At Lumu, we believe it is of critical importance to gauge the output of the cybersecurity system—measured in individual compromise incidents and collectively as an organization’s level of compromise. This output must be used to measure the effectiveness of tools in the cybersecurity stack and to identify where further investment is needed. Lumu already offers the ability to see this information and use it to augment systems manually. With Lumu Defender, you can now adopt a more dynamic defense posture and automate the process of closing the feedback loop in your cybersecurity system with confirmed compromise incidents.
Where Defender Fits Among Lumu’s Offerings
Lumu Free offers a taste of Continuous Compromise Assessment through limited network metadata collection. Lumu Insights goes further by collecting more diverse sources of metadata and offering additional options for how that metadata is collected. It also includes a year’s worth of metadata storage. In both cases, all that metadata is correlated and analyzed using the Illumination Process® and delivers confirmed compromise incidents in the Lumu Portal. The addition of compromise context (playbooks, TTPs, and third-party resources expanding on the detected compromise) gives additional agency to SOCs when mitigating and remediating the threats detected by Lumu
Lumu Defender is a critical tier of the Continuous Compromise Assessment model, as it completes Lumu’s vision of closing the feedback loop in cybersecurity. A truly proficient cybersecurity operation requires collecting information on the cybersecurity architecture’s performance and using that information to continuously improve the system. Lumu already measures the output of the system: its level of compromise. Now, with Lumu Defender, you can augment the capabilities of current cybersecurity investments with confirmed compromise information.
Lumu Insights or Lumu Defender – Which Is Best for You?
Defender includes all the features offered by Lumu Insights, and adds the ability to integrate Lumu’s real-time analysis into responses. Sending the confirmed compromise instances collected by Lumu allows SOC teams to operationalize the concept of ‘block first, and investigate later.’ The SOC team will always be the ultimate decision maker. However, through automation, the threat actor’s window of opportunity can be drastically shortened, especially in cases where the attack occurs outside of normal working hours.
Lumu Defender Integrations
Lumu Defender comes with out-of-the-box and custom integrations. These integrations will allow you to send Lumu’s confirmed compromise instances via API to any third-party tool for automated mitigation and remediation. Custom integrations allow endless possibilities of integrations with blocking lists, firewalls, SIEMs, and far more.
To get a feature-by-feature comparison of Lumu’s Continuous Compromise Assessment tiers, visit our plans and pricing page.
When you’re ready to start automating the power of Continuous Compromise Assessment in your defenses, contact us at sales@lumu.io to upgrade to Lumu Defender.