Get started and learn about Lumu installation and deployment as well as how Lumu uses Continuous Compromise Assessment, the illumination process, and your network metadata to know the compromise level

Getting Started with Lumu

This article introduces how Lumu helps you measure and understand your business’s compromise level in real time. If you want to go straight to the deployment documentation, click here.

Welcome to Lumu!

Lumu Technologies is a breakthrough cybersecurity company that helps organizations intentionally measure their unique level of compromise and automate the mitigation and remediation of confirmed compromise incidents in real time.

Is your organization talking with adversarial infrastructure? Lumu can give you the answer to that question.

Our vision is to help the world measure compromise in real time.


How Lumu Works

Organizations spend millions of dollars yearly on cybersecurity programs that aim to avoid compromises. Yet most organizations are not intentionally measuring compromise, hence neglecting the opportunity to maximize the output of their security investment towards achieving a zero compromise state.

The Problem: A pervasive false sense of security
Lumu is an enterprise-grade solution that was built from the ground up with a single objective: help measure and understand your unique compromise level in real time. Lumu empowers your cybersecurity operators and strategists to offer a reliable, accurate, and continuous process from collection to response to help them operate cybersecurity proficiently.

Continuous Compromise Assessment™ - the Path to Enhancing your Cybersecurity

The breakthrough that Lumu brings to the industry is the ultimate missing link in cybersecurity: Continuous Compromise Assessment. Implementing this model simplifies managers’ and practitioners’ decision-making processes and transforms the cybersecurity ecosystem and the dynamics of the attackers-versus-defenders cyber cycle.

The Power of Continuous Compromise Assessment The Power of Continuous Compromise Assessment
The single purpose of most cyber defense strategies is to avoid being compromised. Yet, this is useless if a compromise happens and the function of  detecting and measuring compromise is absolutely neglected. Lumu’s Continuous Compromise Assessment operationalizes the following concept: “Assume you're compromised and prove otherwise” , an alternative point of view that looks at cybersecurity as a continuous improvement process. For this reason, the feedback loop between implemented defenses and compromise detection must be closed.

Lumu closes this feedback loop and enhances the existing security infrastructure by giving precise and timely feedback on the compromise level, empowering organizations to perfect their defense strategies for optimal cyber resilience.

The Power of Your Network Metadata for Compromise Assessment

A closer look at the different stages among the multiple variations of the Cyber Kill Chain unveils the common denominator that enables adversaries’ evil intent: adversaries must use your network. If any piece of your distributed infrastructure is communicating with the adversary, we can conclude that compromise is taking place.
Common Cyber Kill Chain Framework Common Cyber Kill Chain Framework
Understanding your network behavior is the key to assessing your compromise state.

As part of Continuous Compromise Assessment, Lumu continuously collects, normalizes, and analyzes a wide range of network metadata, such as DNS, proxy, and network flows in real time from your extended perimeter, namely on-premises, public and private clouds, and roaming devices.

Your enterprise already has all the data, we just need to connect the dots.

In the following video, we show how your own network metadata is the single source of truth of your organization’s compromise posture and how to leverage it with Lumu:


The Illumination Process

Lumu’s Continuous Compromise Assessment is enabled by our patent-pending Illumination Process, this technology uses extensive threat intelligence of known and confirmed  indicators of compromises (IoCs) over the collected metadata. Lumu also applies proprietary Artificial Intelligence and advanced analytics to measure the technical distance between anomalies and known attacks. The result is high-probability compromises that are already within your organization.

After these processes, the Lumu proprietary Playback™ capability takes place comparing every new IoC against up to two years of network metadata.

The Illumination Process is foundational to detect compromises accurately and at speed.

Learn more about how this process uses network metadata and advanced analytics to illuminate your network’s dark spots:


Lumu Portal

Besides offering self-service options for data collection, the Lumu Portal provides a centralized and intuitive platform for implementing Continuous Compromise Assessment across your entire infrastructure, with no client installation needed. Within the Lumu Portal, you have access to the refined and visualized findings of the Illumination Process as easy-to-read and managed dashboards for fast investigation and the intelligence needed to enact a precise and timely response. This information allows you to track the spread of malicious activity and analyze it to generate actionable recommendations.


Besides curated dashboards, you can dive deeper to know the exact coordinates of IT assets in direct communication with adversarial infrastructure, either in on-premises, cloud, and roaming environments.

Key Features and Benefits of Lumu

These are some powerful capabilities and benefits our customers value the most:


Actionable Intelligence and Automated Response - beyond probability and risk scoring. A 360-degree inside view that continuously assesses and highlights network threats for measuring your compromise in real time.


Easy to Deploy and Quick Time to Value - transparent deployment and integration. You can have Lumu running in minutes, this translates to an instant return on investment (ROI).


Addresses a Big Problem Practically  start detecting compromise while relieving alert fatigue in a practical way. No fancy or expensive training is required in order to operate it or get its full benefit.


Validates Current and Future Security Investment - Lumu reveals what protection tools are working and what is lacking, giving you the intelligence needed to invest, divest or adjust as needed and helping you make the best use of the technology stack you currently have .
If you want to explore more about Lumu’s use cases, visit our website.

Where Should I Start?

Learn how to start understanding your compromise level quickly and how to incorporate Continuous Compromise Assessment into your security operation by reviewing Lumu Offerings.

    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Lumu Free Quick Start Guide

          Lumu Free is a limited-visibility offering for getting started with the power of Lumu’s Continuous Compromise Assessment™ model. With Lumu Free, you can set up real-time metadata ingestion using Virtual Appliances, Gateways or via Custom Collectors ...

        • Lumu Offerings

          Take advantage of Lumu Free to understand your compromise level and get visibility into threats, attacks, and adversaries affecting your organization. When greater visibility is desired, you can take advantage of one of the Lumu paid subscriptions: ...

        • Lumu Deployment and Integration Overview

          Throughout this document, we will show you how the features of Lumu can provide you with unprecedented visibility into the adversaries hiding in your network. You will also be able to see how easy it is to incorporate Continuous Compromise ...

        • Simulate an Incident

          Once you have successfully deployed and configured a Collector, and it is already forwarding network metadata from your organization to Lumu, it is time to start seeing Continuous Compromise Assessment™ in action. Lumu processes all collected ...