Frequently Asked Questions

We have collected the most common questions from all our customers.

If you don’t find what you are looking for, feel free to contact us at [email protected].

How it Works

What is the source of Lumu’s threat intelligence?

We have partnerships with more than 80 threat intelligence providers, including a private alliance with Malware Patrol and VirusTotal. We also offer you the ability to Bring Your Own Threat Intelligence (BYOTI™), which we can ingest into Lumu’s Illumination Process.

How do you know what is (and isn’t) an incident?

Lumu’s Illumination Process™ uses extensive threat intelligence of known indicators of compromise (IoC) and anomalies of interest, we also apply proprietary AI, ML, and deep correlation analysis that allows us to conclude with speed and precision when, and where an adversary is threatening your organization.

How long is my network metadata stored?

Lumu stores metadata for 2 years. This enables us to correlate events from the past to known IoCs

How is my network metadata collected?

Depending on your tier, there are different methods for collecting metadata through the various IT environments from organizations of any size and complexity.

  • On-premise & virtual appliances
  • Cloud Collectors (Public and Private Clouds)
  • Native agents for roaming devices and hybrid environments
  • Custom API Collectors for SIEM, EDR, CLM

How does Lumu measure compromise in real time?

Your network metadata is the single source of truth regarding your organization’s level of compromise. That’s why Lumu systematically collects, normalizes, and analyzes a wide range of network metadata in real time, including DNS, NetFlow, proxy and firewall access logs, and spambox. These data sources allow us to understand the behavior of your network, which leads to conclusive evidence on your unique compromise level.

About Lumu

Why do you collect Email?

Blocking spam is good, but analyzing it is better. Organizations are generally unaware of what email policies are blocking. By assessing what was in the Email, we can really understand who is trying to attack your organization, how they are trying to do so, and whether they are successful. In addition, you can go back to the network and see which attacks were not blocked by your email security tool.

Is Lumu a Network Traffic Analysis (NTA) tool?

Lumu qualifies as an NTA as defined by Gartner, yet differs from most NTA solutions. Read this brief to understand how Lumu compares with other solutions in this segment, potentially working with, or replacing them.

Is Lumu similar to an IDPS?

Lumu and IDPS are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.

Is Lumu similar to an EDR?

Lumu and EDRs are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.

Is Lumu similar to a DNS Firewall?

Lumu and DNS Firewalls are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.

Is Lumu similar to a SIEM?

Lumu and SIEMs are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.

Configuring and Using Lumu

How do you know what is (and isn’t) an incident?

Lumu’s Illumination Process™ uses extensive threat intelligence of known indicators of compromise (IoC) and anomalies of interest, we also apply proprietary AI, ML, and deep correlation analysis that allows us to conclude with speed and precision when, and where an adversary is threatening your organization.

Most of my users are working remotely, can Lumu detect compromises on roaming devices?

Yes, Lumu can illuminate your compromise level no matter where your corporate devices are located. We also offer lightweight desktop agents that can be easily deployed so you can detect adversarial activity from remote devices.

What should I do when Lumu notifies me with an incident alert?

Lumu fits perfectly into any cybersecurity stack. That’s why you have multiple options depending on the devices and tools you have already in place. Generally, the first step is to mitigate the compromise by not allowing the connection to the adversarial infrastructure that Lumu identified, and then eradicate the compromise on the affected asset that can be pinpointed with Lumu as well. In any case, you may find useful our incident response playbooks that offer a step-by-step guide and recommended actions.

How do I configure Lumu?

Lumu makes it easy. First, open an account, then click through our intuitive interface which will guide you in activating the collector(s) that best suit the needs of r your organization’s unique infrastructure. . You may also  access this Quick Start Guide.

Does Lumu require physical appliances?

Lumu is recognized for its easy cloud-based deployment. Physical appliances are not required to collect network metadata.

Lumu Account

How can I cancel my account?

We’d be sad to see you go but you may request an account cancellation by sending an email to [email protected]. Please note that cancellations are only accepted from the Admin role on the Lumu account. Also, please note that once the cancellation is executed, it cannot be reopened and your history cannot be retrieved.

What is the difference between Lumu’s tiers?

Lumu Free offers a starting point for understanding your compromise level. Lumu Insights allows you to have granular visibility, pinpoint compromised devices, and have richer compromise context. Lumu Defender includes all the features offered by Lumu Insights and adds the ability to respond through automation.

To explore our offerings in greater detail, visit our Illumination options page.

Privacy

Is Lumu SOC2 Type II Compliant?

Yes, Lumu is SOC 2 Type II Compliant.

Do I have to worry about Lumu decrypting my data?

As Lumu is built to overcome the design issues and problems inherited from legacy solutions, data decryption is not part of what Lumu does. In contrast, Lumu analyzes network metadata only. This metadata typically does not require being decrypted. In addition, since Lumu is a cloud-based solution, the information analyzed is protected by PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2 y NIST 800-171, that helps our customers satisfy compliance requirements for virtually every regulatory agency around the globe. An analogy would be that to identify a terrorist, you wouldn’t need to know the contents of a letter written to a known terrorist leader, merely information written on the envelope.

I am worried about privacy. Is Lumu able to see all the data that goes through my network?

Since Lumu’s Continuous Compromise Assessment™ only sees network metadata, and no traffic tapping is needed we do not see any confidential information like username, passwords, and the like. The information that we see are IPs, domains, and URLs. Lumu is not interested in knowing the content of communications, we focus only on detecting contacts that should not be happening in the first place. In any case, you can access Lumu’s Privacy Shield certification.

Pricing

What if I want to cancel my subscription?

We’d be sad to see you go but you may request an account cancellation by sending an email to [email protected]. Please note that cancellations are only accepted from the Admin role within the Lumu account. Also, please note that once the cancellation is executed it cannot be reopened and your historical data cannot be retrieved.

What is the difference between Lumu’s tiers?

Lumu Free offers a starting point for understanding your compromise level. Lumu Insights allows you to have granular visibility, pinpoint compromised devices, and have richer compromise context. Lumu Defender includes all the features offered by Lumu Insights with the ability to respond and block threats through automation.

Do I need to enter my credit card to sign up?

If you’re planning on purchasing Lumu Insights or Defender tiers online we will forward you to our online payment platform that will request payment details including a credit card number. You don’t need a credit card for Lumu Free.

What’s the difference between monthly and annual plans?

Customers on annual plans prepay monthly tracked users for the entire year and receive a discount for their commitment. The annual plan allows you to purchase assets at a lower rate.

What’s an asset?

Any device connected to the network or monitored by Lumu. This includes laptops, servers, cloud environments, IP cameras and IOTs.

What happens after I enter my information and pay online?

After you pay, we will process the payment and update your account settings according to the subscription selected (this can take up to an hour). Once everything is processed you’ll hear from a Lumu representative who can help guide you through the implementation process as needed.

Your FREE compromise assessment is just a few clicks away