Page tree
Skip to end of metadata
Go to start of metadata

If your hybrid enterprise manages risk with a blend of EDR, HVM, IPAM, and breach management solutions, FireMon Lumeta is the glue your platform needs. Lumeta is the real-time discovery, visibility, and cybersecurity-automation solution that finds unknown networks, devices, and connections and then provides this information to both customers and integrated applications. Real-time, authoritative data about the network and its devices are selectively shared with all of the integrated security applications managing your enterprise network. Lumeta synthesizes device responses, performs analyses to surface risk, and alerts both systems and people with the power to remediate––lightening the load on cloud, network, and security teams, and amplifying the value of network-management applications by supplying them with better data. FireMon Lumeta feeds the integrated applications better device data and enhances what they know. 

The FireMon platform delivers superior results and supports superior security intelligence: The broadest reach and most comprehensive network discovery in the industry, authoritative visibility, and an integrated way to understand and automate the remediation of significant events, trends, security gaps, threats, and misconfigurations. Integrate FireMon Lumeta with your security applications today to achieve the full value of your network security ecosystem.

What is a Lumeta Integration?

An integration in the context of the Firemon Lumeta solution is analogous to a plugin, add-on, or extension. It joins Lumeta to other parts of your network-security platform, enabling the two to exchange information. Lumeta does not replace these applications––it just makes them work better. It does this by making Lumeta's authoritative index of device data, connections, and networks available to the integrated platform. Feeds are attached through the Lumeta API and through various integrated data connectors. Some of these connectors identify vulnerable networks and devices by matching Lumeta-discovered data with ingested threat intelligence. Others identify endpoints lacking agents or unknown to your network manager. Still others push missing addresses to your address manager, notifications to your alert manager, and session data to your user identifier. Unstructured data and query results are transmitted via API; only what's unknown to the integrated application is conveyed. Your current security solutions work better because Lumeta supplies the missing pieces, eliminating blind spots.

Configuring an integration is as easy as supplying Lumeta with login credentials to the integration's application server and specifying how often you want the two to exchange data.

The results from most integrations are ingested by Lumeta, indexed, and displayed in Lumeta dashboards. Data attributes ingested from them are used to enhance the Lumeta device profiles. Discovery and profile data from Lumeta is also shared to the management consoles of partner applications.

The overarching value and most important thing to know about Lumeta integrations is that they amplify the value of your network security stack by ensuring that it manages a comprehensive and authoritative set of data.

Host Vulnerability Management Integrations

Host Vulnerability Management (HVM) integrations such as Qualys and Tenable leverage threat intelligence to help organizations prioritize vulnerabilities for remediation.  The Lumeta HVM integrations enable your organization to 1) Identify devices in your network that are not managed by Qualys or Tenable SecurityCenter, 2) Push metadata about those devices to integrated vulnerability management systems, and 3) Extend the capabilities of your vulnerability management platform by feeding it Lumeta’s authoritative data set. 

Integrated Host Vulnerability Managers

Dashboard
QualysQualys Management
TenableTenable SecurityCenter Management

Spotlight on Tenable

The Tenable integration tells you which hosts on your enterprise network are either undefended by Tenable or unknown to Lumeta. By comparing Lumeta's comprehensive index of all your network devices against that subset of network devices managed by Tenable, you can generate a list of network hosts that are not managed in the Tenable SecurityCenter and then push that information to an asset group on the Tenable SecurityCenter server. What's pulled from Tenable to Lumeta is only what you request, not an exhaustive collection of all the device details and attributes that Tenable manages. The enables Lumeta to scan just the network device attributes of value to you.

image2020-1-14_14-43-27.png

Endpoint Detection and Response Integrations

Endpoint Detection and Response software is installed on last-hop, non-forwarding devices such as laptops and printers to protect them from malware, exploits, and attacks. When you activate endpoint security integrations, Lumeta queries the integrated applications at the frequency you configure to identify the endpoints 1) only the integrations are managing, 2) only Lumeta is managing, and 3) endpoints both are managing. Lumeta also pushes unmanaged devices to the integration partner so that agents can be installed on them.

Integrated Endpoint Detection and Response ManagersDashboard
Carbon BlackEndpoint Management
McAfee ePOMcAfee ePO Management
RedSealRedSeal Management

Spotlight on McAfee ePO

The McAfee ePO integration provides McAfee ePO customers with a way to ensure that McAfee's ePolicy Orchestrator agent is installed comprehensively on all network devices in one or more network segments. The integration reconciles McAfee findings with Lumeta findings, uncovering 1) assets lacking the McAfee ePO agent, 2) assets to which visibility is blocked, 3) assets with comprehensive management.

The devices listed in this Lumeta dashboard widget are missing McAfee's ePolicy Orchestrator agent, which is required element in the customer's network. The end-customer would be unaware of these policy violations were it not for Lumeta.

IP Address Management Integrations

An important early step in conducting any census of managed assets is to validate IPAM tracking and allocation data. To that end, BlueCat and Infoblox have been integrated to Lumeta. When you activate the Infoblox IPAM integration, Lumeta queries Infoblox, correlates the query results against what Lumeta "knows," generates responses, and pushes metadata about discovered devices to Infoblox. Infobox is one of several Lumeta integrations that not only pulls data from the integrated application, but also pushes data to it.

