Technical

Lumu Defender: Automating Threat Defense

Table of Contents

We are firm believers that detecting compromises at speed is key to reducing the impact of cybercrime. However, detection means nothing if you’re not able to respond by mitigating and remediating those threats. Our customers have told us of their desire to better automate and orchestrate their defenses with Lumu’s confirmed compromise incidents. This closely aligns with our vision for improving cyberdefenses everywhere with Continuous Compromise Assessment®. Lumu Defender is the tier of Lumu offerings that completes this vision.

Closing the Feedback Loop

In control theory, there are two types of systems. In open-loop systems, the output does not affect the system. In closed-loop systems, the output of the system is fed back into the system to augment and perfect the system itself. Traditionally, cybersecurity functions as an open-loop system where additional tools, processes, and techniques are added to systems with no regard to how they affect the performance—and ultimately the output—of the system. This is one of the driving factors for why we see the cost of cybersecurity keep increasing, while the incidence rate of catastrophic compromises and associated breaches—far from decreasing—keeps increasing.

At Lumu, we believe it is of critical importance to gauge the output of the cybersecurity system—measured in individual compromise incidents and collectively as an organization’s level of compromise. This output must be used to measure the effectiveness of tools in the cybersecurity stack and to identify where further investment is needed. Lumu already offers the ability to see this information and use it to augment systems manually. With Lumu Defender, you can now adopt a more dynamic defense posture and automate the process of closing the feedback loop in your cybersecurity system with confirmed compromise incidents.

Where Defender Fits Among Lumu’s Offerings

Lumu Free offers a taste of Continuous Compromise Assessment through limited network metadata collection. Lumu Insights goes further by collecting more diverse sources of metadata and offering additional options for how that metadata is collected. It also includes a year’s worth of metadata storage. In both cases, all that metadata is correlated and analyzed using the Illumination Process® and delivers confirmed compromise incidents in the Lumu Portal. The addition of compromise context (playbooks, TTPs, and third-party resources expanding on the detected compromise) gives additional agency to SOCs when mitigating and remediating the threats detected by Lumu

Lumu Defender is a critical tier of the Continuous Compromise Assessment model, as it completes Lumu’s vision of closing the feedback loop in cybersecurity. A truly proficient cybersecurity operation requires collecting information on the cybersecurity architecture’s performance and using that information to continuously improve the system. Lumu already measures the output of the system: its level of compromise. Now, with Lumu Defender, you can augment the capabilities of current cybersecurity investments with confirmed compromise information.

Lumu Insights or Lumu Defender – Which Is Best for You?

Defender includes all the features offered by Lumu Insights, and adds the ability to integrate Lumu’s real-time analysis into responses. Sending the confirmed compromise instances collected by Lumu allows SOC teams to operationalize the concept of ‘block first, and investigate later.’ The SOC team will always be the ultimate decision maker. However, through automation, the threat actor’s window of opportunity can be drastically shortened, especially in cases where the attack occurs outside of normal working hours.

Lumu Defender Integrations

Lumu Defender comes with out-of-the-box and custom integrations. These integrations will allow you to send Lumu’s confirmed compromise instances via API to any third-party tool for automated mitigation and remediation. Custom integrations allow endless possibilities of integrations with blocking lists, firewalls, SIEMs, and far more. 

To get a feature-by-feature comparison of Lumu’s Continuous Compromise Assessment tiers, visit our plans and pricing page.

When you’re ready to start automating the power of Continuous Compromise Assessment in your defenses, contact us at sales@lumu.io to upgrade to Lumu Defender.

Recent Posts

  • Blog

Lumu & the MSP Community: 2024 in Review

Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…

4 days ago
  • Blog

Reflecting on 2024: Lumu’s Innovations in SecOps

Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…

6 days ago
  • Attacks

Lumu’s Detection & Response to a Real-World DNS Tunneling Attack

Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…

1 week ago
  • Events

Cybersecurity Insights for MSPs: Lessons from IT Nation Connect 2024

Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…

4 weeks ago
  • Stories

Cybersecurity Trends 2025 and Beyond: Navigating AI-Driven Evasion Techniques and Autonomous Threats for Resilient Defense

Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…

1 month ago
  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

2 months ago