Exeon.NDR

Exeon.NDR (formerly ExeonTrace until July 2025) is a software-based Network Detection and Response platform that monitors IT, OT, and cloud networks using metadata analysis and machine learning developed through over ten years of academic research at ETH Zürich. Founded in 2016 and based in Zürich, Switzerland, Exeon Analytics employs 45-50 people and has raised $5.36M in funding from Microsoft for Startups, Tenity, and others. The platform was recognized as one of Switzerland's top three high-tech companies at the Swiss Economic Forum 2021.

The platform's core differentiator is metadata-based analysis that requires no hardware sensors, software agents, or traffic mirroring infrastructure. By analyzing lightweight network logs (NetFlow, IPFIX, DNS, proxy logs, firewall data) exported from existing infrastructure, Exeon.NDR provides encryption-agnostic monitoring that remains effective regardless of encrypted traffic volumes or network bandwidth. The supervised and unsupervised machine learning algorithms establish behavioral baselines and detect anomalies indicating Advanced Persistent Threats (APTs), zero-day exploits, data exfiltration, insider threats, ransomware, and lateral movement. Deployment completes within hours rather than days or weeks, leveraging existing network devices like firewalls, routers, and secure web gateways as data sources.

Exeon.NDR provides unified visibility across distributed IT, cloud (AWS, Azure, Google Cloud), and OT environments through a centralized management interface, preventing attackers from moving undetected between environments. The platform integrates with existing security ecosystems including SIEM, SOAR, EDR, XDR, and IPS solutions via REST APIs. Swiss data sovereignty and privacy-first architecture enable flexible deployment (on-premises, private cloud, public cloud tenant) with full data control. Customers include PostFinance, SWISS Airlines, V-Zug, 3 Banken IT, WIN GD, University of Bern, and logistics group Planzer. Pricing is subscription-based, tailored to analysis requirements and number of active internal IP addresses monitored.