Table of Contents
As we look back on this year, one thing is clear. SecOps is changing faster than ever and Lumu is leading the transformation in how companies are operating cybersecurity. Our mission remains the same. Help every organization operate cybersecurity with simplicity, and confidence by giving them a platform that adapts to the realities of modern threats.
This year we strengthened our commitment to proactive security. We accelerated automation, unified SecOps workflows, and brought even more context to every decision security teams make. Everything we launched was driven by one goal. Make cybersecurity accessible to everyone for every team, regardless of size, maturity, or environment.
The Lumu SecOps Platform
This year began with the launch of the Lumu SecOps Platform. Organizations no longer want vendor lock-in. They demand interoperability, open architectures, and the flexibility to integrate the best solutions that fit their needs. They want a unified space to run SecOps from end to end.
Responding to this need, we developed our platform into a single environment where teams can assess exposure, detect compromise, investigate incidents, orchestrate response, and measure progress.
The SecOps Platform reflects how cybersecurity is truly operated today. It brings Defender, Discover, Maltiverse, Autopilot, Archive, in one unified experience.
Lumu Defender: Even More Powerful Detection and Response and Threat Intelligence
Defender grew significantly this year with updates that strengthen data collection, deepen visibility, and enhance incident context. Here are a just a few of the many notable additions to the Defender experience:
Cloud Network Threat Visibility and Response
All current Lumu Defender clients have the ability to deploy cloud network threat visibility through Lumu. Integrating directly with AWS, Azure, GCP, and Kubernetes, Lumu brings all cloud network metadata under one pane of glass, allowing teams to detect cloud-native threats and respond in real time without the complexity of traditional NDR.
The New AI Filter
Lumu Defender introduced an AI filter, allowing customers to search for what they need using natural language to quickly filter incidents.
Expanded Collection Capabilities
We introduced the Lumu Hardware Appliance (LHA) for organizations that require on-premise data collection. The LHA supports multiple deployment options to fit diverse infrastructures and handles a wide range of network throughput and metadata ingestion needs, including deep packet inspection (DPI) when required.
Chrome OS Agent
We also launched our ChromeOS agent, making Lumu the only NDR with native ChromeOS data collection. These devices dominate K-12 and are quickly expanding into healthcare, retail, and contact centers.
Richer Incident Context Powered by Maltiverse
Every incident now includes deeper threat intelligence, reputation details, related malicious activity, and insights that accelerate triage.
Lumu Archive
We launched Archive, our approach to long-term network traffic logs. Archive gives customers the ability to store network logs for analysis, compliance, and investigations without the cost and complexity of traditional SIEM storage. This is one of the most important additions to Defender because it ensures organizations always have the historical context needed to answer critical questions quickly.
Maltiverse Joined the Lumu Family
This year, we also welcomed Maltiverse to Lumu. This acquisition was designed to strengthen the depth and accuracy of our threat context and to make world-class threat intelligence accessible to every customer.
Since joining Lumu, Maltiverse has delivered several important enhancements.
- Industry and Regional Threat Context
Customers can now see how threats are affecting their environment compared to global, regional, and industry-specific activity.
- Enhanced Threat Analyzer
Threat data is analyzed with more precision and enriched with contextual details that accelerate decision-making.
- Redesigned IoC Views
A clearer, more intuitive representation of indicators, reputation, and malicious behavior.
- New MITRE ATT&CK Dashboard
A streamlined view of adversarial tactics and techniques mapped to real activity seen across the Lumu community.
Maltiverse has already elevated every part of the platform. It enriches incidents, improves prioritization, and sharpens the accuracy of our detections.
The Launch of Lumu Discover
Another major milestone in 2025 was the launch of Lumu Discover, our external attack surface assessment offering. We built Discover because organizations needed a simple and continuous way to understand what they expose to the internet and how that exposure could be leveraged by an attacker. Shadow IT, forgotten assets, abandoned domains, and misconfigurations all create blind spots and Discover helps bring them into the light.
Discover incidents are fully integrated into the Defender experience. When Discover identifies exposed services or risky configurations, customers can immediately see how these issues relate to their internal compromise activity. This creates a complete picture before attackers can take advantage of gaps.
SaaS Attack Surface Mapping
Since its launch, Discover has added many new features like a SaaS application mapping tool which shows exposure of compromised endpoints.
Maltiverse Threat Intelligence
Incidents in Lumu Discover were enriched with Maltiverse threat intelligence, providing deeper context and understanding into the risk associated with threats discovered across the attack surface.
Smarter Escalations and Clearer Remediation with Autopilot
As customers rely on autonomous tools more than ever, we continued strengthening Autopilot with updates that help teams stay focused on strategic response and informed remediation.
Smarter Context for Escalated and Closed Incidents
Autopilot now enriches escalations with more detail, correlates activity over time, and suggests steps for mitigation.
Natural Language Threat Summaries
Incidents are easier to understand with plain-language descriptions of what happened and why it matters.
Step-by-Step Remediation Guidance
Teams receive clear recommended actions so they can resolve issues consistently.
Environment-Driven Actions
Autopilot adapts its behavior based on what it observes in each environment, improving accuracy and reducing noise.
New Integrations
Strengthening Each Customer’s Ecosystem
We continued expanding our integration library to make sure Lumu works wherever our customers operate. This year we introduced integrations across data collection, incident response, and SecOps.
Data Collection
Incident Response
The Next Generation of Continuous Compromise Assessment®
This year we also began laying the foundation for the next generation of Continuous Compromise Assessment®. While the full evolution is still in progress, we introduced new incident types that represent the beginning of what will continue to grow significantly next year.- Unusual Login Incidents Designed to detect behavior that deviates from established identity patterns.
- Network Brute Force Incidents Created to identify attempts to break into services through repeated authentication failures.
Industry Recognition
Lumu was recognized by industry leaders this year, including validation from the World Economic Forum, GigaOm, EMA, and coverage of our work at major events like the RSA Conference and IT Nation.
These recognitions reflect the impact of our product vision and the value we continue to deliver to customers.
The Road Ahead
This year strengthened our belief that SecOps can be simpler, more consistent, and more powerful when the right data, context, and automation come together. Everything we delivered was built to help organizations operate cybersecurity more effectively and with greater clarity.
As we move into next year, we will continue evolving our platform, expanding our visibility and bringing even more intelligence into every part of SecOps. We are excited for what’s ahead and grateful for the customers and partners who continue to shape the future of Lumu with us.
