Higher Sense in Real Time

Cut Through the Fog to Secure the Cloud!

Today’s large enterprises function in an ever-expanding IP space where it can be difficult to have a handle on every network connection, host, and active IP on the network. Because of the constant state of change, the exponentially growing number of connected devices in the enterprise can fall outside of the watchful eye of security management where serious threats can emerge.

In this world of advanced and complex cyber threats, Lumeta empowers information security professionals with the industry’s most comprehensive network situational awareness solutions. The accurate and timely intelligence Lumeta provides on network architecture, network segmentation and cybersecurity analytics allows our clients to validate IT policies, analyze the connectivity between assets and networks, uncover risk patterns and policy weaknesses, and proactively secure their critical assets. Lumeta is the foundation for a healthy, secure network.

SOLUTIONS

Using Lumeta to defend governments and critical national infrastructure from cyber attack
Networks are essential tools in military, intelligence/investigative and civilian government applications. And networks have become equally important to the safe and efficient operation of critical national infrastructure like emergency response, transportation systems, energy and water distribution. Whether perpetuated by nation-states, criminal enterprises or terrorist organizations for advancement of their various causes, each year there are a growing number of critical cyber incidents that are discovered and reported. Most often, these incidents are only reported after significant damage has been done and critical, secret or personally identifiable data has been compromised or exfiltrated from victims. The bad actors and what they have done on your network are only discovered forensically, after weeks or months of elapsed time have passed since the initial breach.

Because of the criticality of need for cyber defenses to protect and preserve lives, ensure the stability of government and critical infrastructure operations, a real-time network situational awareness capability is of particular importance in this use case.

Lumeta Spectre has provided our customers with these sample benefits in cyber defense applications:

Network Infrastructure Analytics

  • Identification within minutes of newly inserted, possibly rogue wireline or wireless infrastructure devices, firewall, routers or other network functions (e.g., virtualized) acting as packet forwarders
  • Identification of any new virtual/cloud IaaS (or physical) resource seeking service from the network within minutes
  • Provides a real-time visual view of critical enterprise zones or the whole enterprise with all recent changes authoritatively highlighted for validation
  • IPv6 awareness for military and intelligence IoT applications where there may be millions of individually addressable devices under management
  • Breach Detection Analytics

  • Discover real-time use of Dark Web/TOR exit nodes from locations inside the government enterprise
  • Identify unauthorized use of services which may be utilized for lateral movement or exfiltration of data like RDP, X11, FTP, DNS
  • Network Segmentation Analytics

  • Real-time identification and mapped views of newly identified networks and newly inserted routes
  • Real-time identification of routed (L3) or bridged (L2) “leak paths” or other connectivity violations in between protected network enclaves
  • Using Lumeta to help protect your network from theft by criminals and industrial spies
    You can’t protect what you can’t see or don’t know about. In the case of financial, retail, entertainment, manufacturing and healthcare organizations IT security and network teams are learning this the hard way. In recent memory, companies in each of these industries have publicly reported the theft of millions of their customers’ financial records or the exfiltration of sensitive email and internal communications, research and development work-product, intellectual property and trade secrets.

    Lumeta’s engagements with companies in these industries routinely helps them mitigate cyber theft by proof-points such as:

    Network Infrastructure Analytics
    A top five US bank with more than $1.5 trillion in assets uses Lumeta to examine their network architecture weekly. In their engagement, the scope of their enterprise network – which was based on data from existing network management, IP Address Management and Host Vulnerability Assessment (VA) – was initially evaluated to be 600,000 IP addresses. Lumeta’s recursive network indexing technology identified more than 800,000 actual IP addresses in use, a 25% visibility gap. The newly identified sub-networks and devices were not being evaluated by VA making this unknown 25% more susceptible to malware which could be used to exfiltrate financial information.

