Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools.
In this section of the Lumu Portal, you can manage spambox analysis. This unique threat intelligence source can help you understand who adversaries are attempting to compromise in your organization and how they are being targeted. This intelligence will help you make strategic and tactical decisions to disrupt the cycle.
Lumu unlocks the value of your spambox with 3 simple steps:
The spambox capability is part of Lumu Insights and Lumu Defender. If you are a Lumu Free customer, the ability to ingest and analyze spambox metadata can be enabled as an add-on or you can upgrade to Lumu Insights or Lumu Defender, which offers you additional correlation capability, and overall better compromise detection.
Lumu will assign a unique email address to your organization (1). Consult your spam filtering provider for guidance on how to set up your solution to forward all the spam messages to the unique email address provided by Lumu.
This section contains the configuration settings and a general overview of the spambox data analyzed. The Spambox Activity visualization shows the
total number of spam messages analyzed by Lumu
(1) in a period and the top target recipients (2) of the spam messages. You can filter the dashboard by label or date (3).
In this area, you can see how many malicious campaigns target your company (1), the indicators of compromise (IoC), and the total number of recipients. The heat map (2) displays malicious campaign attack patterns to see when the adversaries are sending malicious messages. In the trends area, Lumu shows the distribution of IoCs (3) by threat type (Malware, Spam, Phishing, etc) and the top targeted recipients (4) of malicious campaigns in your organization.
This is a comprehensive view of the distribution of the compromise activity (1) that Lumu detected in your spambox according to your assigned labels. You can click on the zoomable chart (3) to drill deeper into your labeled threat activity, which reveals
how and where compromises are spreading
inside an organization’s network infrastructure. You can filter (3) the threat information by label or date.
If you are a Lumu Free customer and have the Spambox Add-on, this correlation area will show you a limited correlation with DNS queries collected using Gateways.
show the list of IoCs grouped by domains with information regarding threat types (1), IoC details (2), the last time (3) Lumu found this threat in your spambox data, and the total of contacts (4) between the IoC and your infrastructure.
We recommend being familiar with
Lumu Incident Response Playbooks that are based on the National Institute of Standards and Technology (NIST) Framework and include best practices for how to use Lumu to respond to specific attacks.