Using Lumeta to help protect your network from theft by criminals and industrial spies
You can’t protect what you can’t see or don’t know about. In the case of financial, retail, entertainment, manufacturing and healthcare organizations IT security and network teams are learning this the hard way. In recent memory, companies in each of these industries have publicly reported the theft of millions of their customers’ financial records or the exfiltration of sensitive email and internal communications, research and development work-product, intellectual property and trade secrets.
Lumeta’s engagements with companies in these industries routinely helps them mitigate cyber theft by proof-points such as:
Network Infrastructure Analytics
A top five US bank with more than $1.5 trillion in assets uses Lumeta to examine their network architecture weekly. In their engagement, the scope of their enterprise network – which was based on data from existing network management, IP Address Management and Host Vulnerability Assessment (VA) – was initially evaluated to be 600,000 IP addresses. Lumeta’s recursive network indexing technology identified more than 800,000 actual IP addresses in use, a 25% visibility gap. The newly identified sub-networks and devices were not being evaluated by VA making this unknown 25% more susceptible to malware which could be used to exfiltrate financial information.
Network Segmentation Analytics
Another top five US bank with more than $2 trillion in assets has hundreds of internal enclaves that need to remain segmented from each other and also from the public Internet as part of an in-depth network security policy. Lumeta’s recursive network indexing technology helped identify more than 25 multi-homed hosts that were packet-forwarding between Ethernet interfaces on those servers violating network segmentation policy required for PCI DSS compliance.
Breach Detection Analytics
One of the world’s largest and most recognizable entertainment brands with more than 100,000 employees and $40B in annual revenue has a policy prohibiting use of Secure Shell (SSH), TCP port 22, on certain critical subnetworks. SSH is one method of gaining privileged access to servers which is frequently sought by bad actors to achieve lateral movement and escalate privileges after they’ve gained a malware beachhead on a victim network. This customer used Lumeta IPsonar to initially identify and reconcile/remediate the universe of severs exhibiting SSH access. They subsequently migrated to Lumeta ESI Cyber Threat Probe for real-time alerting upon any SSH port usage within the designated zones.