Lumu’s Illumination Process is the core enabler of Continuous Compromise Assessment, utilizing patent-pending technology to maximize the use of network metadata. The process begins by collecting metadata in real-time and correlating it against known Indicators of Compromise (IOCs) gathered from public, private, and organizational sources. If a match occurs, a confirmed compromise is registered immediately. Residual metadata is then processed by an artificial intelligence engine to flag unusual traffic patterns and other network anomalies, creating a list of anomalies of interest.
Instead of simply tasking security analysts with verifying these anomalies, Lumu employs a Deep Correlation process that measures the technical distance between anomalies and known compromises, filtering out false positives to present only high-probability threats. The remaining unmatched metadata is stored for up to two years. This allows Lumu to use a proprietary playback feature to continuously check historical data against newly discovered IOCs, offering robust protection against zero-day attacks and emerging threats.
Takeaways
- Lumu’s Illumination Process uses patent-pending technology to identify network compromises via metadata.
- Metadata is collected in real-time and correlated against known IOCs from public and private sources.
- An AI engine ingests residual metadata to flag unusual traffic patterns and create anomalies of interest.
- Deep correlation measures the technical distance between anomalies and known compromises to reduce false positives.
- Unmatched metadata is stored for up to two years for playback analysis against newly discovered IOCs.
