Federal Professional Services team at Lumeta Corporation

Promote this Nomination

Additional Info

Job title of nominated professional (or team name)Solutions Architect; Director of Professional Services
Company (where nominated professional or team is working)Lumeta Corporation
Company size (employees)40

In 3 bullets, summarize why this professional or team deserves recognition:

• The Lumeta Federal Professional Services team is supporting agency resources to deploy and use Lumeta ESI across the network (initially at the agency’s international locations). This network is made up of ~600,000 IP addresses, and relays both classified and unclassified information, as well as provides users’ access to the Internet.

• To enhance the value of the agency’s existing investments in security and network management tools, the Professional Services team developed integrations of Lumeta ESI with CA Spectrum, Tenable/ACAS, GOTS Big-Data, Remedy, and HP ArcSight. The intelligence gathered by Lumeta ESI is used as an authoritative foundation upon which these third-party products act – they can operate with 100% network visibility – maximizing their effectiveness.

• The team is currently planning a 3-year “enterprise wide” deployment of Lumeta ESI (beginning later in 2016) across the Enterprise (CONUS and OCONUS) which would encompass ~3 million IP addresses in six regions across the globe, including tactical/mobile deployments. At that time, the Professional Services team will become a dedicated staff to this project at the agency.

Brief Overview

Whether perpetuated by nation-states, criminal enterprises or terrorist organizations for advancement of their various causes, each year there are a growing number of critical cyber attacks.

In an engagement with a U.S. DoD agency, the Lumeta Federal Professional Services team deployed Lumeta ESI across the enterprise network (>0.6 million devices) for a real-time cyber defense solution including network behavior analytics and cybersecurity breach detection.

Lumeta ESI provides the agency with network situational awareness including:

• An authoritative index of the network architecture, starting with a baseline, and:
o Identification of newly inserted, possibly rogue, wireline or wireless infrastructure devices, firewall, routers or other network functions (e.g., virtualized) acting as packet forwarders
o Identification of any new virtual/cloud IaaS (or physical) resource seeking service from the network

• Validation of network segmentation policies (or violations of policy):
o Real-time identification and mapped views of newly identified networks and newly inserted routes
o Real-time identification of routed (L3) or bridged (L2) “leak paths” or other connectivity between protected network enclaves

• Operationalizing threat intelligence and other external data feeds to detect cybersecurity breaches:
o Real-time discovery of use of Dark Web/TOR exit nodes from locations inside the government enterprise
o Identification of unauthorized use of services which may be utilized for lateral movement or exfiltration of data like RDP, X11, FTP, DNS
o Real-time and forensic analysis of threat flows (“conversations”) occurring between devices on the network and known malware command and control (C2) servers

The agency has enterprise rollup portal visibility at the cybersecurity operations center and units throughout the agency.

The solution scales globally to encompass the enterprise network in all locations (within and outside the continental United States).