If your hybrid enterprise manages risk with a blend of EDR, HVM, IPAM, and breach management solutions, FireMon Lumeta is the glue your platform needs. Lumeta is the real-time discovery, visibility, and cybersecurity-automation solution that finds unknown networks, devices, and connections and then provides this information to both customers and integrated applications. Real-time, authoritative data about the network and its devices are selectively shared with all of the integrated security applications managing your enterprise network. Lumeta synthesizes device responses, performs analyses to surface risk, and alerts both systems and people with the power to remediate––lightening the load on cloud, network, and security teams, and amplifying the value of network-management applications by supplying them with better data. FireMon Lumeta feeds the integrated applications better device data and enhances what they know.
The FireMon platform delivers superior results and supports superior security intelligence: The broadest reach and most comprehensive network discovery in the industry, authoritative visibility, and an integrated way to understand and automate the remediation of significant events, trends, security gaps, threats, and misconfigurations. Integrate FireMon Lumeta with your security applications today to achieve the full value of your network security ecosystem.
What is a Lumeta Integration?
An integration in the context of the Firemon Lumeta solution is analogous to a plugin, add-on, or extension. It joins Lumeta to other parts of your network-security platform, enabling the two to exchange information. Lumeta does not replace these applications––it just makes them work better. It does this by making Lumeta's authoritative index of device data, connections, and networks available to the integrated platform. Feeds are attached through the Lumeta API and through various integrated data connectors. Some of these connectors identify vulnerable networks and devices by matching Lumeta-discovered data with ingested threat intelligence. Others identify endpoints lacking agents or unknown to your network manager. Still others push missing addresses to your address manager, notifications to your alert manager, and session data to your user identifier. Unstructured data and query results are transmitted via API; only what's unknown to the integrated application is conveyed. Your current security solutions work better because Lumeta supplies the missing pieces, eliminating blind spots.
Configuring an integration is as easy as supplying Lumeta with login credentials to the integration's application server and specifying how often you want the two to exchange data.
The results from most integrations are ingested by Lumeta, indexed, and displayed in Lumeta dashboards. Data attributes ingested from them are used to enhance the Lumeta device profiles. Discovery and profile data from Lumeta is also shared to the management consoles of partner applications.
The overarching value and most important thing to know about Lumeta integrations is that they amplify the value of your network security stack by ensuring that it manages a comprehensive and authoritative set of data.
Host Vulnerability Management Integrations
Host Vulnerability Management (HVM) integrations such as Qualys and Tenable leverage threat intelligence to help organizations prioritize vulnerabilities for remediation. The Lumeta HVM integrations enable your organization to 1) Identify devices in your network that are not managed by Qualys or Tenable SecurityCenter, 2) Push metadata about those devices to integrated vulnerability management systems, and 3) Extend the capabilities of your vulnerability management platform by feeding it Lumeta’s authoritative data set.
Integrated Host Vulnerability Managers
|Tenable||Tenable SecurityCenter Management|
Spotlight on Tenable
The Tenable integration tells you which hosts on your enterprise network are either undefended by Tenable or unknown to Lumeta. By comparing Lumeta's comprehensive index of all your network devices against that subset of network devices managed by Tenable, you can generate a list of network hosts that are not managed in the Tenable SecurityCenter and then push that information to an asset group on the Tenable SecurityCenter server. What's pulled from Tenable to Lumeta is only what you request, not an exhaustive collection of all the device details and attributes that Tenable manages. The enables Lumeta to scan just the network device attributes of value to you.
Endpoint Detection and Response Integrations
Endpoint Detection and Response software is installed on last-hop, non-forwarding devices such as laptops and printers to protect them from malware, exploits, and attacks. When you activate endpoint security integrations, Lumeta queries the integrated applications at the frequency you configure to identify the endpoints 1) only the integrations are managing, 2) only Lumeta is managing, and 3) endpoints both are managing. Lumeta also pushes unmanaged devices to the integration partner so that agents can be installed on them.
|Integrated Endpoint Detection and Response Managers||Dashboard|
|Carbon Black||Endpoint Management|
|McAfee ePO||McAfee ePO Management|
Spotlight on McAfee ePO
The McAfee ePO integration provides McAfee ePO customers with a way to ensure that McAfee's ePolicy Orchestrator agent is installed comprehensively on all network devices in one or more network segments. The integration reconciles McAfee findings with Lumeta findings, uncovering 1) assets lacking the McAfee ePO agent, 2) assets to which visibility is blocked, 3) assets with comprehensive management.
The devices listed in this Lumeta dashboard widget are missing McAfee's ePolicy Orchestrator agent, which is required element in the customer's network. The end-customer would be unaware of these policy violations were it not for Lumeta.
IP Address Management Integrations
An important early step in conducting any census of managed assets is to validate IPAM tracking and allocation data. To that end, BlueCat and Infoblox have been integrated to Lumeta. When you activate the Infoblox IPAM integration, Lumeta queries Infoblox, correlates the query results against what Lumeta "knows," generates responses, and pushes metadata about discovered devices to Infoblox. Infobox is one of several Lumeta integrations that not only pulls data from the integrated application, but also pushes data to it.
Spotlight on BlueCat
The BlueCat Management dashboard enables you to identify any IP address space that is missing from your BlueCat Address Management (BAM) server.
The dashboard provides these device attributes:
- Active - True/False status indicating whether the device responded to a Lumeta probe
- Device Type - Descriptor of the device such as server, router, printer
- DNS Name - Name given to device by Domain Name System
- First Observed - Timestamp of when the device first responded to a probe from Lumeta
- IP Address - The unique IPv4 or IPv6 device identifier
- Last Observed - Timestamp of when the device last responded to a probe from Lumeta
- LocationCode - Indicates the country, city in UN/ LOCODE, and custom locations such as CA TOR OF1 indicates: CA= Canada TOR=Toronto OF1=Office 1.
- MAC Address - The unique device identifier
- OS - Operating system running on the device
- State - Categorizes IP address assignment permanence (e.g., static, DHCP-reserved, gateway)
- Zonename - Name of the zone in which the device was discovered
Network Management Integrations
Network management integrations ensure that the deployed networks you manage through a single browser interface all show up. When you enforce device security policies, deploy software and apps, and perform remote, live troubleshooting on managed devices, these integrations validate that you're handling all the devices in a zone in their entirety.
|Integrated Network Managers||Dashboard|
|Meraki||None - Results augment device details|
Spotlight on Meraki
Meraki, a subsidiary of Cisco, is a web-based network management system. Customers purchase Meraki-brand routers, switches, firewalls and even cameras, deploy them on their network and then manage them via a website. This integration is another Lumeta discovery technique. From Meraki, Lumeta pulls router, switch and firewall information, including the interface tables of those devices, along with the MAC/IP addresses of all endpoints. This data augments Lumeta device details for those devices and displays in Lumeta analytics.
The responses from Meraki are used to enhance the interface information displayed in Lumeta Device Details, including:
- Network - Including additional L3 switch data
- Devices - Additional information from Meraki has been added re MX* model security appliances
- Interface - Including port information from Meraki
- Meraki source identifier called out in Lumeta Device Details.
Meraki-inflected device fingerprints, identification, and confidence-rankings.
- Meraki-sourced devices and CIDRs can be added to Lumeta Target List and Lumeta Eligible List.
Breach Detection Integrations
Lumeta breach-detection integrations find the activity of malware in your network. They identify which devices on your network have been compromised by known bad actors. When you connect a breach detection integration such as iDefense, Lumeta correlates data from two sources: netflow data and real-time streams of data providing information on potential cyber threats and risks. Compromised network assets including their attributes are reported in Lumeta.
|Integrated Breach Detectors||Dashboard|
Emerging Threats (open source)
|Gigamon NetFlow||Breach Detection|
|iDefense||Breach Detection - iDefense|
|ISC Ports||Breach Detection|
Spotlight on iDefense
Provides actionable lists of zombie devices and threat flows in your network by correlating a closed-source threat intelligence feed from iDefense IPs against your network's IPs. Lumeta ingests a single source of netflow data or multiple sources that have first been bundled via a netflow aggregator such as Gigamon.
Risk Management Integrations
Lumeta amplifies the value of a Risk Managers such as FireMon Security Manager. FireMon Security Manager can better assess risk, prioritize remediation, and minimize the attack surface of the networks it manages.
|Integrated Risk Managers||Dashboard|
Spotlight on Security Manager
FireMon offers a complete end-to-end solution for device visibility, firewall clean-up, and compliance reporting using Lumeta and Security Manager. Attributes of devices Lumeta has profiled as being a unique router, Layer 3 switch, or firewall are pushed to Security Manager. Security Manager then compares these device records to those it manages already. A Security Manager administrator can apply rules, correct misconfigurations, and make the Lumeta-discovered devices policy-compliant––all on the FireMon platform.
Security Stack Alerting Integrations
Applications in the Security Stack Alerting space such as Splunk have created a “security stack ecosystem” that is aware of and responsive to change notifications. Lumeta highlights missing syslog notifications and supplies it to the partner application.
|Integrated Security Stack Managers||Dashboard|
|Splunk||Lumeta dashboard within Splunk|
|Service Now||Lumeta dashboard within ServiceNow|
|McAfee DXL||McAfee DXL Management|
Spotlight on Splunk
The integration with Splunk fortifies the syslog notifications that reach Splunk, enabling you to find out more of what is happening in your network so that you can take meaningful action on it quickly.
The Splunk integration fortifies this ecosystem by providing it with real-time alerts and event notifications ingested from Lumeta.
Lumeta publishes real-time “messages” on network changes to Splunk “topics.”
Systems comprising the security stack “subscribe” to the topics.
The “subscribers” respond to the event notifications, alerts, and change notifications they receive automatically via security stack systems.
User Identification Integrations
User Identification integrations such as Cisco pxGrid ingest user session data. For organizations that want to ensure that NAC is active on all of their network assets, this information is important. Lumeta uses the Cisco ISE pxGrid to identify users and user sessions. It creates tables for Sessions, Identity Groups, Security Groups and Endpoints. For each discovered IP address, it discovers in real-time: Username, Session state, NAC server IP and port, RADIUS attribute-value pairs
Spotlight on Cisco pxGrid
Enables the exchange of context with Cisco products via a Cisco pxGrid server to validate endpoint, identity group, security group, and session data.