# Threat Hunting and Detection of the Log4j Exploit using the ExeonTrace NDR - Part II

In this blog post, we explain how to work with threatfeeds in ExeonTrace for the detection of devices compromised thorugh the Log4j vulnerability. [Our first blog post](https://www.exeon.com/blog/log4j) provides you with more technical background information.

## Working with threatfeeds for the detection of Log4J exploits in ExeonTrace

In its default configuration, ExeonTrace downloads selected high-reputation public threatfeeds regularly and checks for IOCs. You can check if this feature is enabled in your setup by opening the "Threat feed" tab under anomalies. If you see threatfeeds with the source "Exeon", it's safe to assume that the feature is currently active.

![csm_Picture1-blog_21faa15723.png](https://storage.googleapis.com/website_cms_docs/exeon/csm_Picture1_blog_21faa15723_43bc8d9f76/csm_Picture1_blog_21faa15723_43bc8d9f76.png)

As false positives are always an issue with threatfeeds, the Exeon standard feed only contains few, selected sources. For customers who want to add additional sources, ExeonTrace offer the possibility to load custom threatfeeds. Many very extensive threatfeeds can be found on github, if one searches for log4j ioc. These threatfeeds are much more extensive, but oftentimes contain some false positives.
A threat feed can be a simple list of IP addresses (one IP per line).

![Picture2-blog.png](https://storage.googleapis.com/website_cms_docs/exeon/Picture2_blog_bc2cfd9969/Picture2_blog_bc2cfd9969.png)

To load a custom threatfeed, open the threat feed tab under anomalies and click “Import threat feed”.

![csm_Picture3-blog_f6d55b178f.png](https://storage.googleapis.com/website_cms_docs/exeon/csm_Picture3_blog_f6d55b178f_8f241d49e9/csm_Picture3_blog_f6d55b178f_8f241d49e9.png)

Select the desired file and confirm. Make sure to add a name and a description and change the score to 150 (default is 80). In the example below, we created a csv file from Threatmonits Log4j iocs from github.

![csm_Picture4-blog_5839ed667b.png](https://storage.googleapis.com/website_cms_docs/exeon/csm_Picture4_blog_5839ed667b_3e6c3318d7/csm_Picture4_blog_5839ed667b_3e6c3318d7.png)

You will now be informed whenever an endpoint tries to open a connection to one of the ips in the list.

## Checking for previous indicators of compromise

Threat feeds are only checked going forward in time. For an event like the log4j vulnerability it is always important to know if any devices have connected to these known malicious IP addresses before they were made public in these threat feeds.

For this you can go to the “Client server pairs” tab under flow analytics. Change the tab to “Outbound” and copy all IPs of your threat feed into the filter bar. The filter bar supports up to 10000 ipv4 IPs or 1000 ipv6 IPs per search. If your threat feed is larger you would need to batch it into separate queries. Make sure to select a time range which makes sense. For example, last week. Depending on your setup the first query can take some time until all the historical data for the selected time range is loaded into the cache. After the initial loading all subsequent queries should then be much faster.

![csm_Picture5-blog_5331d24db1.png](https://storage.googleapis.com/website_cms_docs/exeon/csm_Picture5_blog_5331d24db1_32341f435a/csm_Picture5_blog_5331d24db1_32341f435a.png)

Make sure to select the checkboxes “include all ports” and “show failed connections”. It’s also a good idea to check the tab “Inbound” for suspicious activities, because in case of incomplete log data, connections are sometimes rotated.

In this blog post, we explain how to work with threatfeeds in ExeonTrace for the detection of devices compromised through the Log4j vulnerability. Our first blog post provides you with more technical background information.

Threat Hunting and Detection of the Log4j Exploit using the ExeonTrace NDR - Part II

A wide-spread cyber-attack against multiple government agencies, critical infrastructure providers and private sector organizations such as FireEye was made public this December. The attackers breached their victims' IT networks by compromising the software supplier SolarWinds, which allowed them to install a Remote Access Trojan (RAT) through SolarWinds' software update mechanism. In this blog you learn how ML-based detection mechanisms contain such attacks before signatures or Indicators Of Compromise (IOCs) are publicly known.

