Lumu detects and validates network compromises by analyzing metadata like DNS, NetFlow, and proxy logs. It provides real-time indicators and context to enhance detection, improve threat visibility, and reduce investigation time.
| Product | Mindshare (%) |
|---|---|
| Lumu | 3.1% |
| Darktrace | 14.3% |
| Vectra AI | 10.6% |
| Other | 72.0% |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Fortinet FortiGate | 4.2 | N/A | 92% | 592 interviewsAdd to research |
| Cortex XDR by Palo Alto Networks | 4.2 | N/A | 96% | 112 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 3 |
| Midsize Enterprise | 1 |
| Large Enterprise | 3 |
| Company Size | Count |
|---|---|
| Small Business | 91 |
| Midsize Enterprise | 69 |
| Large Enterprise | 136 |
Lumu offers organizations a streamlined solution to identify network compromises through comprehensive metadata analysis, including DNS, NetFlow, and proxy logs. By providing real-time compromise indicators alongside contextual information, Lumu elevates threat visibility and shortens investigation durations. Its simple interface and integration flexibility with platforms, alongside automated incident responses, highlight its value. While users appreciate limited false positives, ease of use, and the context provided, enhancements in SIEM and XDR integration, asset context enrichment, and reporting are areas users would like to see further developed.
What features define Lumu?Organizations use Lumu to monitor outbound traffic, detect compromised endpoints, log firewall activities, and enable active threat blocking. Its integration ease via API supports threat detection across LAN and Wi-Fi, monitoring email traffic, and acting as a managed SOC for security event coordination. Companies appreciate Lumu's adaptability in hybrid environments and its ability to efficiently locate and analyze threats within network metadata, ensuring quick deployment and extendibility across external platforms.
| Author info | Rating | Review Summary |
|---|---|---|
| Director, Information Technology at a educational organization with 201-500 employees | 4.0 | We use Lumu as our managed SOC for security event coordination, finding its automated incident response and platform extendability impressive. While minimal in false positives and cost-effective, more community growth and support would enhance usability. |
| IT Director at Atlantic Quantum Innovations | 4.5 | I find Lumu valuable for quickly addressing threats, though integration with vendors and detailed reporting could improve. While Lumu lacks dedicated endpoint protection, it remains solid despite not being as comprehensive as solutions like CrowdStrike and Darktrace. |
| Network Security Analyst at ALACHUA COUNTY ITS | 5.0 | Lumu automates most alerts, enabling us to respond efficiently based on collected data. Although we've seen a return on investment, accessing physical logs could be faster. We haven't considered or used other solutions and have no specific cloud provider. |
| Network Security Analyst at ALACHUA COUNTY ITS | 5.0 | We utilize Lumu for enhanced network visibility, focusing on firewall logging, active blocking, and email monitoring. Its simplified packet information improves response efficiency. Previously using Alienvault, we found Lumu met all our cybersecurity needs with no improvements necessary. |
| Information security and quality engineer at Federacion de Aseguradores Colombianos Fasecolda | 5.0 | I value Lumu's automated threat analysis, providing quick insights and context for my hybrid network. It's easy to use, supports remote work, and implementation was quick. While reports need improving, I'm satisfied and plan to upgrade. |
| Chief Solutions Architect at a government with 51-200 employees | 4.5 | I implemented Lumu for network detection to identify and block threats, appreciating its user-friendly interface and support services. Although the free version is limited, I recommend Lumu over other solutions due to its functionality and ease of use. |
| Deputy Manager Technical Support at Restaurantes TOKS | 5.0 | I value Lumu for identifying network compromises, providing complete context, and automating responses in my hybrid environment. It improved my cybersecurity operations and reduced alert fatigue. However, I believe its management reports need enhancement. |
| CIO at a tech consulting company with 1-10 employees | 4.0 | In my experience with Lumu, it effectively complements other tools for monitoring and detecting ransomware in real-time within our environment. However, its threat discovery capabilities could improve. The tool provides a decent ROI within a few months. |
It fulfills the role of a SIEM, serving as our dashboard.
The automated response to incidents works effectively out of the box, and the number of interfaces and platforms it can work with is impressive. It is very extendable to all the platforms we use.
It provides peace of mind knowing that any device on our network, whether it is our own, BYOD device, or an unauthorized device, is being tracked and analyzed at multiple levels.
The false positives are minimal. It picks up on borderline issues, and the price provides good value. The value proposition is solid.
Having some sort of certification or training, along with more periodic webinars might be helpful. Having a larger support network would be beneficial. Nobody I know has heard of Lumu, so they are in the same space as Darktrace or CrowdStrike, but people give blank stares. As the community grows for Lumu then that will improve, but that is not really a criticism of Lumu, they simply have not been around that long.
