Today’s large enterprises function in an ever-expanding IP space where it can be difficult to have a handle on every network connection, host, and active IP on the network. Because of the constant state of change, the exponentially growing number of connected devices in the enterprise can fall outside of the watchful eye of security management where serious threats can emerge.
In this world of advanced and complex cyber threats, Lumeta empowers information security professionals with the industry’s most comprehensive network situational awareness solutions. The accurate and timely intelligence Lumeta provides on network architecture, network segmentation and cybersecurity analytics allows our clients to validate IT policies, analyze the connectivity between assets and networks, uncover risk patterns and policy weaknesses, and proactively secure their critical assets. Lumeta is the foundation for a healthy, secure network.
- Cyber Defense
- Mitigating Cyber Theft
- Mergers & Acquisitions
- Securing Personal Health Information
- Audit & Compliance
- Continuous Diagnostics & Mitigation
- Cloud Visibility and Security
- Real-Time Breach Detection
Using Lumeta to defend governments and critical national infrastructure from cyber attack
Networks are essential tools in military, intelligence/investigative and civilian government applications. And networks have become equally important to the safe and efficient operation of critical national infrastructure like emergency response, transportation systems, energy and water distribution. Whether perpetuated by nation-states, criminal enterprises or terrorist organizations for advancement of their various causes, each year there are a growing number of critical cyber incidents that are discovered and reported. Most often, these incidents are only reported after significant damage has been done and critical, secret or personally identifiable data has been compromised or exfiltrated from victims. The bad actors and what they have done on your network are only discovered forensically, after weeks or months of elapsed time have passed since the initial breach.
Because of the criticality of need for cyber defenses to protect and preserve lives, ensure the stability of government and critical infrastructure operations, a real-time network situational awareness capability is of particular importance in this use case.
Lumeta Spectre has provided our customers with these sample benefits in cyber defense applications:
Using Lumeta to help protect your network from theft by criminals and industrial spies
You can’t protect what you can’t see or don’t know about. In the case of financial, retail, entertainment, manufacturing and healthcare organizations IT security and network teams are learning this the hard way. In recent memory, companies in each of these industries have publicly reported the theft of millions of their customers’ financial records or the exfiltration of sensitive email and internal communications, research and development work-product, intellectual property and trade secrets.
Lumeta’s engagements with companies in these industries routinely helps them mitigate cyber theft by proof-points such as:
Network Infrastructure Analytics
A top five US bank with more than $1.5 trillion in assets uses Lumeta to examine their network architecture weekly. In their engagement, the scope of their enterprise network – which was based on data from existing network management, IP Address Management and Host Vulnerability Assessment (VA) – was initially evaluated to be 600,000 IP addresses. Lumeta’s recursive network indexing technology identified more than 800,000 actual IP addresses in use, a 25% visibility gap. The newly identified sub-networks and devices were not being evaluated by VA making this unknown 25% more susceptible to malware which could be used to exfiltrate financial information.
Breach Detection Analytics
One of the world’s largest and most recognizable entertainment brands with more than 100,000 employees and $40B in annual revenue has a policy prohibiting use of Secure Shell (SSH), TCP port 22, on certain critical subnetworks. SSH is one method of gaining privileged access to servers which is frequently sought by bad actors to achieve lateral movement and escalate privileges after they’ve gained a malware beachhead on a victim network. This customer used Lumeta IPsonar to initially identify and reconcile/remediate the universe of severs exhibiting SSH access. They subsequently migrated to Lumeta Spectre Cyber Threat Probe for real-time alerting upon any SSH port usage within the designated zones.
Network Segmentation Analytics
Another top five US bank with more than $2 trillion in assets has hundreds of internal enclaves that need to remain segmented from each other and also from the public Internet as part of an in-depth network security policy. Lumeta’s recursive network indexing technology helped identify more than 25 multi-homed hosts that were packet-forwarding between Ethernet interfaces on those servers violating network segmentation policy required for PCI DSS compliance.
IT Due Diligence for M&A
Lumeta solutions have been a part of some of the world’s largest mergers and acquisitions.