Detecting the highly evasive Sunburst attack using an (old) ML model

Cyber attacks are becoming more and more frequent and the damage caused to companies is correspondingly greater. Exposed entry points for hackers (Microsoft Exchange, SolarWinds, etc.) are just the tip of the iceberg. Phishing activities on employees are also becoming increasingly sophisticated. In short, whether hackers are active in your network is only a matter of time - if they're not already in it. Fast, reliable and holistic network monitoring for early detection of anomalies is therefore more important than ever.

Visibility NOW - complete visibility of network activities, faster than ever before

The average cost of a data breach is a whopping €3.18 million (or $3.86 million at the time of writing this article). As intruders on enterprise networks increased dramatically, it’s now critical to detect and eliminate threats before any real damage is done. This makes robust Network Detection and Response (NDR) vital to cyber security.

Next-Gen Network Detection & Response

IT security managers rely on Zero Trust, but its practical effectiveness is being challenged by Advanced Persistent Threats worldwide – read about effective security strategies by Klaus Nemelka.

Network Detection & Response (NDR): The Silent Champion of Zero Trust Security

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack

ExeonTrace, our future-proof Network Detection & Response platform, has been recognised as one of the best network security providers by Cybernews. ExeonTrace is an AI-driven network analysis solution that can detect and eliminate sophisticated cyberthreats before they cause any harm to organisations.  

Exeon featured as a top network security provider 

We are often asked what exactly differentiates ExeonTrace from other Network Detection and Response (NDR) solutions. Our numerous conversations with security professionals show they find ExeonTrace’s data analysis approach most convincing. 

How does the analysis of existing network log data secure your IT infrastructure?

Boosted by the continual advancement of digital technologies, cyberattacks are increasing in number and sophistication. The variety of legacy and modern IT systems in use, the interconnection of appliances (that used to run isolated), and the vast number of third-party suppliers are increasingly challenging to holistically protect the IT landscape.

SOC Visibility Triad and the role of NDR solutions

From all types of ransomware to their devastating impact on businesses, read about how to protect your organization and which solutions keep your network hacker-free.

Ransomware Protection: How to Protect Your Business from Cyber Extortion in 2023

Corporate IT networks are the foundation of today's information age and protecting them is a crucial element to ensure the proper functioning of IT solutions. As most organisations become heavily dependent on computer networks to facilitate work operations, a disruption in network service can have catastrophic consequences on the affected entity.

Why ExeonTrace is the NDR of choice for CISOs of industry-leading companies across Europe

Zurich, February 15, 2021 - Various media are reporting today on a warning from the cybersecurity company Eset. The latter had reported that the hacker group "Evilnum" has been targeting Switzerland fintech companies since December 2020. With so-called spear phishing emails, i.e. attacks against selected targets in the company, recipients are to be tricked into clicking on a link to a ZIP file and extracting it.

Cyberattack on Swiss fintechs: surveillance can prevent fatal consequences

Our Professional Services Engineers explain all about their exciting roles as we are looking to hire an additional PS engineer to protect more and more enterprise networks from cyber threats.

Harald Beutlhauser on what it means to be a PS Engineer in cyber security

A Day in the Life of a Security Engineer

Modern networks have a multitude of third-party systems in use. Consequently, third-party applications have become a security-relevant priority in order to protect one's network. Security teams require complete transparency over their IT/OT network.

Third-party cyber risks – and how ExeonTrace can provide complete system transparency

Is your OT security really cyber threat proof? Read about the optimal solution against hackers in OT, thanks to metadata analysis and deep packet inspection.

OT Security by Philipp Lachberger on the Exeon Blog

How Network Detection & Response (NDR) Monitors OT Environments

IS4IT Group, a leading provider in the field of cyber security, and the Swiss security expert Exeon Analytics, headquartered in Zurich, have concluded a joint service partnership. The company will provide service and support in Germany for Exeon. The two providers signed a corresponding agreement in June. 

IS4IT and Exeon Analytics AG agree on service partnership 

Due to complex and distributed IT processes, rising personnel costs and an increasing need for IT security solutions, more and more companies are opting for Managed Security Services (MSS). In this case, an IT service provider takes over the development and operation of a suitable, individually adapted security architecture consisting of individual IT security services. However, there are significant differences between the individual Managed Security Service Providers (MSSP). To better understand what distinguishes the MSS offering of our successful partner Ensec, we asked its CTO Rolf Scheurer for an interview.

