Lumu acquired Maltiverse to enhance its continuous compromise assessment capabilities and expand its market reach into Europe and the Middle East. The webinar introduces how Maltiverse functions as a cloud-based threat intelligence platform that collects data from over one hundred sources. By integrating these distinct technologies, the organization aims to provide customers with a comprehensive view of the global threat landscape while maintaining high-fidelity detection and response protocols for existing network compromises.
The integration allows security analysts to automate the threat intelligence lifecycle through practical use cases like real-time log analysis and IOC dissemination. Attendees witnessed how Maltiverse filters false positives using rule-based algorithms and delivers actionable intelligence directly to security stacks like Microsoft Sentinel via TAXI. Ultimately, the synergy between Lumu’s observability and Maltiverse’s global data empowers companies to anticipate attacks proactively and eliminate active threats within their internal networks more efficiently.
Takeaways
- Lumu acquired Maltiverse to scale its threat intelligence capabilities and expand its business presence across Europe and the Middle East markets.
- Maltiverse collects intelligence from over one hundred sources, including the Cyber Threat Alliance, CISA AIS, and Lumu’s own threat observatory.
- The platform uses a rule-based scoring algorithm to identify and filter out false positives, ensuring only reliable threat data is operationalized.
- Analysts can automate the dissemination of indicators of compromise to security tools like firewalls, SIEMs, and Microsoft Sentinel using the TAXI protocol.
- While Maltiverse helps organizations anticipate global attacks, Lumu focuses on continuous compromise assessment to identify and eliminate active threats within networks.
FAQs
Why did Lumu decide to acquire Maltiverse?
Lumu built a partnership with Maltiverse three years ago and found their threat data consistently superior among ninety vendors. Owning the asset allows Lumu to enhance its NDR product and scale operations in Europe and the Middle East.
How does Maltiverse handle potential false positives in threat data?
The platform utilizes a rule-based scoring algorithm to classify intelligence in real time. This system filters out non-malicious entities, such as Cloudflare CDN IPs, to ensure that the data delivered to security devices is reliable and actionable.
What are the primary use cases for the Maltiverse platform?
Key use cases include threat analysis for log parsing, triaging incidents by severity, managing threat intelligence feeds, proactive threat hunting, and the private dissemination of indicators of compromise to an organization’s existing security stack and tools.
Can organizations upload their own private indicators to the system?
Yes, the platform includes a dedicated database for private IOCs. This allows organizations to handle sensitive intelligence from trusted circles without sharing it publicly, ensuring threat actors do not realize their specific infrastructure has been discovered.
Will Maltiverse continue to exist as a standalone product?
Yes, while deeper integration into the Lumu portal is expected, Maltiverse will remain available as a standalone platform. This supports companies that prefer to anchor their security operations on SIEM technology rather than using the Lumu portal.
