Lumu helps security teams minimize alert fatigue, prioritize response, and accelerate remediation
Lumu, the creators of Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real-time, announced a new Compromise Context capability that offers robust contextual intelligence around confirmed compromise instances, enabling security teams to deploy accelerated incident response efforts with precision.
This new contextual functionality is included as part of the Lumu Insights platform, its innovative cloud-based solution which collects and standardizes network metadata from a wide-range of network sources and puts it through a patent-pending Illumination Process to measure the technical distance between known IOCs.
“Security teams have long relied on conventional Indicators of Compromise as their primary vehicle to detect a network intrusion or other malicious activities. However as the word ‘indicator’ implies, it’s an inexact science at best that often leaves you with more questions than answers,” said Ricardo Villadiego, founder and CEO of Lumu.
“As the age old saying goes, ‘context is everything’ and within the framework of network security, context is precisely what security teams need most these days. Not only does this context help defenders accelerate their response, it also enables IT strategists to better prioritize additional security investments based on empirical evidence of confirmed instances of compromise. ”
Lumu’s new Compromise Context capability aims to arm threat researchers and incident responders with real-time compromise intelligence that addresses fundamental questions about specific and confirmed instances of compromise, including: How and where is a particular compromise spreading? What is the attacker’s objective? How long has a specific compromise been taking place?
Simply the management of threat intelligence
By consolidating all of this contextual intelligence within a single view, security teams no longer need to chase down data from multiple network monitoring tools and can manage them in real-time, without having to invest additional time creating rules or applying conditions.
Visualize the sphere of impact
Lumu’s proprietary Compromise Radar provides a dynamic visualization tool that displays how many malicious events and endpoints are being affected, enabling security analysts to quickly distinguish occasional contact with adversarial infrastructure from persistent, automated compromises that have the potential to cause immediate harm to their organization.
Measure the attack distribution
Attack Distribution is another visualization tool that enables Lumu Insight users to track and measure critical environments such as SWIFT, PCI-DSS, and OT networks and take immediate action. Attack Distribution can also show how and where a specific compromise is spreading inside an organization’s network.
Accelerate and prioritize their response
Understanding which compromises represent the most immediate threat is an especially critical first step for cybersecurity first responders. Compromise context equips security defenders with the prescriptive real-time insights security analysts need to prioritize, isolate, and contain a network compromise.
Conduct in-depth threat research
Lumu users can gather and drill down with more information about a compromise with integrated links to related articles authored by leading security researchers covering a particular threat as well as corresponding incident response playbooks based on the NIST Framework which include best practices for how to respond to specific attacks.