Managed Security Services with Ensec and Exeon

Women are significantly underrepresented in cybersecurity. Even though this trend is shifting, today, women only represent about a quarter of the cyber workforce. Considering the explosive growth and consequential talent shortage in cybersecurity, it is crucial to encourage more women into the cyber industry.

The importance of Diversity in Cybersecurity

Discover how to strengthen your SOC's defenses by overcoming common deficiencies like incomplete visibility, log analysis challenges, and slow incident response. With advanced analytics, machine learning, and seamless threat intelligence integration, NDR is a comprehensive solution to evolving cyber threats. Is your security team ready for the cyber challenges ahead?

Major SOC Mistakes and What You Can Do to Avoid Them

Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches.

Why Organizations Need Both EDR and NDR for Complete Network Protection

The global financial stability is increasingly at risk thorugh cyber attacks, claims the IMF according to a recent report. The authors argue that cyber attacks become easier to undertake, increasingly sophisticated and, as an effect, much more prevalent.

Cyber attacks threaten financial stability

Zurich/Bassersdorf, 15.02.2022 - ISPIN is now working with cybersecurity company and ETH spin-off Exeon Analytics to expand its Managed Security Services with the Network Detection & Response (NDR) platform ExeonTrace. Customers now benefit from Exeon's advanced network analytics as well as individual consulting and support from ISPIN's experienced cybersecurity experts. 

ISPIN expands its Managed Security Services with Exeon Analytics

The remote code execution vulnerability against Apache Log4j2 [https://nvd.nist.gov/vuln/detail/CVE-2021-44228] is one of the most severe vulnerabilities we have seen for a long time. It’s so severe because the vulnerability is very easy to exploit and the Log4j logging library is used by many Java applications. Thus, one must assume that nearly any larger organization is potentially affected, either due to software developed in-house or via Java software provided by suppliers. After giving some background, we’ll explain how one can identify exploited systems using our ExeonTrace NDR software in this blog post.

Threat Hunting and Detection of the Log4j Exploit using the ExeonTrace NDR

In this interview, originally published by IT-markt, our CEO and Founder David Gugelmann talks about how Exeon strengthens the cybersecurity within companies with our AI-supported network monitoring. 

Detect and eliminate cyber threats before damage occurs

Exeon extends the ExeonTrace detection & response solution. ExeonTrace can now evaluate network, system and application log data for AI-supported detection of cyber threats. ExeonTrace automatically links this data and provides the analyst with an overall view.

Exeon takes the next step towards a comprehensive cybersecurity offering

Every year the crème de la crème of the Swiss Start-up scene meets in Zurich for the annual Swiss Startup Award ceremony. What a night! We are thrilled to be named among the Top 5 Swiss startups by the industry event of the year: Top 100 Swiss Startup Award. A big thank you to our customers, team and investors for their ongoing trust and support.



Exeon amongst the Top 5 Swiss Startups

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be told about our company's core: the Exeon Team. In the first few months of 2022, our team grew by over 30%, and we are ambitious to expand even further in the future. With this mini blog series, our talented new colleagues will provide personal insights into working at Exeon and how they experienced their first days. In this first blog post, we interviewed Noè Canevascini, our new Recruitment and IT support intern. 

My first month at Exeon - Noè Canevascini, Recruitment intern and IT support. 

Today, companies collect huge amounts of security-relevant data for cyber monitoring. But the problem lies in efficiently analyzing this data - especially across different data sources. Extended Detection and Response (XDR) reveal new possibilities with the help of AI.

XDR – A new weapon in the fight against cyber threats

More than hundreds of thousands of Microsoft Exchange servers have been hacked globally, whereas the DACH region seems to be highly affected. This article explains how ExeonTrace can help to detect the intrusion through automated and manual network analysis.

How ExeonTrace can help detect the Microsoft Exchange hack

The Swiss cybersecurity provider Exeon Analytics AG has set itself the goal of becoming the leading "network detection and response" provider in Europe. Well-known investors see the potential of the Swiss solution and support the project with know-how and funds amounting to more than CHF4 million. The ETH spin-off Exeon already has a wide customer base in Switzerland, including two of the five largest Swiss banks and well-known logistics companies. The first major customers have also already been acquired in Germany and Austria. 