    Breach Detection Analytics
    One of the world’s largest and most recognizable entertainment brands with more than 100,000 employees and $40B in annual revenue has a policy prohibiting use of Secure Shell (SSH), TCP port 22, on certain critical subnetworks. SSH is one method of gaining privileged access to servers which is frequently sought by bad actors to achieve lateral movement and escalate privileges after they’ve gained a malware beachhead on a victim network. This customer used Lumeta IPsonar to initially identify and reconcile/remediate the universe of severs exhibiting SSH access. They subsequently migrated to Lumeta Spectre Cyber Threat Probe for real-time alerting upon any SSH port usage within the designated zones.

    Network Segmentation Analytics
    Another top five US bank with more than $2 trillion in assets has hundreds of internal enclaves that need to remain segmented from each other and also from the public Internet as part of an in-depth network security policy. Lumeta’s recursive network indexing technology helped identify more than 25 multi-homed hosts that were packet-forwarding between Ethernet interfaces on those servers violating network segmentation policy required for PCI DSS compliance.

    IT Due Diligence for M&A
    Lumeta solutions have been a part of some of the world’s largest mergers and acquisitions.

    It can be extremely challenging to complete the hundreds of activities comprising a merger and acquisition (M&A) procedure. Network consolidation initiatives that are not planned or managed appropriately often result in service availability, security, or compliance problems. It is therefore vital that organizations understand all of their network connections and devices. Lumeta solutions intelligently streamlines the M&A process for both parties, providing global visibility into the combined network infrastructure, reducing security gaps, unaccounted infrastructure costs and eliminating rogue network devices.

  • Plan network consolidation using validated facts about devices, services and connections.
  • Map the entire network and how connectivity flows across both networks.
  • Minimize security & compliance risks during transition.
  • Uncover cost savings opportunities.
  • Identify un-managed devices and policy violations.
  • Provide post-merger/consolidation validation.
  • Securing PHI
    Healthcare organizations face increased liability, fines, as well as audits to demonstrate that Protected Health Information (PHI) is adequately secured. Properly securing your network and managing HIPAA compliance and the HITECH act, which expands on the HIPAA’s requirements to protect health information within the entire healthcare provider ecosystem, can be daunting.

    Data breaches can cause significant financial and reputational harm to an organization as well as undermine patient confidence. Unfortunately, data breaches of PHI continue to occur. A total of 804 large breaches of protected health information (PHI) affecting over 29.2 million patient records have been reported to the Secretary of Health and Human Services (HHS) since the HITECH Act went into effect.

    Lumeta enables healthcare organizations to better understand and protect the sensitive data on their network by identifying unknown connections, i.e., vendor and physician network connections, mobile devices and rogue network infrastructures.

    Network Security Audits

    Lumeta validates security compliance management efforts, allowing organizations to:

  • Maintain compliance amid network and regulatory change
  • Optimize vulnerability management and incident response
  • Eliminate audit surprises
  • Gain “fact-based” compliance reporting
  • Show protective measures are in place around sensitive customer & personnel data
  • Provide continuous monitoring
  • Automate audit reporting on network infrastructure
  • Lumeta discovery processes can be applied to most major regulations including HIPAA, FISMA, SOX, GLBA, PCI, and more.
  • Lumeta allows users to configure IT policy guidelines in the product. Lumeta produces alerts in real-time, as violations are discovered, for issues such as:

  • Network-level discovery data
  • Discovered devices
  • Unknown IPs
  • Non-responding networks
  • Lumeta aligns with the ISACA approach to auditing network security, particularly the first step – determining the extent of the network. Lumeta will identify exactly what comprises the network, including any connections to external networks.

    Lumeta & the CDM Program
    The U.S. Department of Homeland Security (DHS) created the Continuous Diagnostics and Mitigation (CDM) program to fortify the cyber security of computer networks and systems. Lumeta offers significant advantages to address the DHS CDM program that involves the implementation of Critical Controls 1, 4 & 5 of the SANS Twenty Critical Security Controls for Effective Cyber Defense.

    Functional Areas

  • Functional Area 1 – Hardware Asset Management
  • Functional Area 4 – Vulnerability Management
  • Functional Area 5 – Network Access Controls
  • The benefits from this technology also overreaches into other tools areas such as Functional Area 2 – Software Asset Management, with Lumeta’s ability to discover unknown devices enabling other tools to be pointed at them for software asset management.