The complete deployment took approximately a week.
I handled the deployment alone. The initial deployment was completed in a couple of hours, but connecting it to our firewall and cloud services took longer. The initial setup to get it operational was accomplished in a couple of hours.
Positive
The ones I have noticed that are false positives are minimal.
It uses AI to analyze threats, though I am not certain about the extent of its implementation.
We are a government organization.
I would rate it an eight.
When we have a threat, we don't have any visibility of the threat until the alarms go up. Sometimes it gets too late. Lumu protects against threats immediately and handles them in time.
The integration with different vendors and endpoints could be improved. The reports are not so extensive, but they could be better.
I have been using Lumu for 6 months.
The product is stable. We didn't have any trouble with it.
I rate the solution’s stability a ten out of ten.
Lumu is not scalable because we installed 4000 machines that break weekly, but they have a very straightforward process.
I rate the solution’s scalability an eight out of ten.
CrowdStrike offers a complete solution with an endpoint and everything included. Lumu is a solid solution but it doesn't have any endpoints or antivirus dedicated. CrowdStrike and Darktrace are scalable solutions.
The initial setup is straightforward. We have 4000 machines, and it takes a month for full deployment. The first connection with the devices takes two hours. Three people, including the infrastructure manager and two security engineers, were involved in deploying the solution.
I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.
The pricing is moderate. It cost around 90,000$/ year in 2019. They have another fee to put to put something or to act directly on every threat if it's needed.
I rate the product's pricing a five out of ten, where one is cheap and ten is expensive.
Mostly, Lumu is an automatic tool. We'll deploy on firewalls and DNS servers. Lumu detects every attack on our network.
The other day, we had CLC, the command controller, and the tool reacted automatically. It detected the attack and immediately blocked it without intervention from my team.
The improvement is in the security process, as it's now entirely automated. We no longer require a technician or engineer to monitor our network 24/7. Lumu updates with AI and global threat intelligence, which greatly assists us. Since our workload is lighter, Lumu handles all of our tasks.
We're using FortiGate for the firewall and Kaspersky for endpoints.
If you are going to Lumu, you need another solution for the endpoint. You need to integrate with other tools like firewalls or another antivirus.
I recommend the solution based on the price, usability, and service offered by the solution.
Overall, I rate the solution a nine out of ten.
When Lumu sends us a report that something is unsound, we respond to it. Some of the things we have are automated, and some are not.
If a user hits a bad website, we will check it out, verify it, check the logs they give us and lock it in our web gateway.
Most of it is automated, so I do not have to watch it to get alerts. Based on the data Lumu collects, we can make an educated response.
It would be good if we could access the physical logs. Sometimes Lumu gives them to us, but we would have to wait a day. **UPDATE** they ave a place in line to make the request and you can get them way faster that way now. Thank you for that update
I have been using Lumu for about five years. I am using the newest version.
I rate the stability of the solution a ten out of ten.
I rate the scalability of the solution a ten out of ten.
It has been awesome, hardly have any issues but anytime we have one, usually resolved within a couple hours.
The initial deployment was very straightforward.
In-house, with help of the Lumu Techs.
We have seen a return on investment.
The solution is the cheapest one we found for the most value given.
Just check out the trial, and you will be impressed.
We use Lumu in various ways across the network with a focus on firewall logging and active blocking. We also leverage the data that Lumu provides for email monitoring. We use a couple of applications to work through. Many new applications have been added since we first came started using the product and a few more we look forward to that are upcoming.
We use it to block items missed in the web filter and firewall scan from outside.
It's been helpful for overall extended network visibility.
Lumu helped us add another layer to our existing cybersecurity operation.
We used a SIEM in the past and that gave us too much data. It complicated our ability to respond to incidents quickly. Lumu, on the other hand, provides all of the details we need, when we need them to be able to quickly respond to malicious activity.
We also greatly appreciate that they are quick to respond to issues or questions that we may have when they come up. Overall, we really like the solution and the usability for technical people like myself and others who are less technical.
The way the information is given to us versus trying to read a packet coming from a SIEM. In the past, we relied on a SIEM and that data was far too cumbersome. It delayed our response capabilities and didn't allow us to respond in an efficient way.
Lumu has all the packet information we are looking for but doesn't overcomplicate it. They show us the information in a more simplified way. I can look at the packet data if I want to but don't necessarily have to.
We also really like the incidents view that allows for commenting/communication about an incident.
Nothing so far needs to be improved. The new features that have been added are very nice. I can't think of any new capabilities that need to be added. Overall this product meets our needs and does what we need it to do.