Swiss cyber security company Exeon accelerates European Go-to-Market

Klaus Nemelka, Product Manager and Cyber Security Expert, explains how hackers obtained unauthorized access into Microsoft accounts, what malicious activities they operate and how NDR protects organizations from APTs.

Klaus Nemelka, Product Manager at Exeon, about Machine Learning for Corporate Network Security

The Key to Hacker Happiness

Digital transformation has witnessed a boost in recent years, especially in the wake of the COVID19 pandemic, which accelerated the adoption of digital technologies by several years in just a few months. Integrating digital technology in business has brought significant benefits. However, it also opened the door wide for new security risks and vulnerabilities.

The Importance of an NDR Solution to Early Detect Supply Chain Attacks in Corporate Networks

Exeon Analytics’ contribution to the NATO Cyber Defense Conference (CyCon 2019). Our research paper “Detection of Malicious Remote Shell Sessions”, to which researchers from ETH Zürich, Kudelski Security, armasuisse W+T and Exeon Analytics contributed, has been presented at this year’s CyCon. The publication is available in the following link.

CyCon 2019

Prevention and protection are still considered the means of choice when safeguarding one's own IT systems. However, the fact that this approach is not sufficient can now be read almost daily in the media. Current cases such as the attack on Microsoft Exchange, Colonial Pipeline in the United States or, most recently, Siegfried in Switzerland illustrate the dangers: Business interruptions, loss of trust among customers and partners, product defects or legal consequences.

NDR: The new pillar of cybersecurity

Find out how to catch data exfiltration thanks to Machine Learning and why detecting it is crucial to your organization’s IT security, as explained by our Head of Professional Services, Andreas Hunkeler.

How to Catch Data Exfiltration with Machine Learning

This article highlights the challenges in monitoring OT environments, suggesting that Network Detection and Response (NDR) solutions offer a non-intrusive and effective way to monitor networks by providing comprehensive visibility and detection capabilities without disrupting operations. The advanced machine learning algorithms identify potential threats and anomalies, making this a preferred method for securing OT environments.

In the Shadow of Traditional IT Security: The Central Role of NDR in Securing OT Networks

Beyond IT Security: The Central Role of NDR in OT Network Protection

Exeon is expanding its Executive Management with an experienced Chief Marketing Officer. Gregor Erismann, who will take up the position on February 1, 2021, was previously a member of the Executive Board and CMO of the digital agency Namics. With this move, Exeon strengthens its Go-to-Market with the aim of becoming Europe's leading provider of Network Detection & Response solutions. 

Exeon strengthens Executive Team with experienced Chief Marketing Officer

Besides the general discussion about the benefits and challenges of using machine learning algorithms for threat detection, detection engineers face their own benefits and challenges when building detections. In this blog, these aspects are outlined from a detection engineer's perspective and the corresponding questions that come up during use case development.

Blog on machine learning security detection by Andreas Hunkeler

Machine Learning Algorithms from a Detection Engineers' Perspective

Learn how to combine a Zero Trust strategy with compliance regulations such as NIS2, DORA, HIPAA, ISG, GDPR and other relevant standards – a serious task and challenge for companies that want to strengthen their security and ensure compliance with legal requirements. The right choice of cyber security tools can make all the difference.

Why Zero Trust and Compliance Go Hand in Hand

Ransomware is one of the most worrying cybersecurity threats for organisations worldwide. In February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory cautioning organisations against the "increased ransomware threat" in 2022. Without proper security controls in place, any organisation is vulnerable to the catastrophic impact of ransomware attacks.

Ransomware and the Need for NDR to Provide Robust Protection

Swiss network detection and response (NDR) vendor Exeon Analytics is strengthening its commitment to the German market and has brought Michael Tullius on board as Sales Director Germany, an experienced security expert.

Exeon Analytics appoints Michael Tullius as Sales Director Germany

Zurich, September 22, 2022 - With ExeonTrace, the Swiss security company Exeon Analytics offers an intrusion detection solution that goes far beyond the capabilities of traditional intrusion prevention systems (IPS). In particular, ExeonTrace can detect zero-day attacks, against which IPS solutions cannot provide protection due to their signature-based detection. While such systems are suitable for automated detection and defense against known attacks, they must be complemented by other security solutions for comprehensive protection. 

