caplon network detection & response

Detect unusual behaviour and cyber attacks at an early stage before major damage is done

Attackers who have overcome signature-based protection mechanisms (Next Generation Firewall and IDS systems) are almost impossible to detect without suitable tools. They remain invisible for weeks and months. At the same time, undetected data exfiltration (outflow of sensitive data) or ransomware (blackmail) can cause considerable, irreversible damage with costs that cannot be estimated.

However: Attackers always leave traces. caplon© network detection & response provides your security & operation teams with valuable indications through innovative algorithms and machine learning processes in order to detect such anomalies at a very early stage of the attack and thus avoid consequential damage.

Transparency: overview of all processes taking place in the network

  • Visualisation of all communication relationships to detect unusual and unwanted communication
  • "Time-dependent" monitoring of communication relationships (e.g. remote maintenance access at night)
  • Detection of unusual services and shadow IT
  • Analysis of various metrics for different communication flows
  • Dynamic-adaptive detailed analysis: from flow overview view, to detailed network packet level view

Network Detection: Detection of unusual behaviour


  • Detection of zero-day exploits through behavioural analysis
  • Detection of attacks by internal perpetrators
  • Early detection of unusual system and user behaviour (e.g. unusually high number of requests)
  • Detection of (horizontal & vertical) port scans
  • Detection of command & control channels
  • Check against blacklists
  • Detection of data exfiltration/outflow

Response: Efficient investigation of security incidents

  • Permanent circumstantial evidence through continuous network recording ("the flight recorder for the network")
  • Access to all details of network packets for forensic analyses
  • Targeted shutdown of systems through information on the possible spread of malware 
  • Integration of information from other systems via open interfaces for a comprehensive overall picture
  • Low false positive rate

Advantages with caplon network & service monitoring

A tool for operation and security

  • Detection of technical faults and cyberattacks
  • Uniform view of the network for operation & security teams - "Breaking The Silos".
  • Can be combined with caplon© Network & Service Monitoring

Manageable solution

  • suitable for medium-sized companies and corporate groups: intuitive, user-friendly, controllable
  • Understandable alarms through explainable AI
  • Qualified support - technicians talk to technicians
  • Managed service on demand

Identify – Detect – Respond

  • can be used in 3 of 5 NIST action levels to reduce cyber security risks
  • Identification of all systems and communication flows
  • Detect zero day exploits through behavioural analysis
  • Provision of indications to take the right measure


  • caplon© meets 100% of the requirements for an anomaly detection system according to BSI CS 134
  • trustworthy solution - Made in Germany
  • complete development in Germany - minimized risk for supply chain attacks

Classification of the solution among the multitude of technological approaches.

  • DPI and flow-based behavioural analysis / NDR is an essential component for protecting the IT/OT infrastructure.
  • together with NG Firewalls/IDS systems and Endpoint-Protection (IT area) it offers the almost perfect protection

key advantages:

  • Detection of zero day exploits
  • detection of internal attacks
  • Usable results from day 1
  • manageable solution
  • one tool for operation and security teams


Your cookie settings

Technically necessary (essential) cookies

Information on the individual cookies

  • Show more

    Technically necessary (essential) cookies

    Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    Name fe_typo_user
    Purpose Secures anti-spam measures when using the contact form
    Expiration Session
    Type HTTP
    Name conCookieSettings
    Purpose Saves the consent to cookies
    Expiration 30 days
    Type HTTP
    Name mtm_consent_removed
    Purpose Used by Piwik Analytics Platform (matomo) to determine that the tracking has been contradicted
    Expiration 1 month
    Type HTTP
  • Show more


    Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

    Name matomo.php
    Purpose Records statistics about the user's visits to the website, such as the number of visits, average time spent on the website and which pages were read.
    Expiration Session
    Type HTTP
    Name _pk_id#
    Purpose Records statistics about user visits to the site, such as the number of visits, average time spent on the site and which pages were read.
    Expiration 1 year
    Type HTTP
    Name _pk_ses#
    Purpose Is used by the Piwik Analytics Platform (matomo) to track page requests of the visitor during the session.
    Expiration 1 day
    Type HTTP
    Name _pk_testcookie..undefined
    Purpose Is used by Piwik Analytics Platform (matomo) to check whether the browser used supports cookies.
    Expiration Session
    Type HTTP
    Name _pk_testcookie.#
    Purpose Is used by Piwik Analytics Platform (matomo) to check whether the browser used supports cookies.
    Expiration Session
    Type HTTP