Find how Lumu measure compromise in real time

How does Lumu measure compromise in real time?

Lumu systematically collects, normalizes, and analyzes a wide range of network metadata, including DNS, Net flows, Proxy, Firewall Access Logs, and Spambox. The level of visibility that only these data sources provide, allows us to understand the behavior of your enterprise network, which leads to conclusive evidence on your unique compromise level.

Lumu Metadata Collection Achitecture

The following table describes the key elements of metadata Lumu uses to illuminate your compromised IT assets and the behavior of your enterprise network, which leads to  conclusive evidence on your unique compromise levels :

Network Metadata

Why it Matters

DNS Queries

Provides context into the  connections attempted  from the organization’s devices towards  adversarial infrastructure .

Network Flows

Among other malicious behavior, provides insights into an  organization’s devices  that are  controlled by adversaries  and attempting to move laterally.

Access logs of Perimeter Proxies or Firewalls

In cases where the attacks  avoid domain resolution,  the traces of adversarial contact will lie in the access logs of firewalls or proxies, depending on the organization's network configuration.


Email is the  preferred method by attackers  to deliver exploits. Analyzing the organization’s spambox provides insights into the  type of attacks  an organization is receiving, but more importantly if end-users are accessing such attacks and if the organization is at a  high risk of compromise .

Learn more about the Lumu Illumination Process .
        • Related Articles

        • What is Continuous Compromise Assessment?

          Lumu’s Continuous Compromise Assessment is a patent-pending model that enables organizations to measure their unique compromise levels, using their own network metadata. This model allows you to identify when, where, and how your infrastructure is ...
        • What is Lumu Insights?

          Your network traffic is your ground zero for illuminating threats and adversaries. Using existing network data sources, Lumu Insights continuously assesses the entire enterprise to determine the level of compromise. Implementing Lumu’s patent-pending ...
        • What does Lumu do?

          This is a brief comparison between what Lumu offers versus the capabilities Lumu may work with, but does not directly offer: Do Don’t Continuous Compromise Assessment Network Performance Analysis Implement “Assume you are Compromised” Strategy ...
        • What is the difference between Lumu Free, Lumu Insights and Lumu Defender?

          Lumu Free offers a starting point for understanding your compromise level. It is always free and provides network-level visibility of confirmed IoCs (Indicators of Compromise) and retains incident data for 45 days. With Lumu Insights you can ...
        • How do you know what is (and isn't) a malicious domain or IP?

          Our Illumination Process uses extensive threat intelligence of known and confirmed compromises. We also apply proprietary Artificial Intelligence and Machine Learning technology and deep correlation analysis that allows us to conclude when there is a ...