Attackers are very resourceful when it comes to finding new ways to infiltrate and compromise the networks of unsuspecting organizations. What if your network gets compromised by a technique so new that nobody in the cybersecurity industry knows any of its indicators of compromise (IoCs)? In that case, Lumu's real-time analysis of metadata might deliver different results than if we knew this attack's IoCs. This may allow adversaries to remain active and undetected. Luckily, this is when Lumu's Playback feature comes into effect, so your organization can take a proactive approach against insidious attackers and precursors, instead of reacting when the adversary reveals itself along with the damage it has caused.
Lumu's Playback feature allows Lumu to analyze network metadata retroactively. This means that older data that didn't show signs of compromise at the time can be analyzed later while considering new findings, information, and detected IoCs to reveal potential incidents and compromise.
Lumu can store up to two years of metadata and run automated analysis on it to cross check with more recent intelligence and thousands of new IoCs confirmed and verified by various intelligence sources every single day. This way, incidents that may have remained undetected can be brought to light to protect organizations from insidious attackers and the harm they entail.
By going to the Highlights tab, you will be able to easily see the incident's summary. Here, you'll find relevant information about it such as the date when the incident was opened, the date of the first contact and the duration of the incident.
Previously undetected incidents translate into latent risks, and the longer they go on, the worse their consequences can be. Older data isn't necessarily obsolete data, and the incidents found by Lumu Playback must be operated on by your organization's cybersecurity team as they would any other confirmed incident.
If Lumu Playback detects an incident retroactively, assume it as an active threat; any incident your organization hasn't taken action against can likely be an adversary causing harm to your organization from the date of the first contact.
Ask yourself the following questions and operate the incident accordingly:
If after answering these questions, you conclude that your network has been, or even worse, is still in contact with an adversary, then Playback has already made a positive impact in your cybersecurity operation.