ExeonTrace

Big data solution for cyber security

Cyber attackers and malicious insiders regularly circumvent IT protection measures and breach highly sensitive data. Such breaches often take place over several months – the current average detection time for a data breach is nearly 200 days – and happen in plain sight, hidden in millions of regular IT activities. For example, 20 GB of data was stolen this way during a cyberattack against the Swiss defense company Ruag, which remained undetected for more than a year.

ExeonTrace

Big data solution for cyber security

Cyber attackers and malicious insiders regularly circumvent IT protection measures and breach highly sensitive data. Such breaches often take place over several months – the current average detection time for a data breach is nearly 200 days – and happen in plain sight, hidden in millions of regular IT activities. For example, 20 GB of data was stolen this way during a cyberattack against the Swiss defense company Ruag, which remained undetected for more than a year.

Main advantages

  • Award winning algorithms for network traffic analysis
    Our ML algorithms can identify cyber attacks and breaches among millions of regular network activities.
  • Analysis of existing log data
    ExeonTrace analyzes the log data generated by commodity secure web gateways (prox logs), DNS resolvers and firewalls.
  • Integrates with Splunk and Elasticsearch
    ExeonTrace loads log data for analysis from SIEM solutions like Splunk and Elasticsearch, or simply from raw files.
  • Easy and light-weight to set up
    ExeonTrace is based on Docker. Deploying ExeonTrace takes less than a day.
  • Software-only solution
    No data leaves your organization: ExeonTrace is deployed on-site or in a cloud.

Solution: ExeonTrace

ExeonTrace is a software-only solution that does not require additional hardware sensors in your network. Instead, ExeonTrace analyzes log data, collected by commodity network devices. Contrary to other providers, ExeonTrace is able to analyze and correlate various log data sources and thus represents a holistic solution combining specialized algorithms for the analysis of proxy log and NetFlow data with event log data. Therefore, not only your web data is analyzed, but also other network and event data.

Solution: ExeonTrace

ExeonTrace is a software-only solution that does not require additional hardware sensors in your network. Instead, ExeonTrace analyzes log data, collected by commodity network devices. Contrary to other providers, ExeonTrace is able to analyze and correlate various log data sources and thus represents a holistic solution combining specialized algorithms for the analysis of proxy log and NetFlow data with event log data. Therefore, not only your web data is analyzed, but also other network and event data.

Main advantages

  • Award winning algorithms for network traffic analysis
    Our ML algorithms can identify cyber attacks and breaches among millions of regular network activities.
  • Analysis of existing log data
    ExeonTrace analyzes the log data generated by commodity secure web gateways (prox logs), DNS resolvers and firewalls.
  • Integrates with Splunk and Elasticsearch
    ExeonTrace loads log data for analysis from SIEM solutions like Splunk and Elasticsearch, or simply from raw files.
  • Easy and light-weight to set up
    ExeonTrace is based on Docker. Deploying ExeonTrace takes less than a day.
  • Software-only solution
    No data leaves your organization: ExeonTrace is deployed on-site or in a cloud.

ExeonTrace in detail

Our flagship solution ExeonTrace is based on award-winning research conducted at ETH Zurich. ExeonTrace's big data algorithms and machine learning extract hidden information from millions of IT records. ExeonTrace analyzes and correlates:

  • network traffic logs (Proxy, Flow and DNS)
  • event logs (Windows events, active directory logs)
  • configuration management database (CMDB)

Data logs can be loaded from Splunk, Elasticsearch or raw log files.
We support our customers in setting up the collection of data logs.

The result is the quick detection and containment of data breaches caused by sophisticated cyber-attackers, browser plug-ins and other software that put an organization's privacy at risk. Further, ExeonTrace's threat hunting and drilldown modules provide detailed visibility into network traffic, allowing organizations to identify shadow IT services as well as outdated and misconfigured systems.

ExeonTrace seamlessly integrates further data logs into its analysis such as Windows event logs, active directory logs or information from a configuration management database. Customers can import or manually define custom rules that match against any data log to (i) learn whether they are effected by an emerging cyber threat and (ii) to protect themselves against cyber threats in general.

Use Cases

ExeonTrace in detail

Our flagship solution ExeonTrace is based on award-winning research conducted at ETH Zurich. ExeonTrace's big data algorithms and machine learning extract hidden information from millions of IT records. ExeonTrace analyzes and correlates:

  • network traffic logs (Proxy, Flow and DNS)
  • event logs (Windows events, active directory logs)
  • configuration management database (CMDB)

Data logs can be loaded from Splunk, Elasticsearch or raw log files. We support our customers in setting up the collection of data logs.

