Lumu and Fortinet Simplify Incident Response Automation

As a partner in Fortinet’s Fabric-Ready Partner Program, Lumu delivers automated attack detection and response across the network. See how to integrate Lumu Defender with Fortinet's FortiGate NGFW.
lumu and fortinet

Table of Contents

Lumu’s integration ecosystem is constantly expanding to better align with each customer’s unique cybersecurity ecosystem. Lumu and Fortinet have partnered up to deliver an industry-leading security solution to address the pervasive threats inside networks. For those who use Fortinet’s FortiGate NGFW, it’s now easier than ever to automate response to malicious activity discovered across your network. 

Lumu and Fortinet’s Partnership

As a Technology Alliance Partner in Fortinet’s Fabric-Ready Partner Program, Lumu delivers automated attack detection and response across the network.

Fortinet’s FortiGate NGFW and Lumu enable efficient cybersecurity operations through an integrated solution for network detection and response. Lumu continuously collects network metadata from various sources, including Fortinet. When malicious activity is discovered during the data collection process, Lumu triggers an alert to FortiGate NGFW for real-time attack response.

The out-of-the-box integration between Lumu and Fortinet allows for a simplistic approach to blocking adversarial activity with just a few clicks. 

Here’s How It Works

Integrations can be configured from within the Lumu Customer Portal by selecting your desired vendor and clicking on ‘Activate’.

From here you can add the threat types you’d like blocked by Fortinet.

At this point, you’ll be given configuration keys to block domains, URLs, and IP addresses. These will be added to configure threat feeds within Fortinet’s environment.

3 fortinet and lumu

From here you’ll access your FortiGate Firewall environment with admin access to begin the configurations by adding new external collectors. Once you’re there you’ll create a new threat feed to block the domains and URLs with that first link provided from the Lumu portal.

Select OK and at this point, your threat feed for domains and URLs from Lumu has been properly configured. 

Next, you’ll configure a separate threat feed to block malicious IP addresses.

5 fortinet and lumu

As with the first threat feed, you’ll enter all of the information, including the key provided in the Lumu portal, and select OK. Now, these threat feeds are ready to be added to web filters and firewall policies accordingly.

First, we will add the URLs and domains to be blocked by creating or editing a new web filter and firewall policy.

6 fortinet and lumu
7 fortinet and lumu

Next, you will create a new firewall policy to block IP addresses from the Lumu IP threat feed.

8 fortinet and lumu

Now all malicious domains, URLs, and IPs discovered by Lumu will be automatically blocked by your FortiGate NGFW. 

See how it works first-hand through this step-by-step demo video. To learn more about the partnership between Lumu and Fortinet, you can access the Solution Brief here. 

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post

RELATED POSTS

Is Your SIEM a Bad Habit?
Technical

Is Your SIEM a Bad Habit?

Reading Time: 4 minsVeteran Cybersecurity Operator at Lumu Andrés Argüelles looks at using Lumu with your SIEM to get the most out of both platforms.

Join our pre-day 
workshop waitlist

  • By clicking “Submit Request” you agree to the Lumu Terms of Service and Privacy Policy.