Using Lumeta to defend governments and critical national infrastructure from cyber attack
Networks are essential tools in military, intelligence/investigative and civilian government applications. And networks have become equally important to the safe and efficient operation of critical national infrastructure like emergency response, transportation systems, energy and water distribution. Whether perpetuated by nation-states, criminal enterprises or terrorist organizations for advancement of their various causes, each year there are a growing number of critical cyber incidents that are discovered and reported. Most often, these incidents are only reported after significant damage has been done and critical, secret or personally identifiable data has been compromised or exfiltrated from victims. The bad actors and what they have done on your network are only discovered forensically, after weeks or months of elapsed time have passed since the initial breach.
Because of the criticality of need for cyber defenses to protect and preserve lives, ensure the stability of government and critical infrastructure operations, a real-time network situational awareness capability is of particular importance in this use case.
Lumeta ESI has provided our customers with these sample benefits in cyber defense applications:
Network Infrastructure Analytics
- Identification within minutes of newly inserted, possibly rogue wireline or wireless infrastructure devices, firewall, routers or other network functions (e.g., virtualized) acting as packet forwarders
- Identification of any new virtual/cloud IaaS (or physical) resource seeking service from the network within minutes
- Provides a real-time visual view of critical enterprise zones or the whole enterprise with all recent changes authoritatively highlighted for validation
- IPv6 awareness for military and intelligence IoT applications where there may be millions of individually addressable devices under management
Network Segmentation Analytics
- Real-time identification and mapped views of newly identified networks and newly inserted routes
- Real-time identification of routed (L3) or bridged (L2) “leak paths” or other connectivity violations in between protected network enclaves
Breach Detection Analytics
- Discover real-time use of Dark Web/TOR exit nodes from locations inside the government enterprise
- Identify unauthorized use of services which may be utilized for lateral movement or exfiltration of data like RDP, X11, FTP, DNS