It can be extremely challenging to complete the hundreds of activities comprising a merger and acquisition (M&A) procedure. Network consolidation initiatives that are not planned or managed appropriately often result in service availability, security, or compliance problems. It is therefore vital that organizations understand all of their network connections and devices. Lumeta solutions intelligently streamlines the M&A process for both parties, providing global visibility into the combined network infrastructure, reducing security gaps, unaccounted infrastructure costs and eliminating rogue network devices.
Healthcare organizations face increased liability, fines, as well as audits to demonstrate that Protected Health Information (PHI) is adequately secured. Properly securing your network and managing HIPAA compliance and the HITECH act, which expands on the HIPAA’s requirements to protect health information within the entire healthcare provider ecosystem, can be daunting.
Data breaches can cause significant financial and reputational harm to an organization as well as undermine patient confidence. Unfortunately, data breaches of PHI continue to occur. A total of 804 large breaches of protected health information (PHI) affecting over 29.2 million patient records have been reported to the Secretary of Health and Human Services (HHS) since the HITECH Act went into effect.
Lumeta enables healthcare organizations to better understand and protect the sensitive data on their network by identifying unknown connections, i.e., vendor and physician network connections, mobile devices and rogue network infrastructures.
Network Security Audits
Lumeta & the CDM Program
The U.S. Department of Homeland Security (DHS) created the Continuous Diagnostics and Mitigation (CDM) program to fortify the cyber security of computer networks and systems. Lumeta offers significant advantages to address the DHS CDM program that involves the implementation of Critical Controls 1, 4 & 5 of the SANS Twenty Critical Security Controls for Effective Cyber Defense.
The benefits from this technology also overreaches into other tools areas such as Functional Area 2 – Software Asset Management, with Lumeta’s ability to discover unknown devices enabling other tools to be pointed at them for software asset management.
Lumeta enables government agencies to discover and take action against unauthorized or unmanaged hardware and software on a network that is likely to be vulnerable and exploited. Lumeta also provides different variations of continuous monitoring and network security management initiatives enriching configuration management and network vulnerability management via hybrid active/passive discovery to produce a cyber situational awareness picture of the entire network infrastructure.
Visibility and Security for Cloud Infrastructure
The very benefits of cloud – real-time deployment, disbanding of compute infrastructure and rapid time to availability of application services – means that cloud, network and security operations teams have less visibility and knowledge about how cloud activities are impacting overall enterprise network topology and risk to any critical data that rides on it. Yet, those teams are still responsible for the protection of critical enterprise and customer data assets.
Lumeta Spectre enables virtual machine asset visibility, visualize how cloud infrastructure is altering the network topology, and design critical alerts if network segmentation policies are violated – all in real time.
How It Works
Comprehensive View of the Network
Comprised of multiple network crawling methods including network, host, enhanced perimeter and leak path discovery, Lumeta Spectre uses a combination of recursive network indexing techniques to find everything that’s on the network (not just an IP range that is assumed to be in use by the administrator), resulting in a comprehensive, authoritative view of the entire routed infrastructure – all IP connections and devices, including those previously unknown. Spectre acts in real time to detect changes to the network’s security.
Visibility into the Dynamic Nature of the Cloud in Real Time
Lumeta Spectre discovers, maps and alerts about network topology changes, including transitory virtual machines (VMs), AMIs and other virtualized network functions (gateways, switch/router/firewall and forwarding devices). Spectre forms a holistic view of both physical and virtual networks, providing perspective of network vulnerability from within a network data center and throughout any cloud instances.
Intelligence for Cybersecurity Breach Detection & Analytics
On the assumption that attackers have already found a way into the network, Breach Analytics in Lumeta Spectre (formerly ESI) will monitor the network in real time for the telltale signs of nefarious activity, and then prioritize findings for investigation and action. Threat intelligence is made actionable by utilizing existing capabilities of Lumeta Spectre to correlate a comprehensive index of an enterprise’s IP address space against known threats, as new threat intelligence becomes available and as new devices connect to the network.Threat Flows – NetFlow Correlation to Malware C2