As we show in our
Deployment and Integration article, when greater visibility is desired, it's necessary to insert network metadata collectors inside your network infrastructure. Lumu Insights offers a variety of collectors such as Spambox, Agents, Custom Collector API, and unlimited Virtual Appliances to ensure 360-degree detailed visibility that continuously assesses and highlights network threats.
The diagram in Figure 2 represents the general deployment of Lumu for effective compromise detection. Lumu collects network metadata from your on-premise infrastructure, hybrid cloud environments, and extended perimeter, including roaming devices.
If you are just getting started with Lumu Insights, we recommend you explore the
Lumu Portal where you can manage users, collectors, spambox, and determine the compromise level of your organization.
Virtual Appliances (VA), VA collectors, and the Custom Collector API are seamless ways to integrate network metadata such as DNS packets and proxy logs.
The simplest way to introduce a network metadata collector into the enterprise infrastructure is to use the Lumu Virtual Appliance, which provides a transparent mechanism to collect network meta-data. Lumu VA provides you with the detailed malicious activity of each private IP address in your network in real time and tells you exactly where the compromises are located.
Figure 4 shows that when the Lumu VA is implemented within an enterprise’s perimeter, all the network endpoints are instructed to send their DNS queries to the Lumu VA, which will answer the clients’ DNS queries by forwarding them to your original DNS server. DNS resolution metadata, firewall logs, and proxy logs are simultaneously sent to the Lumu Cloud via VA collectors for Continuous Compromise Assessment. This model also applies when implementing Lumu on other environments such as the Cloud and roaming devices.
Some enterprises may already be using defense solutions such as Endpoint Detection and Response (EDR) or network monitoring tools as part of their pipelines to centralize their logs. Lumu gives the option to deploy the Custom Collector API to send your network metadata to Lumu. It can also be used as an alternative for obtaining greater visibility in cases where the enterprise network restricts the use of Virtual Appliances.
Take advantage of Lumu Public Gateways to associate part of the traffic originating from your organization to Lumu for illuminating threats, attacks, and adversaries coming from your network. Gateways can be configured to represent departments, offices, or geographic regions, whichever makes the most sense for your unique organizational structure.
Enhance your compromise assessment by deploying a Lumu VA as Cloud Collector in environments such as Amazon AWS, Google Cloud, and Microsoft Azure. Lumu also gives the option to deploy the Custom Collector API to send your cloud metadata.
For organizations with a remote workforce, Lumu offers the option to implement the Continuous Compromise Assessment concept to not only corporate networks but also for remote workers using Lumu Agents, VPN (Virtual Private Network), or SDP (Software Defined Perimeter) technologies.