New Lumu Defender Capabilities Provide Visibility Beyond the Network

SAN FRANCISCO--(BUSINESS WIRE)--RSA Conference — Lumu, the creators of the Continuous Compromise Assessment® security model, today announced new upgrades to Lumu Defender, its flagship Network Detection and Response (NDR) solution. Lumu Defender now extends Continuous Compromise Assessment beyond the network to include endpoints, cloud environments, and user (identity) behaviors, giving security teams unified visibility across their entire digital ecosystem.

"Fragmented security defenses lead to fragmented visibility, and today’s attackers leverage these blind spots to bypass existing security solutions. Attacks have evolved, so visibility and response must too." -Ricardo Villadiego, founder and CEO of Lumu

Share

The past year marks a strategic shift in attack methods, with threat actors pivoting from high-profile malware to increasingly sophisticated, stealth-based tactics. The increase of AI-driven security attacks, attackers using legitimate tools instead of malware, and attackers quietly using cloud applications for exfiltration, creates more opportunities for criminals to leverage security blind spots and bypass existing security solutions.

Lumu continuously confirms whether an organization is compromised by observing live network activity and validating it against known malicious infrastructure. By linking confirmed malicious communications to identities, endpoints, cloud services, and email, Lumu delivers real-time Continuous Compromise Assessment across the environment, enabling security teams with early, unified attack visibility across their entire tech stack.

“To successfully navigate today’s dynamic compromise landscape, security teams must increase their attack visibility and correlation across networks, endpoints, identities, and email to include on-premises environments, public and private cloud environments, and roaming devices. Fragmented security defenses lead to fragmented visibility, and today’s attackers leverage these blind spots to bypass existing security solutions. Attacks have evolved, so visibility and response must too,” said Ricardo Villadiego, founder and CEO of Lumu. “With the expanded capabilities in Lumu Defender, we’re redefining Continuous Compromise Assessment by not only detecting threats in real time across networks, identities, endpoints, and cloud, but also integrating with other elements in the stack to automate responses.”

Lumu Defender now includes:

• Network-centric threat visibility: Lumu Defender analyzes network communications to confirm active compromise by validating traffic against known malicious infrastructure. This enables security teams to detect attacker activity moving laterally between internal systems, cloud workloads, and connected environments, helping stop intrusions and data exfiltration before impact.

• Endpoint attack visibility: Lumu Defender continuously observes endpoint behaviors that may appear suspicious or out of the norm, identifying compromise at the endpoint level. The enhanced Lumu Endpoint Agent can now perform host isolation, automatically blocking confirmed malicious activity in compromised devices and eliminating the need for manual intervention on legacy antivirus or Endpoint Detection and Response tools.

• Identity visibility: Increased visibility now includes observing anomalies in user behaviors, like unusual logins (profiling normal login patterns of admin accounts and highlighting anomalies like unexpected times or frequencies) and login brute force attempts (showing abnormal login failures and probing activity). Lumu Defender provides security teams with early visibility into compromised accounts before privilege escalation or lateral movement occurs—empowering security teams to stop intrusions before broader access is achieved.

• Cloud visibility: With attackers increasingly using legitimate cloud storage providers to send data under the cover of normal SaaS traffic, Lumu Defender monitors for suspicious transfers, destinations, volumes, timing, and accounts in cloud environments. Security teams now have early, actionable visibility to stop data theft and investigate insider risk or compromised identities before damage escalates.

"In an era where attackers trade brute force for behavioral evasion, network threat visibility has become the anchor of modern security operations. NDR is especially powerful when combined with other control points such as endpoint, data, identity, and applications. This unified context is what allows security teams to move past the noise and uncover a single source of truth regarding a potential compromise,” said Chris Kissel, Research Vice President, Security & Trust, IDC

Available now, Lumu Defender delivers Continuous Compromise Assessment that extends detection and response beyond the network to cover identities, endpoints, and cloud activity. To learn more about Lumu’s industry-leading cybersecurity solutions, visit lumu.io or meet the Lumu team this week at RSAC at booth North 4400.

About Lumu

Lumu is a cybersecurity company that helps organizations operate cybersecurity proficiently by measuring and understanding compromise in real time. Through its Continuous Compromise Assessment® model, Lumu empowers security teams to act immediately on confirmed compromises and minimize risk exposure. For more information, visit www.lumu.io.