Lumu Insights uses Continuous Compromise Assessment to deliver unprecedented network visibility to the Lumu Portal.

Lumu Insights Deployment and Integration Guide

Incorporate the Continuous Compromise Assessment into Your Security Operation.

As we show in our Deployment and Integration article, when greater visibility is desired, it's necessary to insert network metadata collectors inside your network infrastructure. Lumu Insights offers a variety of collectors such as Spambox, Agents, Custom Collector API, and unlimited Virtual Appliances to ensure 360-degree detailed visibility that continuously assesses and highlights network threats.

Some features of Lumu InsightsFigure 1. Some features of Lumu Insights.
If you are using Lumu Free and want to know how to level up your experience with Lumu Insights, visit our FAQ.

The diagram in Figure 2 represents the general deployment of Lumu for effective compromise detection. Lumu collects network metadata from your on-premise infrastructure, hybrid cloud environments, and extended perimeter, including roaming devices.

Lumu Insights general deployment architectureFigure 2 - Lumu Insights general deployment architecture.

Lumu Portal

If you are just getting started with Lumu Insights, we recommend you explore the Lumu Portal where you can manage users, collectors, spambox, and determine the compromise level of your organization.

Lumu Portal.Figure 3 - Lumu Portal.

On-Premise Deployment

Virtual Appliances (VA), VA collectors, and the Custom Collector API are seamless ways to integrate network metadata such as DNS packets and proxy logs.

The simplest way to introduce a network metadata collector into the enterprise infrastructure is to use the Lumu Virtual Appliance, which provides a transparent mechanism to collect network meta-data. Lumu VA provides you with the detailed malicious activity of each private IP address in your network in real time and tells you exactly where the compromises are located.

Figure 4 shows that when the Lumu VA is implemented within an enterprise’s perimeter, all the network endpoints are instructed to send their DNS queries to the Lumu VA, which will answer the clients’ DNS queries by forwarding them to your original DNS server. DNS resolution metadata, firewall logs, and proxy logs are simultaneously sent to the Lumu Cloud via VA collectors for Continuous Compromise Assessment. This model also applies when implementing Lumu on other environments such as the Cloud and roaming devices.

Figure 4 - Infrastructure with Lumu VA as DNS Resolver + Collectors.

You also have the option to deploy the Lumu VA as a collector of DNS queries, packages, proxies, etc., as shown in Figure 5. This case applies when you are not using the virtual appliance’s built-in DNS resolver, but still using the VA for collecting DNS metadata.
Infrastructure with Lumu VA as collector onlyFigure 5 - Infrastructure with Lumu VA as collector only.

Related documentation:
  1. Lumu Virtual Appliance
  2. Manage VA Collectors

Some enterprises may already be using defense solutions such as Endpoint Detection and Response (EDR) or network monitoring tools as part of their pipelines to centralize their logs. Lumu gives the option to deploy the Custom Collector API to send your network metadata to Lumu. It can also be used as an alternative for obtaining greater visibility in cases where the enterprise network restricts the use of Virtual Appliances.

Related documentation

  1. Custom Collector API
Infrastructure with Lumu Collector APIFigure 6 - Infrastructure with Lumu Collector API.

Take advantage of Lumu Public Gateways to associate part of the traffic originating from your organization to Lumu for illuminating threats, attacks, and adversaries coming from your network. Gateways can be configured to represent departments, offices, or geographic regions, whichever makes the most sense for your unique organizational structure.

Related documentation:
  1. Add a Public Gateway

Cloud Deployment

Enhance your compromise assessment by deploying a Lumu VA as Cloud Collector in environments such as Amazon AWS, Google Cloud, and Microsoft Azure. Lumu also gives the option to deploy the Custom Collector API to send your cloud metadata.

Cloud Infrastructure with Lumu VA as CollectorFigure 7 - Cloud Infrastructure with Lumu VA as Collector.
Lumu documentation:
  1. Lumu Virtual Appliance
  2. Deploy Lumu VA on Cloud ( Azure and AWS)
  3. Custom Collector API

Roaming Deployment

For organizations with a remote workforce, Lumu offers the option to implement the Continuous Compromise Assessment concept to not only corporate networks but also for remote workers using Lumu Agents, VPN (Virtual Private Network), or SDP (Software Defined Perimeter) technologies.

Figure 8 - Roaming Infrastructure with Lumu Agent and VPN/SDP.
Related documentation:
  1. Lumu Agents
  2. VPN/SDP Configurations

Spambox

Set up and manage spambox analysis to understand who in your organization is being attacked, and how they are being targeted.
Lumu SpamboxFigure 9 - Lumu Spambox.
Related documentation:
  1. Spambox
        • Related Articles

        • Deploy and Integrate

          As we described in our Get Started article, all successful attacks have a common denominator: the cybercriminal must use the network. Lumu covers from simple to complex infrastructures collecting network metadata from your extended perimeter through ...
        • Lumu Free Deployment Guide

          As we show in our Deployment and Integration article, Lumu Free is a limited-visibility offering for getting started with the power of Lumu’s Continuous Compromise Assessment model. With Lumu Free you can set up real-time DNS ingestion using Lumu ...
        • Getting Started with Lumu

          In this article, we introduce you to all you need to know about using Lumu to measure and understand your business’s compromise level in real time. If you want to go straight to the deployment documentation, click here. Welcome to Lumu! Lumu ...