Lumu systematically collects, normalizes, and analyzes a wide range of network metadata, including DNS, Net flows, Proxy, Firewall Access Logs, Inbox and Email Intelligence. The level of visibility that only these data sources provide, allows us to understand the behavior of your enterprise network, which leads to conclusive evidence on your unique compromise level.
The following table describes the key elements of metadata Lumu uses to illuminate your compromised IT assets and the behavior of your enterprise network, which leads to
conclusive evidence on your unique compromise levels
:
Network Metadata |
|
DNS Queries
|
|
Network Flows
|
Among other malicious behavior, provides insights into an
organization’s devices
that are
controlled by adversaries
and attempting to move laterally.
|
Access logs of Perimeter Proxies or Firewalls |
In cases where the attacks
avoid domain resolution,
the traces of adversarial contact will lie in the access logs of firewalls or proxies, depending on the organization's network configuration.
|
Lumu Email |