Reliable intrusion prevention even for encrypted network traffic and zero-day attacks

Intrusion incidents have become very common in recent years, with widescale cyberattacks affecting organisations virtually every week. Threat actors are constantly trying to break into enterprise networks and compromise business assets. To prevent a breach from occurring, many companies employ Intrusion Prevention Systems (IPS). In order to identify and prevent threats, these solutions rely on signature-based detection, which allows for automatic intrusion detection. However, this approach can cause various blind spots and weaknesses in network protection. Network Detection and Response (NDR) can overcome these drawbacks for more reliable and holistic protection against intrusions. 

How Network Detection and Response (NDR) Fills the Security Gaps of Intrusion Prevention Systems (IPS) 

In almost every industry, start-ups have an innovative edge over larger enterprises. European start-ups, in particular, are excelling as "innovation wunderkinds" in the B2B space. In the cybersecurity industry, scale-ups like Exeon Analytics are setting new standards for innovation-led growth and product development.

Why Cybersecurity Start-ups are winning the Innovation Race

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be said about our company's core: the Exeon Team. Since the beginning of the year, our has grown by over 35%, and we are ambitious to expand further in the future. With this mini blog series, our new colleagues will provide personal insights into working at Exeon and how they experienced their first days. In this blog post, we interviewed Michael Tullius, our Sales Director for Germany.

My first month at Exeon – Michael Tullius, Sales Director Germany.

Swiss security company Exeon Analytics warns against relying only on traditional endpoint detection and response (EDR) solutions to secure endpoints. Numerous endpoints in modern, hybrid networks do not support the agents needed to do so, and where such agents are running, they can potentially be leveraged and disabled by sophisticated attacks. In addition, because of the trend toward home working and BYOD (Bring Your Own Device), IT and security teams often do not have access to privately owned employee endpoints that may also be used by additional family members. 


Exeon: EDR needs NDR for comprehensive security 

In this article, we share some ideas on how to detect and hunt the exploitation (meaning the abuse) of network device vulnerabilities and how a Network Detection and Response (NDR) supports such analysis.

Exeon's Blog on Incident Response: How to Detect & Hunt Network Exploitation

How to Use ExeonTrace to Detect the Exploitation of Network Device Vulnerabilities

The integration of external data sources into the Network Detection & Response solution ExeonTrace has been significantly simplified thanks to the integration of numerous parsers.
The result? An even higher level of visibility across all network activity and data flows.

Press Release: Exeon Analytics Simplifies Integration of Data Sources

Cybersecurity recruitment and organic growth means excitement and challenges as a new year unfolds: more on the successes and goals from the COO of a fast evolving Swiss network security monitoring organisation.

Exeon in 2023 – Skills, Growth & Challenges

Today, most Network Detection and Response solutions rely on traffic mirroring and deep packet inspection (DPI). Traffic mirroring is typically deployed on a single core switch to provide a copy of the network traffic to a sensor which uses DPI to thoroughly analyse the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when it comes to encrypted network traffic. Metadata analysis has been specifically developed to overcome these limitations. By utilising metadata for analysis, network communications can be observed at any collection point and be enriched by information providing insights about encrypted communication.

Deep Packet Inspection vs. Metadata Analysis of NDR solutions

The EU Commission's regulation Digital Operational Resilience Act (DORA) was published as a law affecting financial enterprises – read about how it affects Switzerland and the EU, as well as proposed IT security measures.

What are the implications of DORA for Swiss and EU companies?

Everything EU & Swiss Companies Should Know About DORA (Digital Operational Resilience Act)

To strengthen their systems against cyber-attacks, EU financial institutions must meet DORA requirements. One way to efficiently achieve this is by implementing a Zero Trust strategy – here are the 10 key points for your implementation, as well as 5 reasons why ExeonTrace is highly suited to the DORA (and even NIS2!) directives.

New on the Exeon blog: DORA compliance thanks to Zero Trust

How Zero Trust Makes You DORA-Compliant

The Swiss IT security company Exeon Analytics warns against trusting third-party applications unconditionally, regardless of whether they are contract developments or standard solutions from renowned manufacturers. The problem with such applications is that they often require extensive authorisations or receive them unnecessarily. At the same time, such third-party software usually acts as a black box without transparency into the individual actions or data streams. 