The result is the quick detection and containment of data breaches caused by sophisticated cyber-attackers, browser plug-ins and other software that put an organization's privacy at risk. Further, ExeonTrace's threat hunting and drilldown modules provide detailed visibility into network traffic, allowing organizations to identify shadow IT services as well as outdated and misconfigured systems.

ExeonTrace seamlessly integrates further data logs into its analysis such as Windows event logs, active directory logs or information from a configuration management database. Customers can import or manually define custom rules that match against any data log to (i) learn whether they are effected by an emerging cyber threat and (ii) to protect themselves against cyber threats in general.

Use Cases

ExeonTrace Subscription

Would you like to use ExeonTrace to protect your company? Our annual subscription includes

  • Software license
  • A support package including service days for setup, training and support through our engineers

The pricing depends on the chosen analysis packages and the number of active internal IP addresses. Please contact us for more information or a live demonstration of ExeonTrace.

Package 1: Secure Web Gateway Analysis

Package 2: Flow and DNS Analysis

Analysis of the web activities of your internal devices.

  • APT attack detection:
    • Hidden HTTP(S)-based command and control channels
    • Malware using Domain Generation Algorithms (DGAs)
  • Detection of hidden data leaks such as browser plugins or software collecting data
  • External shadow IT: Detection of unauthorized cloud services and uploads
  • Unauthorized and outdated devices: Clustering of the activities from machine-to-machine (M2M) devices for outlier detection
  • Identification of unregistered and unauthenticated proxy access
  • Correlation with selected threat feeds (blacklists)

Requirements: The log data is stored in Elasticsearch, Splunk or as raw files. Web traffic logs recoded by SSU/TLS-intercepting secure web gateway (proxy logs).

Analysis of your internal & external network traffic.

  • APT attack detection:
    • Lateral movement: Unwanted cross talking inside your corporate   network
    • Horizontal and vertical scanning activities inside your corporate network
    • Malware using Domain Generation Algorithms (DGAs)
    • Covert DNS: Hidden data leakage via Domain Name System (DNS)
  • Discovery of unusual services in your network
  • Discovery of mis-configurations in your firewalls allowing access to internal services
  • Correlation with selected threat feeds (blacklists)

Requirements: Firewall(s) capable of exporting NetFlow v5/v9 or IPFIX log data. DNS logs recorded by a resolver or network sensor. Flow and DNS log data is stored in Elasticsearch, Splunk or directly sent to ExeonTrace.

ExeonTrace Subscription

Would you like to use ExeonTrace to protect your company? Our annual subscription includes

  • Software license
  • A support package including service days for setup, training and support through our engineers

The pricing depends on the chosen analysis packages and the number of active internal IP addresses. Please contact us for more information or a live demonstration of ExeonTrace.

Package 1: Secure Web Gateway Analysis

Analysis of the web activities of your internal devices.

  • APT attack detection:
    • Hidden HTTP(S)-based command and control channels
    • Malware using Domain Generation Algorithms (DGAs)
  • Detection of hidden data leaks such as browser plugins or software collecting data
  • External shadow IT: Detection of unauthorized cloud services and uploads
  • Unauthorized and outdated devices: Clustering of the activities from machine-to-machine (M2M) devices for outlier detection
  • Identification of unregistered and unauthenticated proxy access
  • Correlation with selected threat feeds (blacklists)

Requirements: The log data is stored in Elasticsearch, Splunk or as raw files. Web traffic logs recoded by SSU/TLS-intercepting secure web gateway (proxy logs).

Package 2: Flow and DNS Analysis

Analysis of your internal & external network traffic.

  • APT attack detection:
    • Lateral movement: Unwanted cross talking inside your corporate   network
    • Horizontal and vertical scanning activities inside your corporate network
    • Malware using Domain Generation Algorithms (DGAs)
    • Covert DNS: Hidden data leakage via Domain Name System (DNS)
  • Discovery of unusual services in your network
  • Discovery of mis-configurations in your firewalls allowing access to internal services
  • Correlation with selected threat feeds (blacklists)

Requirements: Firewall(s) capable of exporting NetFlow v5/v9 or IPFIX log data. DNS logs recorded by a resolver or network sensor. Flow and DNS log data is stored in Elasticsearch, Splunk or directly sent to ExeonTrace.

ExeonTrace Factsheet

Please enter your information below to download our ExeonTrace factsheet.

I confirm that I have read and accepted the Terms of Service and Privacy Policy.

I want to receive the Exeon Analytics Newsletter.

We provide visibility into data leaving your organization

Icons made by Smashicons and Freepik from www.flaticon.com.