Frequently Asked Questions

You have questions and we have answers. This is all you need to know about Lumu. If you don’t find what you are looking for, feel free to contact us at questions@lumu.io.

Lumu’s Continuous Compromise Assessment is a patent-pending model that enables organizations to measure their unique compromise levels, using their own network metadata. This model allows you to identify devices that are in communication with adversaries.

We systematically collect, normalize, and analyze a wide range of network metadata, including DNS, Netflows, Proxy and Firewall Access Logs, and Spambox. The level of visibility that only these data sources provide, allows us to understand the behavior of your enterprise network, which leads to conclusive evidence on your unique compromise levels.

On Lumu Free you may use Lumu’s public DNS as forwarders in your internal DNS Servers. On Lumu Insights, we rely on virtual appliances, cloud collectors, and agents to cover your hybrid environments.

We store network metadata for 45 days for Lumu Free and 2 years on Lumu Insights.

It is very easy. First, open an account and simply create a gateway on the portal. Use Lumu DNS as the forwarders of your internal DNS server. That’s it. In less than 5 minutes, you can start seeing compromises. You may also watch this short video and access this Quick Start Guide.

Including Lumu in your daily work is easy. We invite you to read this blog and watch this video.

We do not. Lumu Insights uses virtual appliances that allow your organization to collect the network metadata of your entire enterprise in an easy way.

We only see network metadata, which means that we do not see any confidential information like username, passwords, and the like. The information that we see are IPs, domains, and URLs. In order to execute under Continuous Compromise Assessment, we do not need to know the content of the communication between your company and the infrastructure of the adversary. We only need to know that there is a communication that should not be happening in the first place.

We have Privacy Shield certification that can be viewed here.

Our Illumination Process™ uses extensive threat intelligence of known and confirmed compromises. We also apply proprietary AI, ML, and deep correlation analysis that allows us to conclude when there is a compromise within the organization.

We have partnerships with more than 70 leading threat intelligence providers. We also offer you the ability to Bring Your Own Threat Intelligence (BYOTI™), which we can ingest into Lumu’s Illumination Process.

Blocking spam is good, but analyzing it is better, because you can discover who is targeting your organization, how they are doing it, and how successful they are.

Lumu and SIEMs are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.

Lumu and DNS Firewalls are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.

Lumu and EDRs are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have. 

Lumu and IDPS are different technologies, designed with different purposes in mind. We designed this brief to clarify any questions you may have.

Lumu qualifies as an NTA as defined by Gartner, yet differs from most NTA solutions. Read this brief to understand how Lumu compares with other solutions in this segment, potentially working with, or replacing them.

Depending on your cyberdefense, you have multiple options. Generally, the first step is to mitigate the compromise by not allowing the connection to the adversarial infrastructure that Lumu identified and then eliminate the compromise on the affected asset. You may find useful our incident response playbooks that offer a step-by-step guide and recommended actions.

Yes, we have available Lumu Agents that have been designed for that purpose. The Lumu Agent can be easily deployed so your security team can monitor remote devices’ compromise levels no matter where they are.

Lumu Free offers limited visibility of confirmed IOCs, only DNS ingestion, and 45-day data retention. 

Lumu Insights offers detailed visibility into confirmed IoCs, network traffic grouping and drill-down capabilities, automatic and real-time ingestion of extensive metadata sources: DNS, netflows, access logs, and spam box, unlimited Virtual Appliance data-collectors, up to 2 years of data retention, the ability to ingest existing threat intelligence (BYOTI), sophisticated attack pattern recognition, and flexible reporting capabilities as well as Playback(™).

We’d be sad to see you go but you may request an account cancellation by sending an email to support@lumu.io. Please note that cancellations are only accepted from the Admin role on the Lumu account. Also, please note that once the cancellation is executed, it cannot be reopened and your history cannot be retrieved.

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email