Exeon recommends consistent monitoring of third-party applications

Based on the 2024 Allianz Risk Barometer results, how can you best protect your organization from cyber-attacks? Our Senior Security Consultant describes robust, future-proof cybersecurity measures and why management needs to be involved. One hint: AI!

2024 Allianz Risk Barometer: Heightened Alarm on Cyber Threats

Here is all about the XZ Utils and liblzma backdoor and why the best way to foster your security strategy against supply chain attacks and Zero-Day exploits is with an AI-powered Network Detection & Response solution for complete visibility of the network’s communication.

Look Who Entered Your Library!

Supply chain attacks, increasingly prevalent and posing significant threats to IT security, target software or hardware suppliers to indirectly infiltrate organizations. Here are 5 ways to prevent these attacks with advanced monitoring technologies like machine learning-based Network Detection & Response (NDR) for early detection and mitigation.

Philipp Lachberger on how to stop supply chain cyber attacks

How to Monitor & Stop Supply Chain Attacks

Read full article of “Digital Watchdog: Exeon Analytics’ software raises alarm when cybercriminals hack a network.” Discover how criminals target the IT infrastructure of a state or a company through an advanced persistent threat (APT) and how Exeon’s alarm system which is designed purely as a software-as-a-service (SaaS) solution protects leading companies.

Exeon is featured in the latest issue of Handelszeitung

Exeon, alongside partner Netcor GmbH, looks back at a tremendeous IT security event where network security expert Michael Tullius presented to various IT leaders, engineers and SOC personnel on the beneficial deployment of a Network Detection and Response tool.

SecIT 2023: An Outlook on a Secure Future

When a company realizes that its protection concept has failed, it is often already too late. What to do? The Network Detection and Response (NDR) concept offers a new arsenal for cyber defense. Cybersecurity has so far been focusing on preventive measures. Once an attacker managed to get past these measures, the company network lays defenseless in front of them. Today, thanks to AI-supported network monitoring, such attacks can now be stopped, before it is too late.

Prevention is only half the battle

"Network Detection & Response" has quickly established itself as the leading method for identifying hackers in networks at an early stage, before they cause any damage. Network Detection & Response" is thus becoming an increasingly central pillar of a modern cybersecurity architecture. The Swiss provider Exeon Analytics AG alone has tripled its customer base over the past year.

Network Detection & Response establishes itself as central cybersecurity pillar

The Swiss "Network Detection & Response" provider Exeon Analytics is strengthening its market development with Luca Forcellini as Senior Channel Manager. Forcellini is a proven industry expert and was most recently with Boll Engineering, a leading security distributor.

Luca Forcellini becomes Senior Channel Manager at Exeon

OT communication involves continuous data transmission for device status, differing from IT communication patterns, and are best detectable by Network Detection & Response solutions using machine learning for anomaly detection in network and administrative behavior.

OT Security & Network Behavior Analytics Blog

Using Behavior Analytics to Detect Changes to your OT Environment

From the role of machine learning driven network security solutions to the benefits of ML within a cybersecurity set-up and concrete examples, Senior Cyber Security Analyst Andreas Hunkeler explains the application of ML and what is yet to come for organisations to detect cyber threats and protect their networks.

Machine Learning in Network Security: Protecting organisations from cyberthreats

The Future of Network Security: Predictive Analytics and ML-Driven Solutions

With the analysis of metadata instead of the otherwise common Deep Packet Inspection (DPI), the Swiss cybersecurity company Exeon Analytics is establishing a modernised and future-proof Network Detection & Response (NDR) solution in the European market. The metadata analysis is - in contrast to the established DPI-based procedures - not affected by encrypted data traffic. This is relevant as modern cyber attacks such as APTs, ransomware and lateral movements rely heavily on encrypted communications for attack instructions from remote command and control (C&C) servers

Exeon revolutionises NDR through metadata analysis 

Compromised servers are likely to be used as relays and as an entry point for various attacks against corporate networks, such as ransomware attacks. Besides relying on ExeonTrace’s automated detection, Exeon’s customers can retrospectively check the network behaviour of potentially vulnerable servers using the “Client server pairs” visualization, as outlined in our previous post on the detection of Log4j.
The ExeonTrace NDR solution itself doesn’t use Spring and is therefore unaffected by the vulnerability.

