How can Lumu and DNS Firewalls work together?

How can Lumu and DNS Firewalls work together?

If your company already has a DNS firewall like OpenDNS (currently, Cisco Umbrella), Infoblox, or the like, Lumu seamlessly integrates with your DNS firewall to continue to benefit from blocking malicious DNS requests, while layering real-time compromise assessment. In order to assess compromises effectively, one must take into consideration a wide range of network metadata sources. For this reason, DNS is only one of many network metadata collected and analyzed. Lumu also collects network flows, proxy logs, firewall logs, and spambox to have a complete and detailed view to detect and understand compromise incidents and build the ability to respond in a precise and timely manner.

The ability to measure real-time compromise helps to fight the false sense of security provided by technologies focused on only blocking threats, such as DNS firewalls and the like. Blocking malicious DNS requests is good, but the ultimate goal is to eliminate the residual compromise from the device that triggered the blocked DNS request. Today’s malicious threats like ransomware, banking trojans, and others include DGA (Domain Generating Algorithm) capabilities. That means that the compromised device will continue to trigger malicious DNS requests generated by the DGA indefinitely until it can finally reach its C&C and cause harm to the enterprise.
If you do not have a DNS firewall in place, Lumu provides full and enhanced visibility of the DNS requests made to adversarial infrastructure and provides more insight into compromises with the broad network metadata collected. Even when most attacks use DNS infrastructure, it is critical to visualize the attacks that go directly to IP addresses and to know the lateral movements inside the organization.

In addition, Lumu provides Compromise Context that enriches confirmed compromise with factual data related to each compromise’s distribution, behavior, movement, and more. By accessing our Threat Triggers, you can enable policies that contain these compromises using your current cybersecurity infrastructure. Consequently, you can invest time to understand and eradicate each compromise, so you and your team can respond in a precise and timely manner.

        • Related Articles

        • How does Lumu compare to a DNS firewall?

          Lumu and DNS firewalls are different technologies, designed with different purposes in mind. For starters, Lumu is a technology that was built from the ground up with a single objective: help to measure and understand your unique compromise level in ...
        • Can Lumu replace the DNS Firewall?

          DNS firewalls and Lumu are solutions used to address different challenges. Lumu can add incredible value to the security strategy of your organization whether you have a DNS firewall or not. Organizations that have not invested in a DNS firewall find ...
        • How does Lumu measure compromise in real time?

          Lumu systematically collects, normalizes, and analyzes a wide range of network metadata, including DNS, Net flows, Proxy, Firewall Access Logs, and Spambox. The level of visibility that only these data sources provide, allows us to understand the ...
        • How can Lumu and SIEMs work together?

          Lumu has the power to amplify the benefits of a standalone SIEM technology. Lumu enables organizations to maximize their resources by allowing security teams to work more effectively and proactively identify the assets communicating with adversarial ...
        • What is Lumu Insights?

          Your network traffic is your ground zero for illuminating threats and adversaries. Using existing network data sources, Lumu Insights continuously assesses the entire enterprise to determine the level of compromise. Implementing Lumu’s patent-pending ...