Lumu for Threat Hunting will enhance threat hunting efficiencies and practices for cybersecurity professionals
Miami, FL – August 1, 2023 – Lumu, the creators of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real time, will debut Lumu for Threat Hunting at the Black Hat USA 2023. Lumu for Threat Hunting goes a step further than traditional cybersecurity tools by using automation to continuously monitor networks and point out unusual activity. When something out of the ordinary is detected, an incident is created and automatically triggers the hunt.
“Defensive technologies rely on rules, heuristics and outliers to find threat actors but these technologies lack one essential component that is essential to the threat hunting practice: the creativity of the practitioners defending networks,” said Ricardo Villadiego, founder and CEO of Lumu. “Effective threat hunting requires the foresight of humans and the tools have to amplify what humans are capable of. Our new capabilities help threat hunters do their job better by finding attacks that circumvent detection capabilities in cybersecurity products and managed security services.”
Effective threat hunting requires the fusion of human intelligence, creativity and foresight with the speed, scale and efficiency provided by advanced technological tools. This combination empowers organizations to detect and respond to threats more efficiently and proactively, ultimately reducing the potential impact of cyberattacks. Lumu for Threat Hunting will assist threat hunters in the following ways:
- Incidents: Provides coordinates and information from endpoints to trigger your threat hunting exercise
- Playback: Lumu stores two years of metadata and compares prior metadata with new threat intelligence to defend against zero-day threats and emerging attacks
- Global Mitre Matrix: Gives a detailed view of the tactics and techniques attackers are using to target your organization to prioritize threat hunting and red team exercises
- Threat Triggers: Contains Indicators of Compromise (IoCs) related to an incident as reported by Lumu’s threat intelligence engines or third-party sources.
- Compromise Radar: Shows threat hunters contact patterns to help distinguish occasional contact from persistent and automated attacks
- Attack Distribution: Enables prioritization by uncovering which areas of the organization are most affected by threat actors
- Operational Timeline: All incidents contain a timeline section where teams can track the steps of the resolution flow
- Email Reports: Each incident provides the ability to email all of the details of what happened and what actions were taken directly to your CISO and others as needed
- Response Automation: Connect Lumu with your existing cyber stack to take automated actions against active threats
As ransomware groups continue to successfully bypass defenses and grow bolder, ransomware maintains as a top threat to businesses in 2023. To highlight ransomware precursors and how the attacks evade common cyber defenses, Lumu has also released an update to its 2023 Ransomware Flashcard. Key findings that are valuable for threat hunting teams include:
- The most prevalent ransomware precursors (Qakbot, Phorpiex, Emotet, Cobalt Strike, Ursnif, Dridex and ZLoader)
- Which ransomware precursors active cybercrime gangs are using:
- ALPHV/BlackCat, one of the groups behind the recent cyber attack on Estée Lauder, is using Emotet
- BlackBasta, an offshoot of Conti and behind the recent ransomware attack on multinational tech firm ABB, is using Qakbot
- Conti is using Qakbot and Emotet, BitRansomware is using Phorpiex, Egregor is using Qakbor and Ursnif
To learn more about Lumu for Threat Hunting, please visit https://lumu.io/threat-hunting/ or visit us at Black Hat USA 2023, Start-Up City SC220 for a demo.
Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment™, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real time visibility across their infrastructure, and close the breach detection gap from months to minutes. Learn more about how Lumu illuminates network blind spots at lumu.io.