Severe vulnerability in the Spring Framework

While cloud solutions typically provide high security standards, some prioritize on-premises for full control over security measures, higher performance, reliability independent of internet connectivity, and better customizability, with the decision between the two hinging on factors like budget constraints and regulatory compliance, particularly critical in the financial sector where conducting a comprehensive risk assessment is crucial.

To Cloud or Not to Cloud 

Swiss IT security company Exeon Analytics has enhanced the ExeonTrace NDR platform with cloud connectivity and new anomaly handling functionalities. The latest release significantly simplifies both the deployment and seamless operation of NDR in on-premise, cloud and hybrid environments. Like its predecessors, the current release is completely software-based and, unlike traditional solutions, does not require any additional hardware, reducing not only investments but also operating costs. The evolved architecture of the current version of ExeonTrace allows analysts to tailor the solution to their environment at the click of a button, and provides a flexible platform for deploying sophisticated and high-performance AI algorithms for intelligent detection of current threats, including zero-day exploits.

Exeon simplifies the deployment of Network Detection and Response

How do you prevent advanced ransomware such as Akira? Klaus Nemelka explains how machine learning-based network monitoring is the ultimate way to uncover unknown attacks without pre-defined use cases. Read how to detect this new multi-OS ransomware most efficiently.

How to Detect the New Multi-OS Ransomware Akira

Akira Is Not A Game

We usually write a lot about industry news and our cutting-edge Network Detection & Response solution, ExeonTrace. However, just as much can be told about our company's core: the Exeon Team. In the first few months of 2022, our team grew by over 30%, and we are ambitious to expand even further in the future. With this mini blog series, our talented colleagues will provide personal insights into working at Exeon. In this blog post, we asked Louis Leclair, our backend development intern, to tell us about his 6-months long internship at Exeon. 

My internship at Exeon – Louis Leclair, Back-End Developer Intern

Various national and EU-wide regulations have tightened cybersecurity monitoring and reporting requirements for companies. This makes it essential to prioritize the monitoring, detection and reporting of cyber incidents. Read how to achieve compliance and what the ISG (Informationssicherheitsgesetz) requires companies to establish within an ISMS.

All about the new DSG cybersecurity requirements in Switzerland and how it compares to NIS2.

Switzerland and the EU Tighten Cybersecurity Legislations

The updated Directive on Security of Network and Information Systems (NIS) presents numerous challenges for critical infrastructure operators, particularly in terms of complying with the new requirements and adapting to the evolving cybersecurity landscape. CCO Gregor Erismann provides corporations with critical details about the new EU-wide cybersecurity legislation.

NIS2 Guide: Network Monitoring for Critical Infrastructure

Navigating the Impact of NIS2 on Network Monitoring for Critical Infrastructure: A Comprehensive Guide

Cyber attacks are becoming more frequent and more serious. The most recent example is the worldwide attack on Microsoft's Exchange Server: In March, hackers infiltrated the system via four security holes. This allowed them to log in as administrator without a password and thus read emails or access passwords and devices of their victims in the network. An estimated 250,000 systems were affected - 30 per cent of them in the DACH region. The fact that so many companies in German-speaking countries fell victim to the attack is no coincidence. In many places the necessary security awareness is still lacking.

Attack on MS Exchange Server: BSI declares "red" alert for the first time in seven years

Manager liability for undetected cybersecurity incidents in Europe varies depending on the legal framework and industry – here, Michael Tullius goes through the corporate requirements and applicable sanctions for DORA and NIS2, as well as how to best comply and ensure long-term security. Cyber-resilience starts here!

Michael Tullius on NIS2 and DORA compliance

NIS2 and DORA: Managers Are Liable for Cybersecurity

Organizations choose managed services for cybersecurity. Providers monitor and manage security systems, while security operations centers (SOC) analyze data and respond to threats.

Why Customers Love ExeonTrace (as a Managed Solution)

Top management and advisory boards will become even more demanding in 2023 when it comes to IT security in their companies, according to Swiss security firm Exeon Analytics following a roundtable discussion with CISOs from medium and large companies.

