Overview

ExeonTrace is a next-generation Network Detection and Response (NDR) platform developed by Swiss cybersecurity company Exeon Analytics. Leveraging advanced AI and machine learning algorithms, ExeonTrace provides comprehensive visibility into network data flows, enabling organizations to detect and respond to cyber threats in real time. Unlike traditional solutions that rely on deep packet inspection, ExeonTrace analyzes lightweight traffic metadata, eliminating the need for expensive traffic mirroring and preserving data privacy. This approach allows for efficient monitoring across IT, cloud, and OT infrastructures, ensuring that potential threats are identified and mitigated promptly. The platform's modular architecture offers tailored solutions for various data sources, enhancing its adaptability to diverse organizational needs.

Features and Capabilities

• Correlation Engine: Utilizes AI to combine and correlate relevant data across all available sources, providing a comprehensive view for visibility, threat detection, assessment, investigation, hunting, and response.
• Incident Assessment: Employs algorithms to automatically assess and prioritize detected security incidents, minimizing false alarms and helping security teams focus on critical cases.
• SecurityDB: A graph database that efficiently stores processed and enriched security data with minimal data volume—up to 50 times less than raw log data—facilitating scalability and long-term event history retention.
• Dashboard & Reporting: Features a customizable dashboard, analytics, and reporting tools for various incidents, along with an intuitive user interface for operating the ExeonTrace solution.
• Alerting System: Includes a core threat alerting system and a REST API to integrate alerts into other systems like ticketing systems, SIEMs, SOC platforms, or SOARs.
• Data Lake (optional): Offers the option to integrate with existing data lakes in platforms like Splunk or Elasticsearch, or to utilize ExeonTrace’s own cost-effective data lake solution.
• Incident Handling: Allows for direct resolution of issues within ExeonTrace’s user interface.

Modules

• Network Module: Analyzes internal and external network traffic using data from NetFlow, IPFIX, Corelight, and DNS. Detects APT attacks, monitors network visibility, analyzes access patterns for internal services, identifies internal shadow IT, and performs blacklist matching.
• Web Module: Monitors web activities of internal devices through proxy logs of SSL/TLS-intercepting secure web gateways. Detects APT attacks, hidden data leaks, external shadow IT, unauthorized and outdated devices, and performs identification and blacklist matching.
• Xlog Module: Provides cross-data threat detection by analyzing additional security-relevant log data. Enhances event detection, alerting, and response capabilities.