Exeon Threat Report

Problem: Unnoticed data leaks

Cyber attackers and malicious insiders regularly circumvent IT protection measures and breach highly sensitive data. Such breaches often happen in plain sight, hidden in millions of regular activities caused by the web browsing of employees and remain undetected over several months. The current average detection time for a data breach is nearly 200 days. For example, 20 GB of data was stolen this way during a cyber attack against the Swiss defence company Ruag, which remained undetected for more than a year.

Order a security review

Our Exeon Threat Report security review assesses the security state of your internal network by analyzing web proxy log data (your internal devices' outgoing web traffic) and/or flow and DNS log data. ExeonTrace's big data algorithms and machine learning extract hidden information from millions of network records. This enables the quick detection and containment of data breaches. ExeonTrace is easy and light-weight to deploy, as it loads network log data from Splunk, Elasticsearch or raw files. Our engineers deploy ExeonTrace on-site in your data center, analyze your network traffic and provide you with our Exeon Threat Report.

Exeon Threat Report

Problem: Unnoticed data leaks

Cyber attackers and malicious insiders regularly circumvent IT protection measures and breach highly sensitive data. Such breaches often take place over several months – the current average detection time for a data breach is nearly 200 days – and happen in plain sight, hidden in millions of regular IT activities. For example, 20 GB of data was stolen this way during a cyberattack against the Swiss defense company Ruag, which remained undetected for more than a year.

Order a security review

Our Exeon Threat Report security review assesses the security state of your internal network by analyzing web proxy log data (your internal devices' outgoing web traffic) and/or flow and DNS log data. ExeonTrace's big data algorithms and machine learning extract hidden information from millions of network records. This enables the quick detection and containment of data breaches. ExeonTrace is easy and light-weight to deploy, as it loads network log data from Splunk, Elasticsearch or raw files. Our engineers deploy ExeonTrace on-site in your data center, analyze your network traffic and provide you with our Exeon Threat Report.

Offering

Package 1: Secure Web Gateway Analysis

Package 2: Flow and DNS Analysis

Analysis of the web activities of your internal devices.

  • APT attack detection:
    • Hidden HTTP(S)-based command and control channels
    • Malware using Domain Generation Algorithms (DGAs)
  • Detection of hidden data leaks such as browser plugins or software collecting data
  • External shadow IT: Detection of unauthorized cloud services and uploads
  • Unauthorized and outdated devices: Clustering of the activities from machine-to-machine (M2M) devices for outlier detection
  • Identification of unregistered and unauthenticated proxy access
  • Correlation with selected threat feeds (blacklists)

Requirements: The log data is stored in Elasticsearch, Splunk or as raw files. Web traffic logs recoded by SSU/TLS-intercepting secure web gateway (proxy logs).

Analysis of your internal & external network traffic.

  • APT attack detection:
    • Lateral movement: Unwanted cross talking inside your corporate   network
    • Horizontal and vertical scanning activities inside your corporate network
    • Malware using Domain Generation Algorithms (DGAs)
    • Covert DNS: Hidden data leakage via Domain Name System (DNS)
  • Discovery of unusual services in your network
  • Discovery of mis-configurations in your firewalls allowing access to internal services
  • Correlation with selected threat feeds (blacklists)

Requirements: Firewall(s) capable of exporting NetFlow v5/v9 or IPFIX log data. DNS logs recorded by a resolver or network sensor. Flow and DNS log data is stored in Elasticsearch, Splunk or directly sent to ExeonTrace.

Request a Demo

Offering

Package 1: Secure Web Gateway Analysis

Analysis of the web activities of your internal devices.

  • APT attack detection:
    • Hidden HTTP(S)-based command and control channels
    • Malware using Domain Generation Algorithms (DGAs)
  • Detection of hidden data leaks such as browser plugins or software collecting data
  • External shadow IT: Detection of unauthorized cloud services and uploads
  • Unauthorized and outdated devices: Clustering of the activities from machine-to-machine (M2M) devices for outlier detection
  • Identification of unregistered and unauthenticated proxy access
  • Correlation with selected threat feeds (blacklists)

Requirements: The log data is stored in Elasticsearch, Splunk or as raw files. Web traffic logs recoded by SSU/TLS-intercepting secure web gateway (proxy logs).

Package 2: Flow and DNS Analysis

Analysis of your internal & external network traffic.

  • APT attack detection:
    • Lateral movement: Unwanted cross talking inside your corporate   network
    • Horizontal and vertical scanning activities inside your corporate network
    • Malware using Domain Generation Algorithms (DGAs)
    • Covert DNS: Hidden data leakage via Domain Name System (DNS)
  • Discovery of unusual services in your network
  • Discovery of mis-configurations in your firewalls allowing access to internal services
  • Correlation with selected threat feeds (blacklists)

Requirements: Firewall(s) capable of exporting NetFlow v5/v9 or IPFIX log data. DNS logs recorded by a resolver or network sensor. Flow and DNS log data is stored in Elasticsearch, Splunk or directly sent to ExeonTrace.

Request a Demo

ExeonThreatReport Factsheet

Please enter your information below to download our ExeonThreatReport factsheet.

I confirm that I have read and accepted the Terms of Service and Privacy Policy.

I want to receive the Exeon Analytics Newsletter.