This article refers to the Labels system. If you want to learn more about the available Filters, please read
this article
.
Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools.
Labels give you the power to categorize and filter your traffic by geography, network segment, device, domain, critical assets, or as needed. Each label’s importance is unique for your organization. That’s why labels include a business relevance option to help you make faster, data-supported decisions.
Labels help to easily identify and prioritize the compromise distribution across your infrastructure.
Properly configured labels help your team respond efficiently at every stage where an adversary might be a threat.
Each label should reflect an environment or group with significance to your cybersecurity operations, such as critical business functions or compliance-sensitive areas. Labels should be implemented in such a way that the assets’ operational significance they represent is immediately apparent.
It's also crucial not to create too many labels; an excessive number can be as ineffective as having none. Aim for the smallest possible list that allows you to comprehensively map your business.
Avoid common mistakes like labeling based on technical parameters such as VLAN names or collector identifiers, which don't convey the business impact of incidents
When
creating collectors
in the Lumu Portal, such as gateways, agents, virtual appliances, custom collectors, etc., you are requested to associate their traffic with a Label. Associate an existing label with the collector, or add a new label.
In the “Labels” section of the Lumu Portal, you can view, create, manage, and associate labels with your network segments easily.
Excluded Activity
With the new "Excluded Activity" label, you can easily filter out non-relevant traffic, ensuring your focus remains on critical areas. Use it when you need to exclude network segments that are isolated, or for assets that are expected to interact with malicious activity, such as Threat Intel Platform servers or penetration testing tools.
Any segment labeled as Excluded Activity won’t be in Lumu’s radar. Make sure any segments you include under this label are properly isolated or under absolute control by your cybersecurity team to avoid any chance of threat propagation.
Review unlabeled activity to make sure all your traffic is being categorized according to your organization’s specific needs.
One of the most powerful capabilities of labels is to define business relevance. With this feature, you can define the priority of each network segment by setting its business relevance: Low, Medium, High.
Lumu Defender accounts can choose which labels will be seen by Lumu Playback at this stage. To know more about Lumu Playback, consult
our documentation.
If your account has access to Lumu Playback, you will find a switch to enable or disable playback analysis when creating a new label.
Setting up labels and determining their business impact lets you easily filter, prioritize, and analyze incidents found across your entire network infrastructure.
Learn more about the Lumu Portal
: