Exeon.NDR
Hardware-free network detection with metadata analysis for encrypted traffic visibility.
Vendor Information
Exeon.NDR Overview
Exeon.NDR (formerly ExeonTrace until July 2025) is a software-based Network Detection and Response platform that monitors IT, OT, and cloud networks using metadata analysis and machine learning developed through over ten years of academic research at ETH Zürich. Founded in 2016 and based in Zürich, Switzerland, Exeon Analytics employs 45-50 people and has raised $5.36M in funding from Microsoft for Startups, Tenity, and others. The platform was recognized as one of Switzerland's top three high-tech companies at the Swiss Economic Forum 2021.
The platform's core differentiator is metadata-based analysis that requires no hardware sensors, software agents, or traffic mirroring infrastructure. By analyzing lightweight network logs (NetFlow, IPFIX, DNS, proxy logs, firewall data) exported from existing infrastructure, Exeon.NDR provides encryption-agnostic monitoring that remains effective regardless of encrypted traffic volumes or network bandwidth. The supervised and unsupervised machine learning algorithms establish behavioral baselines and detect anomalies indicating Advanced Persistent Threats (APTs), zero-day exploits, data exfiltration, insider threats, ransomware, and lateral movement. Deployment completes within hours rather than days or weeks, leveraging existing network devices like firewalls, routers, and secure web gateways as data sources.
Exeon.NDR provides unified visibility across distributed IT, cloud (AWS, Azure, Google Cloud), and OT environments through a centralized management interface, preventing attackers from moving undetected between environments. The platform integrates with existing security ecosystems including SIEM, SOAR, EDR, XDR, and IPS solutions via REST APIs. Swiss data sovereignty and privacy-first architecture enable flexible deployment (on-premises, private cloud, public cloud tenant) with full data control. Customers include PostFinance, SWISS Airlines, V-Zug, 3 Banken IT, WIN GD, University of Bern, and logistics group Planzer. Pricing is subscription-based, tailored to analysis requirements and number of active internal IP addresses monitored.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Extends network detection to cloud VPC traffic using VPC flow log analysis, cloud-native sensors, or mirroring, covering east-west traffic between cloud workloads.
Forwards enriched alerts with full session metadata, PCAP context, and network topology to SIEM platforms in CEF, LEEF, or native API formats.
Monitors lateral movement traffic between internal network segments and hosts, distinct from perimeter monitoring. Requires network tap or span port placement on internal switch infrastructure.
Detects threats in TLS-encrypted traffic using JA3/JA3S fingerprinting, certificate anomaly detection, and traffic behavioral analysis, without requiring decryption.
Builds per-device and per-application baselines of normal network communication patterns and detects deviations, enabling detection of novel C2 channels, data staging, and lateral movement.
Integrates with firewalls, NAC platforms, and switches to automatically block or quarantine hosts and traffic flows in response to confirmed detections, without requiring analyst-initiated action.
Integrations
Compatible tools and platforms
Solution Details
Compliance & Certifications
Regulatory frameworks and security certifications
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile