Tell us about Lumeta. How did you get involved in large-scale enterprise and government cyber security?
I’ve been involved with IT and network security for years, most recently as CEO of AEP Networks, a former Ireland-based startup that I led from its founding through four acquisitions. Lumeta, a spinoff of Bell Labs, was initially a hardware-focused network compliance and visibility company. Since 2013, we’ve transformed into a virtual, subscription-based, security intelligence platform. Our technology offers real-time, 100% accurate network visibility for federal government and enterprise markets. On average, we find that compared to networks that don’t use our products, we are able increase visibility of the network and networked infrastructure by 40%. Our thesis is that in the next generation stack that is evolving, without a clear foundational understanding of your entire network and 100% visibility – your strategy is fundamentally is flawed. Beyond network visibility, we also validate and monitor changes in network segmentation, which means that in real-time we expose unauthorized, leak paths between networks or to the Internet that should not have traffic going between them. Thus, for any service provider or contract manufacturer that needs to ensure separation between clients, for example Apple from Samsung, we can provide real-time, actionable data in order to correct lock down unauthorized communications and prevent any stray traffic or worse, malicious activity like talking to malware sites or data exfiltration. We find that before implementation of our technology, about 70% of our clients have significant issues with leak paths. Our products also come integrated with a continuously updated threat intelligence library from Accenture iDefense and can also pull in other feeds. This allows us to vector, in real-time a specific IP address on the specific network that has come on - highlight it and notify that a potential bad actor conversation is in process at that nanosecond and, in turn, alert a user directly or feed that information any or all the parts of the stack.
Large-scale network security is quite complex, how does Lumeta ensure that networks with hundreds of thousands, or even millions, of nodes are secure?
We operate on the network layer itself using technology that has active and passive listening capabilities that are processed through a highly efficient big data engine. That, combined with multiple methods for real-time discovery of existing, new or removed devices anywhere in the infrastructure, builds a fast, accurate picture of what is going on in the network. By correlating real-time patented active techniques and passive ‘listening’ to the network layer as well as ingesting netflow– that’s our ‘secret sauce’ - we can know details such as “this specific device came on to this specific segment of your network at this specific time and is now communicating to a bad known IP address.” We can then immediately alert other security solutions, such as McAfee’s the ePolicy Orchestrator (ePO) to take action to manage and secure the device more effectively or decide to quarantine it to limit the impact of the threat.
Tell us a bit about your main product – Spectre. How is it unique from other security and vulnerability assessment tools available on the market?
The security market is quite foggy, but it is clear that network visibility is a key factor in cyber security as evidenced by other scanning products such as Qualys or Skybox who are also putting the issue front and center. Increasingly, we are seeing that visibility, in real-time, is a mandatory requirement for the latest generation of cyber stacks that are now being installed. The best way to see why we are unique is to look at the kind of clients we have that have implemented our technology into their cyber stack in 2017 and see the immense value provides over any other solution claiming visibility. – Lumeta Spectre has really come into its own this year. I can’t give too many details here, of course, but for example:
One of the largest military operations in the world installed a combination of Spectre with McAfee ePO to be delivered as a service by a third party to their multi-million IP address installation worldwide. In that tender, which we won in March 2017, we were against 11 other competitors. One of the largest intelligence agencies in the world. One of the top five banks in the world. Looking to sign 2 of the 3 top entertainment organizations by the end of the year. Looking to sign 2 of the top 10 players in the US healthcare players.
We believe that no product unto itself can resolve the ‘holy grail’ of remediation and automation needed in cyber security. We are one of a small number of companies that effectively contribute the visibility, the network scanning, and the real-time breach analytics. With our unique level of network context, we are directly integrated with companies like Qualys, Rapid7, and McAfee to extend their ability to be more effective in hardening systems, and offering better protection against cyber threats without leaving a single device or endpoint open to compromise. When you couple that with understanding changes in real-time, leak path detection, and applied security intelligence to reveal suspicious or malicious network activity, our foundational components provide a level of assurance and integrity which no other product can provide - and at any scale.
Lumeta provides what you call ‘Cyber Situational Awareness’ – can you explain what that means?
It is essentially a combat or defense term. In defense, if you want to understand your ‘theater of war,’ you need to understand everything that is going on around you. In our case, that means you need to have a complete understanding of your network in real-time. We need, as an organization, to have that immediate, contextual information about our network every nanosecond of the day because without that we are unable to execute an effective strategy.
What are the top threats that Lumeta is seeing today in cyber security?
From our perspective, we see a number of threats or challenges. The lack of visibility in the broader market is scary. The lack of human capital to address those challenges and the reluctance, which is decreasing, to move to more automated solutions are also of concern. Finally, there is still confusion in the market on who exactly does what. When we walk into a meeting with a potential client, 7 out 10 cases we hear “we got this covered, we understand our network – so we don’t need you.” Then, when we show a proof of concept of what we can do – it is just night and day. If the average across all industries is 40% lack of visibility – that is a very significant challenge. We tell them, “you told me you were covered – are you sure you are covered?” And that opens up the conversation about visibility, about real-time versus continuous data and where they are in terms of heading towards remediation and automation. Where are they in terms of the inevitability of the move into the cloud? Where are they in terms of being open to a service provider model? Those are the dynamics of the market. You need to know what you already have and don’t have. These unresolved challenges are leading to the rising success of ransomware, attacks on critical infrastructure, such as utiliites and manufacturing, and cloud-focused threats. It is where we come in to help out customers.
You list Professional Services prominently on their site. Is that a real revenue stream or a marketing tool?
No, it isn’t a marketing tool and to be honest, we need to be careful about what we are and what we aren’t. We are not a professional services organization – we’re a product company. We have our hands full in terms of developing the product, executing it, etc. Our professional services include providing proofs of concept and supporting partners as they come up to speed in terms of having their staff trained to deliver the service.