The presentation provides an overview of the Lumu portal with a focus on the Lumu Illumination Process within the product. This serves as the core foundation for detecting threats within a customer’s network. This continuous 24/7 process involves several stages, starting with the collection of network metadata and running it against known Indicators of Compromise (IoCs). The system utilizes artificial intelligence engines, anomaly detection, and a retrospective threat hunting feature called playback to identify malicious activity and pinpoint confirmed compromises, which are then reported as incidents in the portal.
A significant focus is placed on the new Analytics tab within the Lumu portal, designed to provide human-readable visualizations of the background detection stages. Users can now monitor network behavior through geographical maps, metadata distribution charts, and daily activity heatmaps that establish a baseline for normal operations. Additionally, the anomalies tab allows for proactive threat hunting by showing unusual contact patterns between endpoints and domains, helping security practitioners understand potential risks like lateral movement or data exfiltration before they escalate into confirmed incidents.
Takeaways
- The illumination process is a multi-stage framework that includes metadata collection, AI-driven anomaly detection, and retrospective playback scans.
- The playback feature enables retrospective threat hunting by scanning historical network activity against newly identified Indicators of Compromise.
- The new Analytics tab provides visibility into the volume of analyzed traffic, identified anomalies, and confirmed compromises over the last 30 days.
- Geographical destination maps and popularity-based domain analysis help security teams identify high-risk traffic to uncommon or suspicious sites.
- Graphical views of anomalies allow users to visualize contact patterns, which can indicate potential malware persistence, data exfiltration, or lateral movement.
FAQs
What is the Illumination Process?
It is Lumu’s 24/7 core foundation for detecting threats by processing metadata through AI engines, anomaly detection, and retrospective hunting.
Where can I find the deep-dive visualization tools in the portal?
These features are located under the Intelligence menu in the Analytics tab.
Do the anomalies shown in the Analytics tab require immediate action?
No, they are primarily for information and proactive threat hunting; Lumu automatically creates incidents for confirmed compromises that require response.
How does the playback feature work?
Playback conducts retrospective scans of past network metadata whenever new threat intelligence or IoCs are identified to see if previous contact occurred.
What can the graphical view in the anomalies tab reveal about network security?
It can help visualize lateral movement, malware communication patterns, and unusual connections between endpoints and specific domains.
