We have collected the most common questions from our +2300 customers. If you don’t find what you are looking for, feel free to contact us at [email protected].
Lumu’s Continuous Compromise Assessment™ is a patent-pending model that enables organizations to measure their unique compromise levels, using their own network metadata. This model allows you to identify when, where, and how your infrastructure is communicating with adversaries.
Your network metadata is the single source of truth regarding your organization’s level of compromise. That’s why Lumu systematically collects, normalizes, and analyzes a wide range of network metadata in real time, including DNS, NetFlow, proxy and firewall access logs, and spambox. These data sources allow us to understand the behavior of your network, which leads to conclusive evidence on your unique compromise level.
Depending on your tier, there are different methods for collecting metadata through the various IT environments from organizations of any size and complexity.
- On-premise & virtual appliances
- Cloud Collectors (Public and Private Clouds)
- Native agents for roaming devices and hybrid environments
- Custom API Collectors for SIEM, EDR, CLM
Lumu stores metadata for 2 years. This enables us to correlate events from the past to known IoCs
Lumu is recognized for its easy cloud-based deployment. Physical appliances are not required to collect network metadata.
Since Lumu’s Continuous Compromise Assessment™ only sees network metadata, and no traffic tapping is needed we do not see any confidential information like username, passwords, and the like. The information that we see are IPs, domains, and URLs. Lumu is not interested in knowing the content of communications, we focus only on detecting contacts that should not be happening in the first place. In any case, you can access Lumu’s Privacy Shield certification.
As Lumu is built to overcome the design issues and problems inherited from legacy solutions, data decryption is not part of what Lumu does. In contrast, Lumu analyzes network metadata only. This metadata typically does not require being decrypted. In addition, since Lumu is a cloud-based solution, the information analyzed is protected by PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2 y NIST 800-171, that helps our customers satisfy compliance requirements for virtually every regulatory agency around the globe. An analogy would be that to identify a terrorist, you wouldn’t need to know the contents of a letter written to a known terrorist leader, merely information written on the envelope.
Lumu’s Illumination Process™ uses extensive threat intelligence of known indicators of compromise (IoC) and anomalies of interest, we also apply proprietary AI, ML, and deep correlation analysis that allows us to conclude with speed and precision when, and where an adversary is threatening your organization.
We have partnerships with more than 80 threat intelligence providers, including a private alliance with Malware Patrol and VirusTotal. We also offer you the ability to Bring Your Own Threat Intelligence (BYOTI™), which we can ingest into Lumu’s Illumination Process.
Blocking spam is good, but analyzing it is better. Organizations are generally unaware of what email policies are blocking. By assessing what was in the Spambox, we can really understand who is trying to attack your organization, how they are trying to do so, and whether they are successful. In addition, you can go back to the network and see which attacks were not blocked by your email security tool.
Lumu and SIEMs are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.
Lumu and DNS Firewalls are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.
Lumu and EDRs are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.
Lumu and IDPS are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.
Lumu qualifies as an NTA as defined by Gartner, yet differs from most NTA solutions. Read this brief to understand how Lumu compares with other solutions in this segment, potentially working with, or replacing them.
Lumu fits perfectly into any cybersecurity stack. That’s why you have multiple options depending on the devices and tools you have already in place. Generally, the first step is to mitigate the compromise by not allowing the connection to the adversarial infrastructure that Lumu identified, and then eradicate the compromise on the affected asset that can be pinpointed with Lumu as well. In any case, you may find useful our incident response playbooks that offer a step-by-step guide and recommended actions.
Yes, Lumu can illuminate your compromise level no matter where your corporate devices are located. We also offer lightweight desktop agents that can be easily deployed so you can detect adversarial activity from remote devices.
Lumu Free offers a starting point for understanding your compromise level. Lumu Insights allows you to have granular visibility, pinpoint compromised devices, and have richer compromise context. Lumu Defender includes all the features offered by Lumu Insights and adds the ability to respond through automation.
To explore our offerings in greater detail, visit our Illumination options page.
We’d be sad to see you go but you may request an account cancellation by sending an email to [email protected]. Please note that cancellations are only accepted from the Admin role on the Lumu account. Also, please note that once the cancellation is executed, it cannot be reopened and your history cannot be retrieved.