contact us

We are here for you!

Contact us.

We will get back to you as soon as possible.

Exeon Analytics AG

Grubenstrasse 12
CH-8045 Zürich
Phone: +41 44 500 77 21

Use Cases: Cyber Attacks, Ransomware, Data Breaches, and more

From finding ransomware, data breaches, and shadow IT, to threat, APT attack, and intrusion detection, to an efficient investigation of security incidents: ExeonTrace can solve various issues for your security team.

Case 01
Hidden data breaches through APT

Finding Advanced persistent threats (APTs) with AI-powered detection enabling automated threat hunting.

Automated detection of C&C channels
Based on AI algorithms, ExeonTrace detects covert communication channels to the outside that are hidden within billions of regular DNS and web traffic activities. ExeonTrace’s algorithms can identify novel communication channels, as used by APTs, for which no signatures exist yet.

Easy navigation through the attack pattern
ExeonTrace’s UI navigates you directly to the browsing tree or DNS activities of the malicious endpoint and singles out the suspicious activities to the malicious domain. Full visibility for a quick and easy response.

Verification of the response
After the attack has been contained and the malicious domain has been blocked, ExeonTrace automatically verifies that all malware has been removed and no C&C channel is still active. No alert is overlooked.

Case 02

Ransomware attacks typically go through different phases that take place over days to months. ExeonTrace allows you to detect attacks and react early before the attackers press the kill switch that encrypts your network.

Ransomware settling in your network
Discover advanced ransomware starting to initiate hidden communication to the outside (e.g. hidden DNS, HTTP or HTTPS channels)

Ransomware spreading in your network
Detect ransomware scanning your network and endpoints initiating communication with other internal endpoints deviating from their normal communication pattern.

Ransomware collecting and stealing data
ExeonTrace detects internal endpoints collecting data from within the network. Furthermore, ExeonTrace detects endpoints sending abnormal amounts of data to the outside or sending data to unusual destinations.

Ransomware encrypting files on shares
ExeonTrace analyzes SMB data flows to detect clients reading and writing large amounts of data, which is a typical signal for ransomware encrypting data on file shares.

Case 03
Shadow IT

Inventories and blacklists are often not up to date, resulting in internal and external shadow IT threats. ExeonTrace can detect both.

Internal Shadow IT: Rogue devices and unmonitored services in your own network
ExeonTrace automatically correlates network activities with your CMDB to detect rogue devices and unmonitored services. You don’t have an up-to-date CMDB in place? ExeonTrace allows you to build one based on your network data.

External Shadow IT: Use of unauthorized cloud services, file sharing platforms and other web tools
Employees often find weakness in the web proxy blacklist configuration and upload data to cloud services, file sharing platforms or other productivity web tools like file format converters. ExeonTrace detects such activities and allows you to enhance your blacklists.

Case 04
Visualize your threat exposure

You can’t protect what you can’t see. ExeonTrace’s graph database combined with specialized visualizations allow you to easily browse through billions of raw data points.

See internal services exposing data to the outside
ExeonTrace shows you all internal services which are accessed by hosts from the Internet in a single view.

Drill down from services to clients, to raw log data
ExeonTrace provides powerful drilldown views that are reachable with the click of a button. Zoom-in from aggregated events to raw log data to understand your cyber threat exposure at different granularity levels.

Providing context during exposure analysis through data enrichment
ExeonTrace enhances displayed endpoints with CMDB data, information about network zones, active DNS resolution or even data collected by endpoint agents.

Case 05
Enforce your security policies

Easily register your security policies in ExeonTrace to monitor and enforce them.

Define expected communication paths with the Internet
Ensure that all internal clients respect your Internet access policy, such as the mandatory use of proxy. Detect external clients which access your internal services via unauthorized channels.

Secure your critical server infrastructure
Verify that accesses to your critical server infrastructure are exclusively performed through your jump host architecture. Alert if an unauthorized endpoint accesses the server infrastructure.

Monitor administration and legacy protocols
Monitor the use of administration protocols, such as SSH or RDP, in your network. Detect the use of such protocols by unauthorized clients. Verify that legacy protocols, such as Telnet or FTP, are no longer or only in exceptional cases used within your network.