Security Stack Logo
Exeon.NDR logo

Network & Infrastructure Security

Exeon.NDR

Hardware-free network detection with metadata analysis for encrypted traffic visibility.

Network Detection and Response (NDR)

Exeon.NDR Overview

What it does

Exeon.NDR (formerly ExeonTrace until July 2025) is a software-based Network Detection and Response platform that monitors IT, OT, and cloud networks using metadata analysis and machine learning developed through over ten years of academic research at ETH Zürich. Founded in 2016 and based in Zürich, Switzerland, Exeon Analytics employs 45-50 people and has raised $5.36M in funding from Microsoft for Startups, Tenity, and others. The platform was recognized as one of Switzerland's top three high-tech companies at the Swiss Economic Forum 2021.

How it works

The platform's core differentiator is metadata-based analysis that requires no hardware sensors, software agents, or traffic mirroring infrastructure. By analyzing lightweight network logs (NetFlow, IPFIX, DNS, proxy logs, firewall data) exported from existing infrastructure, Exeon.NDR provides encryption-agnostic monitoring that remains effective regardless of encrypted traffic volumes or network bandwidth. The supervised and unsupervised machine learning algorithms establish behavioral baselines and detect anomalies indicating Advanced Persistent Threats (APTs), zero-day exploits, data exfiltration, insider threats, ransomware, and lateral movement. Deployment completes within hours rather than days or weeks, leveraging existing network devices like firewalls, routers, and secure web gateways as data sources.

Credentials and traction

Exeon states that Exeon.NDR helps customers meet NIS2 and ISO 27001 requirements and provides GDPR-compliant, metadata-only analytics with local data retention. Named customers include PostFinance, SWISS International Airlines, Swisscom, WinGD, Mobiliar, the University of St. Gallen, and Klinikum Dortmund, reflecting adoption among European financial, industrial, healthcare, and public-sector operators.

Key Capabilities

mapped to solution categories
Network Detection and Response (NDR)

Extends network detection to cloud VPC traffic using VPC flow log analysis, cloud-native sensors, or mirroring, covering east-west traffic between cloud workloads.

Monitors lateral movement traffic between internal network segments and hosts, distinct from perimeter monitoring. Requires network tap or span port placement on internal switch infrastructure.

Detects threats in TLS-encrypted traffic using JA3/JA3S fingerprinting, certificate anomaly detection, and traffic behavioral analysis, without requiring decryption.

Builds per-device and per-application baselines of normal network communication patterns and detects deviations, enabling detection of novel C2 channels, data staging, and lateral movement.

Integrates with firewalls, NAC platforms, and switches to automatically block or quarantine hosts and traffic flows in response to confirmed detections, without requiring analyst-initiated action.

Performs deep packet inspection on industrial protocols (Modbus, DNP3, EtherNet/IP, PROFINET, IEC 61850, OPC-UA), for behavioral monitoring of OT environments alongside IT network analysis.

Uses an AI-based search assistant to accelerate threat hunting and surface actionable insights.

Compliance

certifications
GDPRHIPAAISO 27001NIS2 Directive

Integrations

compatible tools
AWS (Amazon Web Services)Azure Security CenterCorelightEDR PlatformsElasticsearchFirewall SystemsGoogle Cloud PlatformIPS SystemsNetwork Infrastructure (Routers, Switches)Proxy ServersSecure Web GatewaysSIEM PlatformsSOAR PlatformsSplunkXDR Platforms

Implementation & support

Deployment model
Air-GappedCloudHybridOn-Premises
Pricing structure
SubscriptionUsage-based
Support channels
Email SupportTicketing Portal

Info last updated on May 28, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.