Analytics View
Lumu’s Illumination Process is the core of Continuous Compromise Assessment ® by Harnessing the power of AI for threat hunting without the time and resource-intensive training that traditional methods require. In this process, network metadata is fed to Lumu in real time, comparing it against an updated data lake of known Indicators of Compromise (IOCs) based on the latest industry insights. After that, Lumu’s AI analyzes the remaining data identifying unusual network occurrences as potential anomalies that might lead to compromise, which are later put through Lumu’s deep correlation to output confirmed incidents. These can be operated on by the cybersecurity team. The remaining metadata is then fed back into Lumu to be analyzed retroactively again using newly obtained IoCs by Lumu Playback for retrospective threat hunting purposes.
Lumu’s Analytics view is a porthole of sorts into the Illumination Process, more specifically, into the AI-based hunting stage; it enables organizations to get a deeper look at Lumu’s continuous analysis to create a network baseline upon which anomalies are identified.
Being aware of anomalous behavior can help you create informed threat hunting hypotheses, and take preventive measures to strengthen your posture before an incident takes place
With Lumu Analytics you will be able to:
- Get an overview of your network’s analyzed traffic and confirmed compromise throughout the last month, as well as anomalous behavior and data analyzed by Lumu Playback.
- Understand the way your traffic is distributed by geography, domains, types of metadata, and more. The Analytics view provides you with easily readable graphics and maps that you use to learn about your network, and to easily convey this information to stakeholders.
- Gain insights into potential incidents through anomalies—unusual behavior detected in your network that diverges from the organization's traffic fingerprint but has not yet been classified as incidents.
- Empower your threat-hunting team with data (anomalies) to carry out hypothesis-driven and AI-based investigations.
- Get visibility into Lumu’s Illumination Process® and certainty that Lumu is analyzing your network’s traffic.
The Analytics view has two main subsections that provide different information about the network. Let’s take a brief look at each.
Network Behavior
The Illumination Process establishes a network behavior model to detect specific anomalies. The Network Behavior tab presents human-readable aspects of this model, translating complex computer-centric data into comprehensible graphs. This offers a comprehensive overview of your organization's typical traffic and habits. Refer to our Network Behavior article for further details on this process.
Anomalies
This section reveals details about unusual network activity—traffic or contact attempts that diverge from your organization's typical internet patterns. These anomalies could indicate an impending incident, early-stage adversary attacks, or undetected threats within the network. A solid understanding of these deviations empowers your cybersecurity team to assess potentially affected assets, and reinforce security proactively. Explore our Anomalies article for in-depth insights into this section.
Related Articles
Network Behavior
Lumu’s Illumination Process analyzes your network’s metadata on a 24/7/365 basis to monitor the organization’s cybersecurity state. While doing so, Lumu’s AI is able to create a baseline for the behavior of the network based on your team’s habits ...Anomalies
The Anomalies tab provides you with information regarding unusual activity in your network that Lumu’s AI detects as likely instances of adversarial contact, but has not yet confirmed as incidents. Lumu does so by analyzing the behavior of these ...Lumu Email Intelligence
Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. In this ...MITRE ATT&CK® Global Matrix
The MITRE ATT&CK Framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations which provides invaluable insight into incidents and attacks affecting organizations. With that in mind, the Lumu ...Compromise Overview
Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. In this ...