Get started and learn about Lumu installation and deployment as well as how Lumu uses Continuous Compromise Assessment, the illumination process, and your network metadata to know the compromise level

Getting Started with Lumu

In this article, we introduce you to the basics about using Lumu to measure and understand your business’s compromise level in real time. If you want to go straight to the deployment documentation, click here.

Welcome to Lumu!

Lumu Technologies is a breakthrough cybersecurity company that helps organizations worldwide to intentionally measure their unique level of compromise in real time, providing visibility into threats, attacks, and adversaries affecting your entire business, including central networks, cloud environments, branch offices, and roaming users.

Is your organization talking with adversarial infrastructure? Lumu can give you the answer to that question.

Our vision is to help the world measure compromise in real time.

How Lumu Works

Organizations spend millions of dollars yearly on cybersecurity programs that aim to avoid compromises. Yet most organizations are not intentionally measuring compromise, hence neglecting the opportunity to maximize the output of their security investment towards achieving a zero compromise state.

The Problem: A pervasive false sense of security
Lumu is an enterprise-grade solution that was built from the ground up with a single objective: help measure and understand your unique compromise level in real time. Lumu empowers your cybersecurity operators and strategists to offer a reliable, accurate, and continuous process from collection to Illumination.

Continuous Compromise Assessment - the Path to Enhancing your Cybersecurity

The breakthrough that Lumu brings to the industry is the ultimate missing link in cybersecurity: Continuous Compromise Assessment. Implementing this model not only simplifies the decision-making process for managers and practitioners but also transforms the cybersecurity ecosystem and the dynamics of the attackers-versus-defenders cyber cycle.

The Power of Continuous Compromise AssessmentThe Power of Continuous Compromise Assessment
The single purpose of most cyber defense strategies is to avoid being compromised. Yet, this is useless if a compromise happens and the function of detecting and measuring compromise is absolutely neglected. Lumu’s Continuous Compromise Assessment operationalizes the following concept: “Assume you're compromised and prove otherwise”, an alternative point of view that looks at cybersecurity as a control system. For this reason, the feedback loop between defenses implemented and compromise detection must be closed.

Lumu closes this feedback loop and enhances the existing security infrastructure by giving precise and timely feedback on the compromise level, empowering organizations to perfect their defense strategies for optimal cyber resilience.

The Power of Your Network Metadata for Compromise Assessment

A closer look at the different stages among the multiple variations of the Cyber Kill Chain unveils the common denominator that enables adversaries’ evil intent: adversaries must use your network. If any piece of your distributed infrastructure is communicating with the adversary, we can conclude that compromise is taking place.
Common Cyber Kill Chain Framework Common Cyber Kill Chain Framework
Understanding your network behavior is the key to assessing your compromise state.

As part of Continuous Compromise Assessment, Lumu continuously collects, normalizes, and analyzes a wide range of network metadata, such as DNS, proxy, and network flows in real time from your extended perimeter, namely on-premises, public and private clouds, and roaming devices.

Your enterprise already has all the data, we just need to connect the dots.

In the following video, we show how your own network metadata is the single so

urce of truth of your organization’s compromise posture and how to leverage it with Lumu:

The following table describes the key elements of metadata Lumu uses to illuminate your compromised IT assets and the behavior of your enterprise network, which leads to conclusive evidence on your unique compromise levels:

Network Metadata

Why it Matters

DNS Queries

Provides context into the connections attempted from the organization’s devices towards adversarial infrastructure.

Network Flows

Among other malicious behavior, provides insights into an organization’s devices that are controlled by adversaries and attempting to move laterally.

Access logs of Perimeter Proxies or Firewalls

In cases where the attacks avoid domain resolution, the traces of adversarial contact will lie in the access logs of firewalls or proxies, depending on the organization's network configuration.


Email is the preferred method by attackers to deliver exploits. Analyzing the organization’s spambox provides insights into the type of attacks an organization is receiving, but more importantly if end-users are accessing such attacks and if the organization is at a high risk of compromise.

