We like the notion of "situational awareness" because it describes almost perfectly the necessary precursor to being able to manage security on an enterprise, whether that enterprise is software- or hardware-defined or in the cloud. In all cases, you cannot defend what you don't know exists, and even if you do know what exists, if you do not understand its flaws you cannot defend it effectively. Lumeta Enterprise Situational Intelligence (ESI) has as its goal enabling administrators to understand what is in their environment and what its weaknesses are.
Especially in infrastructure-as-a-service (IaaS) it can be challenging to understand what is going on or even what virtual devices are present in the virtual/cloud infrastructure. This uncertainty raises several questions. For example, what is the status of the so-called shadow IT undercurrent? Are users spinning up and/or reconfiguring virtual machines instead of looking to the legitimate IT function to do that?
And, if new virtual machines are popping up without IT involvement can they be identified rapidly - near real time - or do they sit on the enterprise unnoticed? When those machines - or, in fact, any machines - come online do they change the security profile of the enterprise? What about such things as split tunneling that would allow leakage between virtual environments, perhaps even between two virtual environments that are completely unrelated? And, finally, is there any anomalous cybersecurity behavior on the virtual enterprise?
Lumeta ESI command center is a virtual machine that sits behind a firewall or in the cloud in a Lumeta enterprise zone. It communicates with various cloud instances - whether public, private or hybrid - through a sensor called a "Scout." The Scout communicates back to the command center with the telemetry from the cloud and the command center does the heavy lifting.
One of the most important things that ESI does is recognize the virtual devices in the enterprise. It views these VMs on a cloud-by-cloud basis, so if the Scout is watching Amazon Web Services (AWS) it is reporting the VMs in the AWS implementation back to the command center. There the administrator has ample dashboard and drill-down capability to understand that activity on their cloud at a glance. The top-level dashboard presents a graphical depiction of all of the zones covered by the command center, as well as any notifications of interest. Drilling down reveals the dashboards for the individual zones.
From within the zone, the administrator can take several types of actions. For example, they can create and delete route tables within the virtual data center or zone. This can result is a network map that shows the relationship of the various virtual assets to the Scouts. The map is comprehensive and, depending on Scout placement, could show anomalous virtual devices that are outside of the zone but are visible to the Scout and, therefore, a potential threat to the devices inside the zone.
ESI has the expected capabilities of creating and deleting zones, managing virtual devices within the zones, and viewing activities in the zones and VMs. This extends to such things as analyzing endpoints, network access control lists (ACLs), dynamic host configuration protocol (DHCP), peering connections and VPNs. Overall, the product is a complete management and analysis tool for clouds of all types regardless of the applications running on them.
We found the pricing for ESI to be attractive, averaging a bit more than $7 per IP or less per year. Lumeta always has been reasonable in its pricing models. Additionally, ESI is available as a SaaS offering which, for some organizations, makes a lot of sense. SaaS applications are easier and quicker to deploy and are being constantly updated. Scaling is easier if the enterprise starts to grow unexpectedly and, of course, support is included.
Generally speaking, this is one of those applications/services that can co-exist with a variety of other cloud security products and still deliver value. Its ability to discern changes to a virtual environment - essentially in real time - is valuable beyond measure in today's elastic networks. That it adds a dimension of administration is frosting on the cake. Plus, the situational mapping, showing the relationships of virtual devices to the Scouts, is reminiscent of the earlier IPsonar that was used to map the internet (see Internet Mapping Project). Regardless of what other cloud security products you are considering, ESI certainly is worth your attention.
At a glance
Product Lumeta Enterprise Situational Intelligence (ESI)
Price Lumeta is licensed by the number of IP addresses under management. Pricing for a subscription starts at $7,200/year for 1,000 IP addresses - for either virtual machine or SaaS cloud access.
What it does Provides situational awareness of network architecture, segmentation and cybersecurity, supporting decision-making impacting security and compliance relating to cloud or virtual environments.
What we liked ESI is the next generation of the well-known popular IPsonar and has advanced the concepts introduced in that product to virtual and cloud environments while creating a completely new and relevant platform for non-physical and/or non-on-premises software data centers.