    Lumeta enables government agencies to discover and take action against unauthorized or unmanaged hardware and software on a network that is likely to be vulnerable and exploited. Lumeta also provides different variations of continuous monitoring and network security management initiatives enriching configuration management and network vulnerability management via hybrid active/passive discovery to produce a cyber situational awareness picture of the entire network infrastructure.

    Visibility and Security for Cloud Infrastructure
    The very benefits of cloud – real-time deployment, disbanding of compute infrastructure and rapid time to availability of application services – means that cloud, network and security operations teams have less visibility and knowledge about how cloud activities are impacting overall enterprise network topology and risk to any critical data that rides on it. Yet, those teams are still responsible for the protection of critical enterprise and customer data assets.

    Lumeta Spectre enables virtual machine asset visibility, visualize how cloud infrastructure is altering the network topology, and design critical alerts if network segmentation policies are violated – all in real time.

    How It Works
    Comprehensive View of the Network
    Comprised of multiple network crawling methods including network, host, enhanced perimeter and leak path discovery, Lumeta Spectre uses a combination of recursive network indexing techniques to find everything that’s on the network (not just an IP range that is assumed to be in use by the administrator), resulting in a comprehensive, authoritative view of the entire routed infrastructure – all IP connections and devices, including those previously unknown. Spectre acts in real time to detect changes to the network’s security.

    Visibility into the Dynamic Nature of the Cloud in Real Time
    Lumeta Spectre discovers, maps and alerts about network topology changes, including transitory virtual machines (VMs), AMIs and other virtualized network functions (gateways, switch/router/firewall and forwarding devices). Spectre forms a holistic view of both physical and virtual networks, providing perspective of network vulnerability from within a network data center and throughout any cloud instances.

    Intelligence for Cybersecurity Breach Detection & Analytics
    On the assumption that attackers have already found a way into the network, Breach Analytics in Lumeta Spectre (formerly ESI) will monitor the network in real time for the telltale signs of nefarious activity, and then prioritize findings for investigation and action. Threat intelligence is made actionable by utilizing existing capabilities of Lumeta Spectre to correlate a comprehensive index of an enterprise’s IP address space against known threats, as new threat intelligence becomes available and as new devices connect to the network.Threat Flows – NetFlow Correlation to Malware C2

    Servers

  • Determine if cyber controls are preventing malware call back, C2 channels, and data exfiltration.
  • Lumeta SpectreI ingests NetFlow traffic from the enterprise network as well as external intelligence feeds, and executes real-time correlation between them.
  • Lumeta Spectre with NetFlow ingestion allows real-time and forensic analysis of actual conversations occurring between devices on your network and known bad actor IP addresses supplied by an ingested threat feed. Spectre validates communications are occurring from specific devices inside your network to these addresses now, or when those communications occurred historically.
  • Zombie/Bot Hunting

  • Determine whether or not any trusted/enterprise assets are malware infected infrastructure (participating in C2 botnet) or part of blacklists / Dropnets / Shadowserver / attacker lists.
  • Lumeta Spectre correlates its full index of the enterprise IP address space against known bad IP addresses to find enterprise assets that are blacklisted (listed in threat intelligence as malware/botnet machines). It raises a flag regarding any potentially compromised machines.
  • Internal Use/Accessibility of Known Trojan/Malware Ports

  • Determine whether or not any trusted/enterprise assets are utilizing ports known to be associated with Trojans, malware, and attack lateralization.
  • Lumeta Spectre parses open source and closed source intelligence feeds and repositories to enumerate known bad ports and services. It then performs Spectre Port Discovery scans internally against that port list. Open bad ports indicate possible malware is running on the system. Closed ports may indicate steganography based port knocking exists.
  • Identification of Internal TOR Relays/Bridges

  • Determine whether or not any trusted/enterprise assets are acting as current or past TOR relays/bridges, potentially for nefarious purposes.
  • Lumeta Spectre correlates its full index of the enterprise IP address space against TOR relay IP addresses to find enterprise assets that are listed as an active (or historical) TOR relay. It flags devices that are behaving as relays/bridges.