As mentioned, it adds another layer to our cybersecurity stack.
I've used the solution for a two and a half years.
We have never had any issues with the product being down.
With the recent updates and additional plugins, this is an easy product with unlimited scalability.
Overall, we had a great experience. Sebastian was very helpful in getting the environment set up.
Positive
We used Alienvault, however, it didn't provide what we needed. It was just a SIEM and we were limited in that.
Setup was simple, just about as plug and play as you can get. You download an image from their site. The directions were very simple to follow, we had it running in minutes and data flowing in minutes.
We handled the initial implementation in-house.
The plugin that automates our process of adding bad/known bad web sites automatically is a time saver like no other. We have Albert (outside monitoring service) that will tell us some machine hit a "bad site" but it has already been blocked because lumu.
It was the most value we found for what we needed, If you do not need to have access to the packets themself, this is the solution for you.
We evaluated other solutions, however, ultimately, we realized Lumu checked all the boxes in what we were looking for.
We want to know where the threats are inside our network, with this solution, we can automate the network metadata analysis and see where and when bad things happen so we can take immediate action.
Lumu is easy to use, so we didn’t need a long training process, and the implementation was quick.
Our environment is hybrid so having the option of Virtual Appliance, agents, and other options of the collection was a must.
We are evaluating the option to upgrade from Insights to Defender to have the benefit of visibility and automatic response.
Now we know what is happening, so we can quickly address any issue. Lumu provides factual data about contacts to adversarial infrastructure inside the organization and is simple to use.
We manage sensitive information from other companies, so having the proper cybersecurity in place was necessary. Also, Lumu provides insights into which controls are working and which are not working.
The context provided by the solution allows the team to know if is something that requires only mitigation or also eradication.
The context is useful. You can access external links, playbooks, MITRE Matrix, and a lot of information.
The activity graph shows in a single pane how the company is behaving regarding cybersecurity, you can know which days are the most affected and take action.
An automated response is valuable, and we plan to upgrade to Lumu Defender to have this feature.
Agents for Windows help monitor devices while not in the office. In the world that we live today, this is important because people work from home or other locations all the time.
I am happy with the current features. However, one important one is to improve the reports. The good thing is that they already captured my feedback regarding this and are working on a new version of the reports.
Besides that, I am happy with the features and value they provide to our cybersecurity operation. With this solution, you don’t need to invest in expensive cybersecurity software because you can operate within the product easily.
I am glad about the results so far and expect to have even more features when we upgrade to Defender.
I've used the solution for one year.
The offer good technical support.
Positive
The implementation was easy, clear, and quick.
We implemented Lumu for network detection. We deployed it to detect threats on the LAN and Wi-Fi networks. Currently, it's used within the IT department to detect any threats. Extending it to our servers will be deployed across the entire organization, covering our LAN and Wi-Fi networks.
When we deployed Lumu, we saw the benefits immediately. We noticed threat detection within the first week. Threat detection is the most compelling feature of Lumu for enhancing our incident response. When we first deployed it, we had an older version of our firewall, which Lumu outperformed in detecting threats. Even after upgrading our firewall, Lumu's detection algorithms provided earlier alerts.
Regarding the compromised assessment, Lumu has significantly improved our threat detection. Before Lumu, we manually blocked threats on the firewall, but Lumu's alerts have allowed us to make proactive adjustments. For the past three months, we've had no detections on our network as Lumu efficiently identified and blocked suspicious sites and potential phishing threats.
I like Lumu's simple user interface. When we deployed it, we got full access, allowing us to identify IP addresses on the network and connect machine names to users. It helped us identify and block threats via the firewall.
I also appreciate the chat support and ticket closure process. We're currently reviewing network detection solutions, and my recommendations include Lumu, Sentinel, and a few others. Regarding functionality and user-friendliness, I would recommend Lumu over the others.
The free version is very limited compared to the full version.
I have been using Lumu for the past year.
I haven't experienced any issues with stability in Lumu so far. They informed us about a maintenance period, but it happened after midnight and didn't cause any disruptions. We have deployed for network monitoring and IT footprints, so we haven't seen any lagging, crashing, or downtime. In the future, if we decide to fully deploy it across the organization,I'll better understand its stability with more agents in use.
We haven't integrated Lumu with other software yet. We found Lumu to be entirely scalable. We had no trouble deploying it to other devices in our IT department. It was straightforward and based on the license structure, so we encountered no challenges monitoring additional devices.
During deployment, our IT team might have reached out to Lumu to confirm the correct setup, but other than that, we didn't need their support.
