A reliable IPS - Intrusion Prevention System should also protect against encrypted network traffic and zero-day attacks. However, since many solutions work with signature-based detection, they cannot usually protect against zero-day attacks. The new NDR from ExeonTrace does IPS at the same time.
With ExeonTrace, the Swiss security company Exeon Analytics offers a solution for detecting intruders that goes far beyond the capabilities of conventional intrusion prevention systems (IPS). In particular, ExeonTrace can also detect zero-day attacks, against which IPS solutions cannot offer any protection due to their signature-based detection. Although such systems are suitable for the automated detection and defense against known attacks, they must be supplemented by other security solutions for comprehensive protection.
Encrypted network traffic also protects attackers
Depending on the study, 80 to 90 percent of global network traffic is encrypted today - and the trend is increasing. This encryption protects the confidentiality and integrity of sensitive business data. On the other hand, the signature-based detection approach of IPS and other solutions cannot be applied to encrypted payloads to detect and prevent intrusion attempts. To overcome this limitation, the firewall would need to decrypt all traffic, which can lead to a host of other security issues. ExeonTrace, on the other hand, is based on the analysis of metadata and is therefore able to examine encrypted network communication and to detect corresponding attacks.
NDR offers an overall picture instead of individual alarms
Additionally, while IPS solutions typically generate individual alerts, they do not correlate those alerts to create an overall picture of the threat landscape. This makes it difficult for security teams to distinguish a real threat from false alerts or to judge them based on their severity. This limitation can significantly reduce response time and give attackers a head start to break into the organization. Unlike IPS, ExeonTrace as an NDR (Network Detection and Response) solution does not rely on signature-based detection of cyberattacks. Instead, it uses machine learning algorithms to examine network communications in near real-time.
Only correlation provides an overall picture
ExeonTrace creates a baseline of “normal” network behavior through continuous analysis of raw traffic. In the event of deviations, the solution first analyzes and correlates the anomalies and then, if necessary, generates alarms to indicate a potential threat within the network environment. This AI-based method also enables the detection of unknown zero-day attacks for which no signatures exist yet. For example, the ExeonTrace NDR platform has an ML model that can detect the Domain Generation Algorithm (DGA) used in the 2020 SolarWinds Sunburst attack. New types of malware for which no signature is yet available are also detected using the ML algorithms.
More at NextGen.Exeon.com
About Exeon
Exeon Analytics AG is a Swiss cybertech company specializing in protecting IT and OT infrastructures through AI-driven security analytics. The Network Detection and Response (NDR) platform ExeonTrace offers companies the opportunity to monitor networks, immediately detect cyber threats and thus effectively protect their own company's IT landscape - quickly, reliably and completely software-based.