
Network & Infrastructure Security
Exeon.NDR
Hardware-free network detection with metadata analysis for encrypted traffic visibility.
Exeon.NDR Overview
What it does
Exeon.NDR (formerly ExeonTrace until July 2025) is a software-based Network Detection and Response platform that monitors IT, OT, and cloud networks using metadata analysis and machine learning developed through over ten years of academic research at ETH Zürich. Founded in 2016 and based in Zürich, Switzerland, Exeon Analytics employs 45-50 people and has raised $5.36M in funding from Microsoft for Startups, Tenity, and others. The platform was recognized as one of Switzerland's top three high-tech companies at the Swiss Economic Forum 2021.
How it works
The platform's core differentiator is metadata-based analysis that requires no hardware sensors, software agents, or traffic mirroring infrastructure. By analyzing lightweight network logs (NetFlow, IPFIX, DNS, proxy logs, firewall data) exported from existing infrastructure, Exeon.NDR provides encryption-agnostic monitoring that remains effective regardless of encrypted traffic volumes or network bandwidth. The supervised and unsupervised machine learning algorithms establish behavioral baselines and detect anomalies indicating Advanced Persistent Threats (APTs), zero-day exploits, data exfiltration, insider threats, ransomware, and lateral movement. Deployment completes within hours rather than days or weeks, leveraging existing network devices like firewalls, routers, and secure web gateways as data sources.
Credentials and traction
Exeon states that Exeon.NDR helps customers meet NIS2 and ISO 27001 requirements and provides GDPR-compliant, metadata-only analytics with local data retention. Named customers include PostFinance, SWISS International Airlines, Swisscom, WinGD, Mobiliar, the University of St. Gallen, and Klinikum Dortmund, reflecting adoption among European financial, industrial, healthcare, and public-sector operators.
Key Capabilities
mapped to solution categoriesExtends network detection to cloud VPC traffic using VPC flow log analysis, cloud-native sensors, or mirroring, covering east-west traffic between cloud workloads.
Monitors lateral movement traffic between internal network segments and hosts, distinct from perimeter monitoring. Requires network tap or span port placement on internal switch infrastructure.
Detects threats in TLS-encrypted traffic using JA3/JA3S fingerprinting, certificate anomaly detection, and traffic behavioral analysis, without requiring decryption.
Builds per-device and per-application baselines of normal network communication patterns and detects deviations, enabling detection of novel C2 channels, data staging, and lateral movement.
Integrates with firewalls, NAC platforms, and switches to automatically block or quarantine hosts and traffic flows in response to confirmed detections, without requiring analyst-initiated action.
Performs deep packet inspection on industrial protocols (Modbus, DNP3, EtherNet/IP, PROFINET, IEC 61850, OPC-UA), for behavioral monitoring of OT environments alongside IT network analysis.
Uses an AI-based search assistant to accelerate threat hunting and surface actionable insights.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 28, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.