Our system admin did the deployment, and it took about three days, with everything up and running within a week. The deployment was easy, thanks to Lumu's manual guide. We didn't need any resellers or consultants; we just needed assistance from Lumu's team. The deployment required two people from our IT team. After deployment, Lumu didn't require any maintenance. It functions autonomously, and I only need to visit the portal to close tickets, which we receive notifications via email.
Compared to Lumu, other solutions are more expensive. SentinelOne was a bit cheaper, and another provider's price structure is unclear, but Lumu fit our budget nicely. SentinelOne's cost depends on the number of devices so it might be similar to Lumu, depending on deployment.
Lumu was more aligned with our budget.
Before choosing Lumu, we looked at other solutions and had meetings with different providers, but in terms of actual deployment and testing on the network, it has only been Lumu so far.
We considered other solutions like DocuSign and SentinelOne, but Lumu's network detection and response capabilities were more aligned with our needs. We haven't deployed it across all endpoints yet, but based on network monitoring, I'm delighted with Lumu's performance.
I would rate Lumu as nine out of ten, as we haven't fully deployed it across our organization to see its complete functionality. For new users exploring Lumu, I recommend preparing by ensuring key stakeholders are involved in understanding its capabilities. Lumu is budget-friendly, easy to deploy, and has shown no compatibility issues, making it a competitive solution for quick deployment and efficient monitoring.
The objective has been to be able to identify compromises within my network, in a hybrid and complex environment, having visibility of what is happening and how we can react quickly has been key. It also has a great advantage and that is the ability to automate the response. Lumu has an API and out-of-the-box integrations that make the process very easy. In a very short time and with the help of your team, I was able to integrate other existing cybersecurity solutions. Lumu helps me to be able to do it by investing my team's time in cybersecurity efficiently.
Lumu has allowed us to operate cybersecurity in a better way. The number of incidents is manageable and it contains all the context including the Mitre matrix and much more.
Also having visibility in our different environments, on-premise, cloud, and remote has been beneficial, and being able to monitor IoTs such as IP cameras is something that cannot be easily done with other solutions.
The other important thing is to have the peace of mind that the mitigation is being done automatically so that our team can focus only on those incidents that require our full attention.
The context provided by the tool is very complete, it includes the miter matrix, playbooks, links, hashes, and much more.
They have many integrations with other cybersecurity tools for both metadata collection and response and more and more are being included every month.
The ease of use is great. While cybersecurity tools are complex, Lumu is very easy to use and does not require extensive training.
It decreases alert fatigue. Lumu only shows me what has been confirmed and what I have to take action on, so it significantly reduces alert fatigue.
The reports need improvement. They need to have more complete reports that can be provided to the management area - although I understand that it is something they are already working on.
With that information, cybersecurity can be escalated within the organization and the different executive stakeholders see it as something to which they should pay attention.
Otherwise, it is a very complete tool that is evolving rapidly, so users benefit from these new features. The team is always attentive to receiving feedback and passing it on to the product team when necessary
I have been using this solution for almost a year.
Their customer service and support are amazing.
Positive
The deployment was very simple.
My company is currently dealing with Lumu's onboarding process.
Lumu is used to monitor the environment permanently and validate if there is ransomware that can exploit our infrastructure.
I like Lumu because it additionally complements the other tools in my company. Lumu can be used as a complementary tool for a DLP product, a vulnerability analysis, or an SIEM tool. Lumu permanently monitors the environment. When there is an attack, Lumu does not explore them immediately. If our security has already been compromised, Lumu detects the situation. It is useful for real-time detection.
Lumu's ability to discover threats is an area of concern where improvements are needed.
I have experience with Lumu. My company is in the process of becoming a Lumu partner.
Lumu has very good support in Colombia. The tool's support team helps partners resolve any problems with the product. I rate the technical support a nine out of ten.
Positive
It is very easy to implement in our operation.
After deployment, the tool offers permanent monitoring features.
Deploying Lumu is very easy, but you need to have more budget for agents.
The solution's deployment can be done in a day.
The tool's ROI can be experienced in a short span of time or a few months.
The tool is available at a good price. The tool offers a good and competitive price for customers.
Lumu is a complementary tool for other tools. Lumu can be an excellent component because it can improve the security in an organization.
The tool offers good integration features. Lumu has great integration features with other tools. Lumu understands and uses the input of all your tools to offer protection to users.
Compared to other NDR tools, Lumu serves as a SaaS solution, especially compared to some other products like Cisco or other older manufacturers. Lumu is a SaaS tool that has better functionalities compared with Cisco or Fortinet.
I rate the tool an eight out of ten.
