Complete Cyber Situational Awareness in Real-Time
Modern enterprise IT infrastructure is virtualized, leveraging private, public or hybrid “clouds” consisting of internal and external compute resources. And increasingly, enterprise network users are doing business on mobile platforms – smartphones, tablets and notebooks. Traditional security and vulnerability assessment (VA) products already miss at least 20% of what was physically hardwired to the network because they don’t search for the unknown. Additionally, since VA scans stop, take too long to complete or consume too much network resource, they are often performed outside of normal business hours. This means IT security teams fail to gain cyber visibility into those mobile, virtual and cloud assets that simply aren’t present at the time the VA scan is looking.
Lumeta® Enterprise Situational Intelligence (ESI) offers real-time, context-driven security intelligence to address these problems. By enhancing Lumeta’s Recursive Network Indexing techniques with the context of network state change via analysis of network control plane protocols (OSFP, BGP, ARP, DHCP, DNS, ICMPv6, and others), Lumeta ESI is able to provide authoritative network situational awareness, in real-time, as mobile, virtual, cloud assets and even the physical/software defined network itself changes.
Breach Detection Analytics
The Lumeta ESI Cyber Threat Probe consumes open source and commercial threat intelligence data streams and correlates with Lumeta ESI indexed metadata to:
- Discover newly compromised zombie computers that are operating on your network
- Discover within minutes whether known command and control (C2) infrastructure on the Internet is accessible from anywhere inside your network edge
- Discover within minutes whether known Dark Web (TOR) exit nodes are accessible from anywhere inside your network edge
- Provide real-time identification of nefarious TCP/UDP port usage by known malware exploits
- Provide real time identification of changes to TCP/UDP port usage which may be an indicator of compromise – i.e. RDP, FTP usage violations
- Adds the context of NetFlow and other data streams within the embedded Hadoop Distributed File System (HDFS) to provide deeper security intelligence, analysis and insights leading to faster remediation
Network Infrastructure Analytics
- Installs as a “non-routing” (OSPF, BGP) router to monitor for real-time changes to the network address space/routing table in use
- Discovers changes to the network’s edge in real-time
- Authoritatively identifies new physical or virtual compute assets coming onto the network within minutes and provides dynamic visualization of changes
- Targets clientless/agentless profiling of new assets within minutes, while they remain present
Network Segmentation Analytics
- Discover newly active networks in real-time
- Discover networks that have become non-responsive, unreachable within minutes
- Find routed (L3) “leak paths” from critical internal networks to the Internet or in between network enclaves in real-time
- Issue network segmentation alarms and alerts into SIEM, GRC, device policy management tools for immediate remediation
Lumeta ESI Use Cases
Lumeta ESI Product Reviews
Lumeta ESI Earns World Class Award for (Network) Cyber Situational Awareness from Network Testing Labs: In comparative tests against Tenable Network Security’s Nessus Enterprise, Lumeta ESI’s superior device discovery, leak path detection and comprehensive reports earned it top honors in the review. Download a complete copy of the testing review.