The Illumination Process

Lumu’s Continuous Compromise Assessment is enabled by our patent-pending Illumination Process, this technology uses extensive threat intelligence of known and confirmed indicators of compromise (IoCs) over the collected metadata. Lumu also applies proprietary artificial intelligence and advanced analytics to measure the technical distance between anomalies and known attacks. The result is high-probability compromises that are already within your organization.

After these processes, the Lumu proprietary Playback™ capability takes place comparing every new IoC against up to two years of network metadata for every customer we are protecting.

The Illumination Process is foundational to detect compromises accurately and at speed.

Learn more about how this process uses network metadata and advanced analytics to illuminate your network’s dark spots:

Lumu Portal

The Lumu Portal provides a centralized and intuitive platform for implementing the Continuous Compromise Assessment model across your entire infrastructure, with no client installation needed. Within the Lumu Portal, you have access to all the information provided by the Illumination Process as easy-to-read and managed dashboards for fast investigation and the intelligence needed to enact a precise and timely response. This information allows you to track the spread of malicious activity and analyze it to generate actionable recommendations.

Besides curated dashboards, you can dive deeper to know the exact coordinates of IT assets in direct communication with adversarial infrastructure, either in on-premises, cloud, and roaming environments. These are some features you can find on the Lumu Portal:


Visualize the Attack Distribution

Group and view traffic by geography, network segments, device, domains, critical assets, or as needed.


Measure Patterns of Malicious Behavior

Frequency patterns unveil the nature of attacks for more accurate, conclusive analysis and faster mitigation.


Compromise Context

Provides additional information about the various threats that have been detected. Gives security teams the factual data to implement the right response in a timely fashion.



Supercharge threat hunting operations, strategically evaluate defenses and prioritize security investments with the MITRE ATT&CK Matrix directly in the Lumu Portal.

Key Features and Benefits of Lumu

These are some powerful capabilities and benefits our customers value the most:

Sophisticated attack pattern recognition - beyond probability and risk scoring. A 360-degree inside view that continuously assesses and highlights network threats for measuring your compromise in real time.


User Friendly from the Beginning and Throughout - transparent deployment and integration. You can have Lumu running in minutes, this translates to an instant return on investment (ROI).


Retrospective Compromise Assessment -  for going back in time to check up to 2 years of network metadata traffic for matching compromise indicators. 


Addresses a Big Problem Practically , start detecting compromise while relieving alert fatigue in a practical way. No fancy or expensive training is required in order to operate it or get its full benefit.


Validates Current and Future Security Investment - Lumu reveals exactly the protection tools that are working and also, what is lacking, giving you the intelligence needed to invest, divest or adjust as needed and help you make the best use of the technology stack you currently have. 

If you want to explore more about Lumu’s use cases, visit our website.

Where Should I Start?

Learn how to start understanding your compromise level quickly and how to incorporate Continuous Compromise Assessment into your security operation in our Lumu offerings guide.

Lumu offers transparent deployment and integration options for your premise, cloud, and roaming environment. If you want to request a demo or talk to an expert, please visit our site.

        • Related Articles

        • Lumu Free Guide

          As we show in our Lumu offerings article, Lumu Free is a limited-visibility offering for getting started with the power of Lumu’s Continuous Compromise Assessment model. With Lumu Free you can set up real-time DNS ingestion using Lumu Gateways. ...
        • Lumu Offerings

          As described in our Get Started article, all successful attacks have a common denominator: the cybercriminal must use the network. Lumu covers from simple to complex infrastructures collecting network metadata from your extended perimeter through a ...
        • Lumu Deployment and Integration Guide

          Incorporate the Continuous Compromise Assessment into Your Security Operation. As we show in our Lumu Offerings article, when greater visibility is desired, it's necessary to insert network metadata collectors inside your network infrastructure. Lumu ...