Lumu, a startup threat hunting specialist, said it will debut its new threat hunting platform at the upcoming Black Hat USA 2023 convention in Las Vegas, starting on Sunday, August 6.
The company’s Continuous Compromise Assessment model enables organizations to measure compromise in real time by using automation to alert cyber teams to unusual activity. When something out of the ordinary is detected, an incident is created and automatically triggers the hunt.
Teams receive actionable information about who was impacted, when the incident took place and how best to respond before it escalates to a bigger problem.
Ricardo Villadiego, Lumu founder and chief executive, compared the company’s technology to traditional defensive approaches:
“Defensive technologies rely on rules, heuristics and outliers to find threat actors but these technologies lack one essential component that is essential to the threat hunting practice: the creativity of the practitioners defending networks. Effective threat hunting requires the foresight of humans and the tools have to amplify what humans are capable of. Our new capabilities help threat hunters do their job better by finding attacks that circumvent detection capabilities in cybersecurity products and managed security services.”
A Closer Look at Lumu for Threat Hunting
This is how Lumu for Threat Hunting helps threat hunters:
Trigger
Investigation
Resolution
Lumu maintains a program for managed service providers through which it offers unified threat visibility, automated threat response and the ability to get more from existing tools. The company’s platform is available to MSPs at three different levels of performance.
Since emerging from stealth mode in February 2020, Lumu has raised $25.5 million, with the latest round of $8 million taking place a year ago, followed two months later by $10 million in debt financing.
Lumu Tracks Ransomware Activity
Lumu also said it will release an update to its 2023 Ransomware Flashcard. Key findings for threat hunting teams include:
The most prevalent ransomware precursors (Qakbot, Phorpiex, Emotet, Cobalt Strike, Ursnif, Dridex and ZLoader)
Which ransomware precursors active cybercrime gangs are using: