs from the existing infrastructure.

The collected metadata is then mapped as actions in the network. These in turn are combined into traces. A trace therefore represents a chain of actions that can be assigned to an arbitrary user. Every attacker leaves behind such a trace without the possibility of preventing it. It is precisely these traces that are analyzed by the machine learning model in order to identify potentially harmful behaviour.

The goal of every company is to increase security and meet legal requirements simultaneously – preferably both at the same time.

And that’s exactly what Exeon Trace allows you to do: link Zero Trust with compliance and cybersecurity regulations as well as other important security standards.

To improve compliance with regulations such as NIS2, HIPAA and GDPR, it is crucial to understand their specific requirements and identify data protection needs, access controls and security measures. Zero trust strategies such as implementing micro-segmentation, following the principle of least privilege and using encryption for data transmission and storage are essential.

Network detection and response (NDR) is critical to combining a zero trust strategy with compliance regulations. NDR improves cybersecurity and helps organizations meet regulatory requirements. Through monitoring and surveillance, NDR provides deep visibility into network traffic and analyzes patterns and behaviors to detect anomalies and potential threats and support timely incident response.

Learn how NetDescribe and Exeon can help you take your security strategy to the next level.

ExeonTrace’s modular design allows you to tailor the advanced NDR solution to your exact needs. The platform is the central brain of ExeonTrace, powering the modules and correlating network events across multiple sources.

Correlation Engine
Cross data source algorithms to combine and correlate relevant security data from all available systems to give you a unified, complete picture for visibility, detection, assessment, investigation and response.

SecurityDB
Graph database for efficient storage of enriched security data. With up to 50x less data volume than log data! For high scalability and storage of a long event history.

Alerting System
ExeonTrace’s alerting functionality, as well as a REST API to feed alerts into other systems such as your ticketing system, SIEM, SOC platform or SOAR.

Incident Handling
User interface to handle incidents directly in ExeonTrace.

Incident Assessment
Algorithms to automatically assess and prioritize detected security incidents. To minimize false positives and help your team focus on the right incidents.

Dashboard & Reporting
Customizable dashboard. Evaluation and reporting of the various incidents, as well as a general, intuitive user interface for operating ExeonTrace.

Data Lake (Option)
Do you already have a data lake in Splunk or Elasticsearch to store your log data? Very good, we are happy to use it. If you don’t have one, or only partially, you can use ExeonTrace’s powerful and cost-effective data lake.

The modules offer specialized AI functions for collecting, processing, analysing and visualizing data as well as for detecting and investigating threats from specific data sources.

Data collectors: Powerful software collectors for the efficient collection of huge amounts of system data. This makes hardware sensors superfluous.

Processing Engine: High performance AI to create source-specific enriched security data.

Visualizations: Dedicated and intuitive visualizations for the respective data sources and their threat scenarios.

Detection-Analysis: Ready-to-use AI-based analysis algorithms and use cases that have been specially developed for the respective data sources and their threat scenarios.

AI-powered investigation: Optimized views for investigation and guided threat hunting for the respective data sources and their threat scenarios.

The modules make your network more secure and smarter – together or individually:

Network Module: Monitoring of internal & external network traffic for NetFlow, IPFIX, Corelight & DNS

  • Detection of ATP attacks
  • Network transparency
  • Analysis of access patterns for internal services
  • Uncover internal shadow IT
  • Blacklist matching

Web module: Monitoring of web activities of internal devices (proxy/secure web gateway) for proxy logs of SSL/TLS-monitoring secure web gateways

  • Detection of ATP attacks
  • Detection of hidden data leaks
  • Detect external shadow IT
  • Unauthorized and outdated devices
  • Identification
  • Blacklist matching

Xlog module: Cross-data threat detection for additional security-related log data

  • Better events – Enriched, aggregated and correlated across multiple data sources. Stored efficiently.
  • Better detection – correlation and enrichment of network events with host log data
  • Better alerts – Combination of alerts generated by host-based and network-based security tools to filter false positives and generate high quality consolidated alerts.
  • Better response

Cloud-based cyber security offers cost efficiency through the consumption-based model and scalable resources without high upfront investments. Cloud providers handle maintenance, updates and security patches and enable remote monitoring and management. On-premise solutions require high upfront investment and long-term maintenance, but offer maximum customizability, control over infrastructure and data, and lower latency for real-time threat detection. They are more resilient to physical disasters and provide greater security for institutions with strict data protection requirements.

Risks of the cloud include potential Trojan infections, inadequate encryption, reliance on internet connections and complex regulatory compliance. Companies in regulated industries often prefer on-premises solutions because of complete data control, better performance and reliability, and customizability.

ExeonTrace is a flexible Network Detection & Response (NDR) platform that can be installed in the cloud or on-premises. It uses network metadata for analysis, requires no expensive mirroring or decryption and is easy to deploy and maintain. ExeonTrace optimally adapts to specific requirements.

Quick set-up
Within a few hours, no sensors or agents required.

Comprehensive visibility
Unified view of distributed NW, endpoints and applications.

Monitoring of your entire IT/OT network
Identify malicious attack patterns and vulnerabilities (compromised services, shadow IT, etc.) in real time.

No interference through encryption
Algorithms are not affected by encrypted data content as metadata analysis is used to detect attack patterns, not deep packet inspection.

Lightweight log data
Analysis of lightweight network log data instead of traffic mirroring. Metadata can be streamed from existing network sources (switches, firewalls, etc.) without hardware sensors.

Smart detection
Powerful AI and proven algorithms.

Intelligent data handling
Minimal memory requirements with full data control.

Powerful response
Fast assessment, investigation and response.

Future proof
Ready for increasing data traffic and encryption.

Downloads

ExeonTrace-factsheet-2024-En

Book your personal appointment right now

Put your IT performance to the test. For which requirement have you always been looking for a solution? NetDescribe will get you there – with independent advice, reliable support and proven use cases.

Set up an appointment

Blog

Interesting facts from the IT world