Lumu Defender: Automating Threat Defense

Lumu Defender lets you feed Lumu's confirmed compromise instances into your existing cybersecurity stack for an automated response to cyber threats.
Lumu Defender

Table of Contents

We are firm believers that detecting compromises at speed is key to reducing the impact of cybercrime. However, detection means nothing if you’re not able to respond by mitigating and remediating those threats. Our customers have told us of their desire to better automate and orchestrate their defenses with Lumu’s confirmed compromise incidents. This closely aligns with our vision for improving cyberdefenses everywhere with Continuous Compromise Assessment®. Lumu Defender is the tier of Lumu offerings that completes this vision.

Closing the Feedback Loop

In control theory, there are two types of systems. In open-loop systems, the output does not affect the system. In closed-loop systems, the output of the system is fed back into the system to augment and perfect the system itself. Traditionally, cybersecurity functions as an open-loop system where additional tools, processes, and techniques are added to systems with no regard to how they affect the performance—and ultimately the output—of the system. This is one of the driving factors for why we see the cost of cybersecurity keep increasing, while the incidence rate of catastrophic compromises and associated breaches—far from decreasing—keeps increasing.

At Lumu, we believe it is of critical importance to gauge the output of the cybersecurity system—measured in individual compromise incidents and collectively as an organization’s level of compromise. This output must be used to measure the effectiveness of tools in the cybersecurity stack and to identify where further investment is needed. Lumu already offers the ability to see this information and use it to augment systems manually. With Lumu Defender, you can now adopt a more dynamic defense posture and automate the process of closing the feedback loop in your cybersecurity system with confirmed compromise incidents.

Where Defender Fits Among Lumu’s Offerings

Lumu Free offers a taste of Continuous Compromise Assessment through limited network metadata collection. Lumu Insights goes further by collecting more diverse sources of metadata and offering additional options for how that metadata is collected. It also includes a year’s worth of metadata storage. In both cases, all that metadata is correlated and analyzed using the Illumination Process® and delivers confirmed compromise incidents in the Lumu Portal. The addition of compromise context (playbooks, TTPs, and third-party resources expanding on the detected compromise) gives additional agency to SOCs when mitigating and remediating the threats detected by Lumu

Lumu Defender is a critical tier of the Continuous Compromise Assessment model, as it completes Lumu’s vision of closing the feedback loop in cybersecurity. A truly proficient cybersecurity operation requires collecting information on the cybersecurity architecture’s performance and using that information to continuously improve the system. Lumu already measures the output of the system: its level of compromise. Now, with Lumu Defender, you can augment the capabilities of current cybersecurity investments with confirmed compromise information.

Lumu Insights or Lumu Defender – Which Is Best for You?

Defender includes all the features offered by Lumu Insights, and adds the ability to integrate Lumu’s real-time analysis into responses. Sending the confirmed compromise instances collected by Lumu allows SOC teams to operationalize the concept of ‘block first, and investigate later.’ The SOC team will always be the ultimate decision maker. However, through automation, the threat actor’s window of opportunity can be drastically shortened, especially in cases where the attack occurs outside of normal working hours.

Lumu Defender Integrations

Lumu Defender comes with out-of-the-box and custom integrations. These integrations will allow you to send Lumu’s confirmed compromise instances via API to any third-party tool for automated mitigation and remediation. Custom integrations allow endless possibilities of integrations with blocking lists, firewalls, SIEMs, and far more. 

To get a feature-by-feature comparison of Lumu’s Continuous Compromise Assessment tiers, visit our plans and pricing page.

When you’re ready to start automating the power of Continuous Compromise Assessment in your defenses, contact us at [email protected] to upgrade to Lumu Defender.

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post



In the Spotlight: Maria Konnikova

Reading Time: 2 mins Maria Konnikova used decision-making strategies to become a poker champion. In this session, she shares the lessons poker holds for cybersecurity.


Introducing Lumu Academy

Reading Time: 2 mins Lumu Academy offers free cybersecurity courses on Lumu products. Get Lumu certification through our self-paced virtual courses.

Illumination Summit: Cybersecurity and Aviation

Illumination Summit Preview: Cybersecurity and Aviation

Reading Time: 2 mins Illumination Summits consult experts from diverse fields and explore the parallels between their fields and cybersecurity. Here are some of the insights you can expect from the latest Illumination Summit, focusing on cybersecurity and aviation.