contact us

We are here for you!

Contact us.

We will get back to you as soon as possible.

Exeon Analytics AG

Grubenstrasse 12
CH-8045 Zürich
Phone: +41 44 500 77 21

The Modules

The Modules provide the tools to analyze and defend your various assets: Source-specific AI, algorithms, and use cases for various data sources and their respective threat scenarios. These Modules bring all the specialized capabilities to efficiently collect, process, analyze, and visualize data, as well as detect and investigate threats.

Main Module Features

Diagram showing the 3 components of ExeonTrace: the Web, Network and Xlog modules

Data Collectors: High-performance software collectors to collect very large amounts of system data. Eliminating the need for hardware sensors.

Processing Engine: Powerful AI to create source-specific enriched security data.

Visualizations: Dedicated and intuitive visualizations for the respective data sources and their use cases.

Detection AI: Ready-made analyzer algorithms and use cases designed specifically for the respective data sources and their security scenarios. 

Investigation AI: Optimized investigation views and guided threat hunting for the respective data sources and their use cases. 

The Modules

These Modules make your Network safer and smarter – jointly or individually.

Network Module: Covering internal & external network traffic

For NetFlow, IPFIX, Corelight & DNS

APT attack detection

  • Detecting lateral movement: Expansion of malicious software in your network
  • Detecting horizontal and vertical scanning inside your corporate network
  • Detecting malware using Domain Generation Algorithms (DGAs)
  • Detecting covert DNS channel: Hidden data leakage via Domain Name System (DNS)

Network visibility

  • Visualization of communication patterns (e.g. to detect data leakage through Supply Chain Attacks or misconfigured software)
  • Visualization of undesired/malicious access on internal services and visualization of unusual services
  • Visual identification of misconfigured devices which result in abnormal communication patterns

Analysis of access patterns for internal services (generating server profiles):

  • Detection of volume-based anomalies (i.e. clients which request abnormally large data volumes)
  • Detection of external clients accessing internal services (e.g. due to firewall misconfigurations)

Detection of internal shadow-IT: Correlation with CMDB information 

  • Not registered internal devices
  • Not registered open services

Blacklist-Matching: Correlation with threat feeds

Web Module: Covering web activities of internal devices

For proxy logs of SSL/TLS-intercepting Secure Web Gateways

 APT attack detection:

  • Detecting hidden HTTP(S) - based command and control channels
  • Detecting malware using Domain Generation Algorithms (DGAs) 

Detection of hidden data leaks such as browser plugins or software collecting data

External shadow IT: Detection of unauthorized cloud services and uploads

Unauthorized and outdated devices: Clustering of machine-to-machine (M2M) devices for outlier detection

Identification of unauthenticated proxy access

Blacklist-Matching: Correlation with threat feeds

Xlog Module: Cross-data threat detection

For additional security relevant log data

Better events: Enriched, aggregated events across various data sources. Efficiently stored.

Better detection: Correlation and enrichment of network events with host log data:

  • Spot lateral movement earlier by identifying suspicious processes that establish data flows
  • Discover malware disabling the host-based monitoring 
  • Detect issues with your Internet-facing services by analyzing corresponding application logs. 
  • Secure your on-site and cloud infrastructure by monitoring VPN and remote access logs.
  • Attribute suspicious network activity directly to a process and user

Better alerts: Combining the alerts produced by host-based and by network-based security tools to filter false positives and produce consolidated high-quality alerts. Data sources can include:

  • Deep packet inspection (e.g. Zeek/Corelight sensors)
  • Endpoint and user behavior anomalies
  • EDR and AV alerts
  • IDS alerts
  • VPN logs

Better response: Unified visibility for efficient investigation & response.