Continuous Compromise Assessment Tool

Use Your Own Network Metadata to Detect Incidents

AI-Powered Compromise Data in Real-Time

Lumu Technologies has developed an AI-powered Continuous Compromise Assessment tool that systematically collects and analyzes a wide range of network metadata sources for confirmed indications of compromise. It provides immediate, actionable intelligence on compromises by geography, network segments, devices, domains, critical asset and more. We believe in the product so much we've signed on as a reseller.

Lumu’s approach rethinks the security paradigm, one that has tried to keep attackers out of key enterprise networking assets. Instead, Lumu makes the assumption that cybercriminals are already inside the enterprise’s environments and creates a Continuous Compromise Assessment model: collecting, normalizing, and analyzing network metadata, including DNS, Netflows, Proxy and Firewall Access Logs, and Spambox. This continuous data assessment flags compromises so organizations can react in real-time.

Key Facts

  • Data breaches have surged 88% from 2014 to 2019
  • Cybersecurity spending is projected to have grown by 57% from 2014 to 2019
  • In 2019, an attacker avoided detection for an average of 206 days


The Answer is in Your Own Network Metadata

All attacks have a common denominator: the threat actor must use the network to compromise an organization. Therefore they leave behind a trail of evidence that Lumu follows by looking at a comprehensive array of metadata sources.

DNS Queries

When a device is compromised, it will resolve a domain that belongs to adversarial infrastructure, offering concrete compromise evidence.

Proxy and Firewall Logs

If the attack does not use DNS infrastructure, it’s only other option is to connect directly to an IP address.

Network Flows

Network flows provide insightful information into an adversary’s objective and attempts to move laterally.


Blocking spam is good, but analyzing it is better because you can discover who is targeting your organization, how they are doing it, and how successful they are.

The Illumination Process - How it Works

Lumu’s Illumination Process is the core enabler of Continuous Compromise Assessment that correlates network metadata with known IoCs and AI, and results in actionable, confirmed compromise evidence.

Confirmed Compromise Intelligence

Detailed, real-time compromise intelligence on how enterprise assets are communicating with adversary infrastructure.

Compromise Context

Robust context around confirmed compromise incidents that enables teams to enact the precise response in a timely manner.

Compromise Radar

Powerful visualization tool that reveals attack patterns, conditions, and behavior.

Spambox Report

Unprecedented intelligence on who is targeting your organization, how they are doing it, and how successful they are..

Cloud-based Delivery

Cloud-based model allows for accelerated deployment and immediate positive ROI.


Patent-pending capability that reviews up to 2 years of network metadata traffic and compares it to new known IOCs.

For a FREE demonstration of Lumu Insights, simply pick a date on this calendar: