Lumeta Spectre Technology
Cyber Situational Awareness
It is very useful to think of the need to defend networks in a similar context as military defense, which is where the concept of situational awareness originated. Situational awareness is the ability to perceive, comprehend and make timely predictions from critical elements of information concerning what is happening with regards to the mission. Quite simply, it’s knowing what is going on around you.
Lumeta’s Cyber Situational Awareness model has three phases:
- Gain perception by indexing the network. This is a step that needs to be exhaustive, or, recursive, in order to become authoritative. Since there are frequent changes to the network and those changes aren’t often well understood, have unintended consequences, maybe rogue or unauthorized, are usually poorly documented and tracked, allowing a newly discovered piece of information lead to a logical expansion of the indexing required is the only way to gain understand all of what’s present in reality.
- Comprehend what it is that you have indexed. The indexing step, even if done poorly, generates a lot of data. Many IT security teams simply get overloaded by the vast amounts of data that emerges from network and security tools. The current state which involves manual examination of voluminous data by highly trained experts – like finding a needle in a haystack – is not scalable, leaving insufficient time for preventing or fixing problems. Creating actionable, real time information which is distilled, in context and prioritized for remediation is the purpose of this phase. Lumeta are applying Hadoop big data analysis techniques for improving efficacy here.
- Finally, predicting in the context of network situational awareness involves the increasingly automated remediation of problems and ideally, prevention of key issues before they become problems – such as exfiltration of gigabytes worth of intellectual property or financial records across your network. This may involve delivering syslog or CEF notifications, email alerts and reports to the appropriate staff. Lumeta’s view is that it will increasingly involve API integrations with the network infrastructure itself to resolve, re-route, sandbox, patch, remediate.
Recursive Network Indexing Techniques
A key reason why network asset management, vulnerability assessment, network modeling and other tools in the security defense in depth stack have not been fully effective is that their starting point, e.g., what the client understands about their network, is assumed to be true. In our experience it never is. There is no current, authoritative perception of network state. Lumeta IPsonar uses a number of active probing techniques, in a recursive fashion, along with proprietary “stitching” analysis algorithms to provide a complete index of the network. Typically, this process leads to 20% more identified networks, devices, compute resources on a physical infrastructure. Lumeta Spectre further adds the ability to participate in the network control plane and monitor for change as it is occurring in real-time so that context can be applied to the same active probing techniques. This combination allows the organization to finally understand temporal infrastructure whether it’s mobile, virtual, cloud-based and the incremental impacts it is causing on the network from a cyber view.
Architecture & Delivery Options
Spectre is a subscription‐based offering hosted either in the client’s VMware infrastructure or in the Lumeta Cloud (the analytics engine would be hosted in the Lumeta Cloud). The subscription price includes Standard Maintenance & Support.
Spectre uses a distributed, two-tier model. The system includes the Spectre Command Center and Spectre Scouts:
- Spectre Command Center: A web-based management platform for administration, configuration, monitoring and reporting
- Spectre Scout: A distributed system for collection of network intelligence, reporting back to the Spectre Command Center
The size and configuration of the Spectre deployment will depend on the network topology and use case requirements. Deployments will vary in size from a single Spectre Command Center to more complex installations. Lumeta’s Account Management teams are available to assist in determining the optimal architecture and product configuration for your environment.
For Spectre Virtual Machines:
Standard Resource Requirements
Portal: 16GB RAM, 250GB Disk – Thin Provisioned, 4 Cores
Command Center: 32GB RAM, 1TB Disk – Thin Provisioned, 8 Cores
Scout: 4GB RAM, 20GB Disk – Thin Provisioned, 2 Cores
Software & Operating System Requirements
Virtual Server: VMware ESXi 5.1 or later
Guest OS: CentOS 6.5 or later
Bridged networking can be used as a default option, otherwise choose a network type that suits your environment.
Lumeta products are compatible with the two most-recent releases of Chrome, Firefox, and Internet Explorer. Check the About page on your browser menu to ensure the browser version you’re running performs well with Spectre.
Versions supported as of June 1, 2016 are listed here: