Live Training | What's New in Lumu Defender

Already have an account? Sign in

Sign in

One Year of Lumu & Maltiverse – Threat Intelligence Evolved

One year after bringing Maltiverse into Lumu, we have integrated its threat intelligence into the Lumu platform. Today, thousands of security teams across the globe are benefiting from richer context, faster investigations and more effective security operations.
maltiverse

Table of Contents

When Maltiverse became part of Lumu in 2025, the vision driving us was incredibly clear: fuse our industry-leading threat intelligence engine with Lumu’s Continuous Compromise Assessment®. For those of us coming from the Maltiverse side, it wasn’t just about a corporate milestone, it was about answering a crucial operational question: How fast and effectively can we help organizations isolate and respond to threats?

Over the past year, we have worked across teams to integrate our technologies, engineering pipelines, and operations. Today, Maltiverse’s threat intelligence capabilities are a powerhouse fully integrated into the broader Lumu vision while Lumu’s real-world visibility makes Maltiverse threat intelligence even more robust. Together, we’ve built a global technology stack, delivering real, actionable innovation to our customers every single day.

Enhanced Threat Intelligence and Contextual Analysis

A threat indicator is only as useful as the context around it. Over the past year, we’ve enriched every IoC so it’s no longer an isolated data point but a gateway to the full picture: the threat actors that use it, the malware families it belongs to, the campaigns it appears in, and the reports that reference it. We’ve brought this together in a curated intelligence layer where indicators, adversaries, and malware are modeled as connected STIX objects and continuously enriched. The result: your analysts move from “I have a suspicious hash” to “I know what’s attacking, who’s behind it, and how” — without pivoting across a dozen tools.

The Lumu Threat Observatory

Launched in January 2026, the Lumu Threat Observatory serves as a real-time command center that filters out background noise of the global threat landscape

Instead of drowning in irrelevant intel, this platform allows you to focus on what actually matters by identifying whether an IoC is actively targeting your specific industry, region, or peers. It delivers this actionable clarity through four core pillars:

  • Live Attack Mapping: Tracks local and global attack flows over a rolling 60-minute window to identify active trends.
  • Sector-Specific Visibility: Pinpoints exactly what malware or threat actors are hitting your specific industry peers right now.
  • Instant Query Translation: Seamlessly turns dashboard filters into actionable search queries ready to deploy across your security stack.
  • Deep IoC Context: Uncovers the precise regions and industries currently being targeted by any individual IoC in our database.

New Integrations

In the past year, we’ve launched new Maltiverse integrations including Microsoft Defender, Splunk Cloud, and Imperva WAF. This ensures that the intelligence we curate automatically orchestrates blocklists and lookups across your entire security infrastructure without manual analyst intervention.

Maltiverse

Improved Investigation Workflows and MITRE ATT&CK Mapping

Over the past year, Lumu Maltiverse has upgraded investigation workflows by introducing MITRE ATT&CK mapping. The interface provides a snapshot of malware and threat actor groups observed over the last 30 days. This dashboard displays the top MITRE software applications and top threat actor groups ranked by total occurrences. Users can explore the full list of software and groups to track adversary data.

Smarter Prioritization

Security operations teams cannot afford to waste precious time chasing benign alerts. To address this, we have introduced features for more accurate prioritization and deeper enrichment of security incidents. By implementing the automated whitelisting of legitimate services (such as known content delivery networks (CDNs), search engines, and standard web bots) the platform intelligently filters out trusted traffic before it ever clutters an analyst’s queue. This sharp reduction in false positives ensures that your team can confidently ignore the everyday background noise and focus entirely on high-fidelity threats that require immediate remediation.

More to Come!

Our first year as a unified team has proven that combining Maltiverse’s deep threat repository with Lumu’s Continuous Compromise Assessment creates massive security synergy. By fully integrating our data pipelines, engineering teams, and global operations into a single vision, we have moved beyond just detection or feeds to provide a true, automated threat-informed defense for security operations worldwide.

Want to see Maltiverse in Action? Watch our Live product training on demand.

Ready to experience threat intelligence evolved? Create Your Free Account Today

Summarize this post


Your FREE compromise assessment is just a few clicks away

Share this post

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

RELATED POSTS

Join our pre-day 
workshop waitlist

By clicking “Submit Request” you agree to the Lumu Terms of Service and Privacy Policy.