In this episode of Discovering Disruptions with Tech, host Howard Holton interviews Ricardo Villadiego, the founder and CEO of Lumu Technologies, at the RSA conference. Villadiego emphasizes that a compromised network behaves differently than a secure one, urging organizations to prioritize listening to network signals as a primary source of truth. He highlights a concerning trend where adversaries are increasingly bypassing traditional security controls like EDR, perimeter defenses, and email security, making the network the ultimate landing ground for attacks.
The discussion delves into the industry’s tendency to focus on new marketing acronyms and buzzwords rather than solving fundamental security problems. Villadiego explains that Lumo Technologies helps organizations increase their resilience by using existing network metadata to identify and automatically neutralize unauthorized communications with malicious infrastructure. By leveraging a company’s existing security stack to automate responses, Lumo aims to provide a simple yet effective way to operate cybersecurity proficiently and improve return on investment for established controls.
Takeaways
- Full Automation of Security Operations: Lumu automates monitoring, detection, and blocking, significantly reducing the human interaction required to manage network security tasks.
- The Network as the ‘Source of Truth’: Because defensive layers like EDR and firewalls can be bypassed, the network is the ultimate indicator of compromise; a compromised network behaves differently and reveals the adversary’s presence.
- Addressing Defensive Bypasses: There is an alarming trend of attackers bypassing EDR, perimeter, and email security. When these controls fail, the adversary lands in the network, making network-level monitoring vital.
- Near-Instant Response Time: In demonstrated incidents, the platform has shown the ability to alert a firewall and implement a block within one second of detecting malware like Cobalt Strike.
- Product-Led Accessibility: Lumu offers a ‘Free Forever’ tier that allows any organization to start collecting metadata and understanding its compromise level without upfront financial commitment.
