Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


A leak is an unauthorized inbound or outbound connection route to the internet or to sub-networks. A leak goes through the network perimeter or between secure zones. It It may take the form of an unsecured forwarding device exposed to the internet, for example, or it could manifest as a forgotten open link to a former business partner. Leak paths can be especially hard to detect in cloud environments, where there is less network visibility and fewer security controls. 

Leak Discovery is Lumeta's indirect method of uncovering potential leak paths in a zone. It identifies Layer-3, stateless connections and reports network devices that were reachable via a particular, prohibited port. Leak Discovery is typically used between internal segments of a network to test the defenses of secure zone configurations to ensure enclaves are secure. It is also used to determine if any of the devices on targeted networks have connectivity to the Internet. Leak discovery is capable of spotting leaks in the network infrastructure such as router and firewall configuration issues.