In this training session, the focus was on threat hunting using Lumu, with insights shared by Jeff Wheat, the Chief Technology Officer. The session covered the basics of threat hunting, including the steps involved and how Lumu can be leveraged to enhance threat detection and response. Jeff provided practical examples and shared his experiences in threat hunting.
The session also highlighted the importance of visibility in threat hunting and how Lumu’s features, such as playback and integration with other tools, can aid in identifying and mitigating threats. Participants were encouraged to engage with the platform to improve their threat hunting capabilities.
Takeaways
- Lumu automates the threat hunting lifecycle, reducing standard investigation times from ten minutes to under sixty seconds.
- The Playback feature allows recursive analysis up to two years back to identify historical contacts with newly discovered malicious indicators.
- Business relevance labeling helps security teams prioritize ‘crown jewel’ assets and high-impact incidents during the triage process.
- Compromise Radar distinguishes between automated machine activity and more dangerous asymmetric human interactions within the network.
- Agentless collection via virtual machines ensures visibility into gaps like IoT, medical devices, and proprietary SCADA systems.
FAQs
What is the main purpose of threat hunting?
Threat hunting aims to detect threats that have bypassed existing security measures.
How does Lumu enhance threat hunting?
Lumu automates threat hunting, reducing investigation time and providing visibility into network activity.
What is the Playback feature in Lumu?
The Playback feature allows retrospective threat hunting by identifying past threats that were previously undetected.
How does Lumu integrate with Microsoft Defender?
Lumu integrates with Microsoft Defender to automate threat response and enhance security for small businesses.
What strategic insights does Lumu provide?
Lumu offers insights into threat techniques and patterns, helping organizations understand and mitigate potential threats.
