Interview from 2018 TAG Cyber Security Annual ReportJanuary 15, 2018 4:54 pm
You can download the full TAG Cyber 2018 Annual Security Report HERE.
This transcript including a vendor profile can be downloaded HERE.
Lumeta Corporation Interview and Vendor Profile Excerpt from 2018 TAG Cyber Security Annual Report Volume 2 and 3.
Interview by Dr. Edward G. Amoroso, CEO, TAG Cyber
Experienced enterprise security professionals understand the value of situational awareness to address modern cyber threats. Enterprise security risk has shifted from a compliance-driven response obligation to a risk-driven proactive challenge. To support such continual protection, platforms are required that combine the best elements of visibility support with advanced analytics to offer an accurate picture of on-going vulnerabilities and potential solutions. Sanjay Raja, CMO of Lumeta, spends considerable time thinking about this topic and he sat down with us to share his unique insights.
EA: What is the benefit of cyber situational awareness for enterprise security teams?
SR: Anyone with responsibility to protect an enterprise knows how important it is to have an accurate understanding in real-time of all of your assets and infrastructure, as well as changes to that infrastructure that are indicators of or can lead to malicious activity. We start out identifying all of your unknown, unmanaged, rogue or shadow IT infrastructure, both networks and endpoints and both physical and virtual. Most successful breaches and ransomware attacks can clearly be traced back to a lack of immediate visibility or awareness of existing network, networked and cloud infrastructure leading to the inability to account for and protect systems proactively, as well as missing malicious network activity due to the limitations of existing security stacks. This forms the underlying motivation for our platform offerings at Lumeta. where we strive to provide accurate analytics-driven visibility of the security posture of the entire network to security teams for optimal mitigation and response
EA: How does your platform collect data to create visibility across an enterprise?
SR: Our flagship product, Lumeta Spectre, combine a whole set of patented active probing and passive listening techniques at the network layer extending all the way to the endpoint and into the cloud Customers working with our powerful solutions are reporting on average, 40% reduction in so-called ‘blind spots’ in their infrastructure. As you know, it is these blind spots that lead to the most serious intrusions. In addition, Spectre provides a real-time understanding of changes in the network, but we don’t stop there. We pull in threat intelligence that is also applied to our network flow modeling to develop what we call, Threatflows. These flows are indicators of malicious behaviors on the network, whether flagging compromised systems, identifying leak paths to external malware hosts, or identifying encrypted communications like TOR, that are often not authorized for use.
EA: Can you share how you approach analytics?
SR: We take a unique approach that allows us to provide 100% coverage across the network versus existing methods that leverage packet captures, logs, and netflow, all of which provide an incomplete picture due to the limits of those technologies. At Lumeta, we focus on the underlying network infrastructure that forms the basis of all communications in the environment and is central to discovering attacker activity. Since we look at primarily the network control plane traffic, we are able to discover recursively, collect and analyze every network, networked device and/or endpoint. Our analytics differentiates between the relevant protocols such as OSPF, BGP, ARP, DHCP, DNS, and ICMP. Protocol-specific information is rapidly correlated with discovered contextual data on the network, endpoints, and across the hybrid cloud to detect relevant changes to the infrastructure. The types of changes our analytics identify include new bots, new C&C points, newly accessible Tor exit nodes, unusual port usage, and many other focus areas. The emphasis is on speed, accuracy, and relevance to cyber security concerns. As we apply threat intelligence to relevant metadata, our analytics can provide areas of vulnerability to attack, but also indicators of compromise and potential breach activity.
EA: Does your solution support network segmentation?
SR: Absolutely. As we have a complete understanding of the network and changes in real-time, we are able to search for so-called ‘leak paths’ between presumably isolated segments or even leaks to the Internet, including from the cloud. This knowledge can be essential to ensuring proper segmentation security and compliance and determining if their violations such as undesired lateral movement or unauthorized communications, especially to the outside. When we detect such threats, we can provide this data in real time to the SIEM or other collection device in the enterprise. Our ability to provide this type of information can also help network and security teams accelerate their “unflattening” of networks and optimize their segmentation to ensure it is configured as expected, but also flag violations.
EA: Which business sectors or industries will benefit most from such visibility capability?
SR: Obviously, critical infrastructure sectors have the most intense obligation to support advanced real-time security controls. So, we’ve seen great focus from these larger companies, agencies, and organizations. But more recently, we’ve seen middle and even smaller sized businesses paying closer attention to real-time visibility on the network, endpoints, and cloud. This includes all sectors such as financial services, telecommunications, retail, technology, services, and on and on. We’ve discovered that there is really no size or type of business or government agency that will not benefit from our capability. One growing segment has been IoT, but focused on areas like Healthcare, Manufacturing, Utilities, Retail (PoS) and Critical Infrastructure. Our solutions have proven to rise above the hype around IoT security as our core platform is the perfect foundation for providing visibility, securing systems more effectively and detecting leaks or other attack activity, while the promises made by some vendors takes years to bridge the gap between the reality and hype.