contact us

We are here for you!

Send me a message

Send us a message

Exeon Analytics AG

Grubenstrasse 12
CH-8045 Zürich

ExeonTrace – Network Detection and Response

Exeon Trace is the cyber security alarm system for your network. Award-winning machine learning algorithms analyze your IT log data to detect cyber intruders such as ransomware, advanced persistent threats (APT) or malicious insiders. Unique visualizations further enable a deep understanding of your network’s data flows, making ExeonTrace the network detection and response (NDR) software of your choice. It only takes a single day to deploy ExeonTrace, as your existing IT hardware acts as sensors.

Automated threat detection and hunting

Our machine learning and big data algorithms
are tailored to detect known and unknown cyber threats
and trace them back to their origin.

More efficient IT operations

With our pre-defined analyzers, ExeonTrace trawls
through billions of log data points and alerts
with a minimal false positive rate.


ExeonTrace supports your compliance
with GDPR, PCI and further regulations.

Visibility into your data flow

ExeonTrace's unique visualizations enable you
to understand and monitor large
and complex networks.

How ExeonTrace Works

ExeonTrace quickly identifies gaps in your IT Security and detects anomalies and suspicious behaviour in millions of data points (log data). Unlike other solutions, ExeonTrace can analyse threats across various data sources by correlating their data, hereby offering a unified solution for your enterprise.

ExeonTrace integrates: 

  • Network traffic log data (proxy, NetFlow/IPFX, Corelight and DNS)
  • Event log data (host and active directory)
  • Configuration Management Database (CMDB) 

Please enter your information below to download.



Key features

Understand your network's data flows

In today's corporate networks, billions of interactions happen every day. Keep an overview with ExeonTrace.

The alarm system for your network

It takes companies on average 206 days to detect cyber attackers in their network. ExeonTrace reduces this time period to only one day.

Efficient analysis of security incidents

ExeonTrace converts raw log data into a compact connection graph, allowing you to easily browse through historical data.

Why ExeonTrace

Our software is based on years of research at ETH Zurich, one of the globally leading tech universities. The result is an outstanding software featuring:



Best-in-class AI algorithms for network traffic analysis
A high detection rate and few false positives are the basis for your cyber security. Our software integrates various security relevant log-data sources, such as Proxy, NetFlow and DNS logs, and provides unique correlation possibilities. 



Quick deployment: Using your existing IT hardware as sensors
ExeonTrace's smart machine-learning algorithms allow you to use your existing IT hardware as sensors. Ideal for geographically decentralized networks, ExeonTrace can be set up within hours, even remotely. 



Ready-made analyzers for your security use cases
Our analyzers investigate a large number of cyber security risks taking the burden of creating large manual rule sets off your shoulders. For company specific use cases, you have the flexibility to define your own analyzers. 



You remain in control of your data
ExeonTrace can be operated completely offline. You decide whether ExeonTrace is set up on-site or in your trusted cloud. 

ExeonTrace Modules

ExeonTrace comes in two modules, each including the software, as well a service package for set up, training and support by our experts. The modules can be employed individually or together.

Module 1: Proxy/secure web gateway analysis 
Analysis of the web activities of your internal devices.

  • APT attack detection:
    • Detecting hidden HTTP(S) - based command and control channels
    • Detecting malware using Domain Generation Algorithms (DGAs) 
  • Detection of hidden data leaks such as browser plugins or software collecting data
  • External shadow IT: Detection of unauthorized cloud services and uploads
  • Unauthorized and outdated devices: Clustering of machine-to-machine (M2M) devices for outlier detection
  • Identification of unauthenticated proxy access
  • Correlation with selected threat feeds (blacklists)

Requirements: Proxy logs recorded by a SSL/TLS-intercepting secure web gateway. Proxy logs stored in Elasticsearch, Splunk or as raw files.

Module 2: Flow and DNS analysis 
Analysis of your internal & external network traffic.

  • APT attack detection
    • Detecting lateral movement: Expansion of malicious software in your network
    • Detecting horizontal and vertical scanning inside your corporate network
    • Detecting malware using Domain Generation Algorithms (DGAs)
    • Detecting covert DNS channel: Hidden data leakage via Domain Name System (DNS)
  • Network visibility
    • Discovery of unusual services in your network
    • Discovery of undesired/malicious access to internal services
    • Identification of misconfigured devices
    • Understand communication of critical networks
  • Correlation with selected threat feeds (blacklist) and CMDB information (internal shadow IT)

Requirements: Firewall(s) capable of exporting NetFlow v5/v9 or IPFIX log data or Corelight sensors. DNS logs recorded by a resolver or network sensor (optional). Log data stored in Elasticsearch, Splunk or directly sent to ExeonTrace.

We use cookies to help you use our website. To find out more about cookies, see our Privacy Policy.