Annual outlook on cybersecurity from the perspective of security managers

The Swiss cybersecurity company Exeon Analytics and the German EnBW Cyber Security GmbH have reached an agreement under which EnBW Cyber Security will distribute the Network Detection & Response (NDR) solution ExeonTrace in Germany and use it as a technical solution for the customers of its Security Operation Centre (SOC).

EnBW Cyber Security is partnering up with Exeon Analytics for managed service operations in Germany 

The Swiss security company Exeon Analytics was awarded the Cybersecurity & Privacy Solution of the Year Award sponsored by PwC at the Cyber Security Week in Luxembourg. A high-calibre jury awarded the prize to the Network Detection & Response (NDR) solution ExeonTrace for demonstrating excellence at all levels - from strategy to execution.

 Exeon wins the PwC Cybersecurity & Privacy Solution of the Year Award

The March issue of the BILANZ business magazine contains an exciting article about Exeon and our CEO aka "Crime-Stopper" David Gugelmann. You can read the article in the following link

BILANZ Magazine

Smart Cyber Security made in Switzerland! That is what Exeon stands for. Thanks to DreamLab, Datastore AG and Swiss Cyber Security Days for making the diversity of Swiss Cybersecurity solutions visible! Check out the Swiss Cybersecurity Start-Up Map.

Switzerland is becoming a leading player in cybersecurity technologies

The expert panel consisting of SIX, Cyverse and Exeon Analytics agree: Yes! For our CEO David Gugelmann the main competitive advantage of Zurich is clear: “Zurich is home to engineers who have received a world-class education.”

Read the whole article or re-watch the webinar in the following link.

Zurich as a cybersecurity Hotspot?

David Gugelmann, CEO & Founder of Exeon Analytics in the Podcast "upbeat" of HZ handelszeitung.ch/upbeat. Interview also available in Apple Podcast and Spotify (video and article in German).

HZ Interview, "How the startup Exeon gets through the corona crisis"

We are proud to be winner of the factory1 program and are very happy to push forward our international expansion with Kapsch Group, a leading operator of critical infrastructure networks.

Winner of the Kapsch Factory1 Program

Swisscom interviewed the StartUp Challenge alumni Exeon Analytics, Dotphoton and AAAccell. You can find the article in the following link.

Interview with Swisscom Startup Challenge Alumni

How does Network Detection and Response (NDR) massively bolster defenses against zero-day exploits? Learn about the limitations of traditional security measures and how advanced analytics and real-time monitoring detect and mitigate emerging threats, illustrated through a detailed analysis of the Ivanti Connect Secure VPN exploit.

Uncovering Blind Spots: The Crucial Role of NDR in Zero-Day Exploit Detection

Risk-based alerting (RBA) is a strategy that uses data analysis and prioritization to issue alerts or notifications when potential risks reach certain predefined levels. Find out how to best utilize it for improved security – even against the most advanced attackers.

Enhancing Security Detection: Revolutionizing Risk-Based Alerting

I am required to store network log data, but the huge data volume makes this very expensive

Whitelisting systems in SIEMs is risky and inconvenient

I need better threat detection than static IOCs

My SOC is flooded with alerts for networks that are irrelevant (e.g. guest WLANs) - Relevant alerts get lost

My current tools (e.g. IDS) create too many false alerts

I need to identify shadow IT

It is cumbersome for security analysts to analyse the data stored in the SIEM

Network traffic encryption makes my tools, which rely on deep packet inspection, become blind

I can’t do traffic mirroring in my own or my outsourcer’s network

Writing and maintaining SIEM use cases for network log data is cumbersome

I don’t know exactly what is happening in my network

I don’t know whether I can trust the third-party applications in my network

We are pleased to be attending the cyberrevolution 2023 in Frankfurt on November 14th. cyberevolution 2023 is a must-attend event for all cybersecurity professionals who not only want to learn about the use of traditional and unconventional cyber defense methods and strategies, but also gain a better understanding of the growing importance of cybersecurity for businesses.

Cyberevolution 2023, Frankfurt

Attend our presentation at the virtual conference CSK CyberSecurity Summit 2024 on April 24-25: "The devil is in the details: Why you should monitor IT , IOT and OT with NDR." In an increasingly connected environment, comprehensive monitoring of IT, IoT and OT is essential. Find out why Network Detection and Response (NDR) is crucial for detecting and combating potential threats at an early stage.