Integrated IP Address ManagersDashboard
BlueCatBlueCat Management
InfobloxInfoblox Management

Spotlight on BlueCat

The BlueCat Management dashboard enables you to identify any IP address space that is missing from your BlueCat Address Management (BAM) server.

image2019-12-9_9-58-49.png

The dashboard provides these device attributes:

  • Active - True/False status indicating whether the device responded to a Lumeta probe
  • Device Type - Descriptor of the device such as server, router, printer
  • DNS Name - Name given to device by Domain Name System
  • First Observed - Timestamp of when the device first responded to a probe from Lumeta
  • IP Address - The unique IPv4 or IPv6 device identifier
  • Last Observed - Timestamp of when the device last responded to a probe from Lumeta
  • LocationCode -  Indicates the country, city in UN/ LOCODE, and custom locations such as  CA TOR OF1 indicates: CA= Canada TOR=Toronto OF1=Office 1.
  • MAC Address - The unique device identifier
  • OS - Operating system running on the device
  • State - Categorizes IP address assignment permanence (e.g., static, DHCP-reserved, gateway)
  • Zonename - Name of the zone in which the device was discovered

Network Management Integrations

Network management integrations ensure that the deployed networks you manage through a single browser interface all show up. When you enforce device security policies, deploy software and apps, and perform remote, live troubleshooting on managed devices, these integrations validate that you're handling all the devices in a zone in their entirety.

Integrated Network ManagersDashboard
MerakiNone - Results augment device details

Spotlight on Meraki

Meraki, a subsidiary of Cisco, is a web-based network management system. Customers purchase Meraki-brand routers, switches, firewalls and even cameras, deploy them on their network and then manage them via a website. This integration is another Lumeta discovery technique. From Meraki, Lumeta pulls router, switch and firewall information, including the interface tables of those devices, along with the MAC/IP addresses of all endpoints. This data augments Lumeta device details for those devices and displays in Lumeta analytics.

The responses from Meraki are used to enhance the interface information displayed in Lumeta Device Details, including:

  • Network - Including additional L3 switch data
  • Devices - Additional information from Meraki has been added re MX* model security appliances 
  • Interface - Including port information from Meraki
  • Meraki source identifier called out in Lumeta Device Details.
  • Meraki-inflected device fingerprints, identification, and confidence-rankings.

  • Meraki-sourced devices and CIDRs can be added to Lumeta Target List and Lumeta Eligible List.

Breach Detection Integrations

Lumeta breach-detection integrations find the activity of malware in your network. They identify which devices on your network have been compromised by known bad actors. When you connect a breach detection integration such as iDefense, Lumeta correlates data from two sources: netflow data and real-time streams of data providing information on potential cyber threats and risks. Compromised network assets including their attributes are reported in Lumeta.

Spotlight on iDefense

Provides actionable lists of zombie devices and threat flows in your network by correlating a closed-source threat intelligence feed from iDefense IPs against your network's IPs. Lumeta ingests a single source of netflow data or multiple sources that have first been bundled via a netflow aggregator such as Gigamon.

Risk Management Integrations

Lumeta amplifies the value of a Risk Managers such as FireMon Security Manager. FireMon Security Manager can better assess risk, prioritize remediation, and minimize the attack surface of the networks it manages.

Integrated Risk ManagersDashboard
FireMon Security ManagerFireMon Management
Rapid7Rapid7 Management

Spotlight on Security Manager

FireMon offers a complete end-to-end solution for device visibility, firewall clean-up, and compliance reporting using Lumeta and Security Manager. Attributes of devices Lumeta has profiled as being a unique router, Layer 3 switch, or firewall are pushed to Security Manager. Security Manager then compares these device records to those it manages already. A Security Manager administrator can apply rules, correct misconfigurations, and make the Lumeta-discovered devices policy-compliant––all on the FireMon platform.

Security Stack Alerting Integrations

Applications in the Security Stack Alerting space such as Splunk have created a “security stack ecosystem” that is aware of and responsive to change notifications. Lumeta highlights missing syslog notifications and supplies it to the partner application. 


Integrated Security Stack ManagersDashboard
SplunkLumeta dashboard within Splunk
Service NowLumeta dashboard within ServiceNow
McAfee DXLMcAfee DXL Management

Spotlight on Splunk

The integration with Splunk fortifies the syslog notifications that reach Splunk, enabling you to find out more of what is happening in your network so that you can take meaningful action on it quickly. 

The Splunk integration fortifies this ecosystem by providing it with real-time alerts and event notifications ingested from Lumeta.

  • Lumeta publishes real-time “messages” on network changes to Splunk “topics.”

  • Systems comprising the security stack “subscribe” to the topics.

  • The “subscribers” respond to the event notifications, alerts, and change notifications they receive automatically via security stack systems. 



User Identification Integrations

User Identification integrations such as Cisco pxGrid ingest user session data. For organizations that want to ensure that NAC is active on all of their  network assets, this information is important. Lumeta uses the Cisco ISE pxGrid to identify users and user sessions. It creates tables for Sessions, Identity Groups, Security Groups and Endpoints. For each discovered IP address, it discovers in real-time: Username, Session state, NAC server IP and port, RADIUS attribute-value pairs

Integrated User Identification ManagersDashboard
Cisco pxGridCisco pxGrid

Spotlight on Cisco pxGrid

Enables the exchange of context with Cisco products via a Cisco pxGrid server to validate endpoint, identity group, security group, and session data. 



  • No labels