Backed by AI-driven behavioral analytics and powered by real-time telemetry, LMNTRIX Cloud enables proactive, automated security at scale—without compromising performance or requiring invasive agents.
With LMNTRIX Cloud, these risks become visible, prioritized, and neutralized.
LMNTRIX Cloud
What is LMNTRIX Cloud?
LMNTRIX Cloud provides customers with an end-to-end solution for securing public cloud workloads across AWS, Azure and GCP. It functions via APIs and does not require the installation of any agent. The service is designed to offer complete protection for AWS, Azure and GCP workloads. It provides a variety of protective layers to secure application infrastructure and workloads that are hosted in public cloud environments, preventing unauthorized access, misconfigurations, and malicious activity. LMNTRIX Cloud contextualizes the cloud, application, and user behavior in your environment and creates an attack storyline to identify actual threats. By focusing on actual threats in the runtime, LMNTRIX improves productivity and morale of the SOC and reduces business risk.
The service includes Cloud Security Posture Management (CSPM) and Identity Threat Detection and Response (ITDR) services. A runtime Cloud Threat Detection and Response (CDR) service monitors and analyzes all threat vectors of identity, permissions, exposed assets, and unauthorized access to identify real-time risk.
Does LMNTRIX Cloud provide multi-cloud support?
LMNTRIX Cloud provides centralized visibility into the current security risks identified across multiple accounts, regions, and cloud platforms. It helps drive corrective actions according to the severity and urgency of the risks for the organization. Alerts are published to the LMNTRIX XDR KILLBOX in the same way as all other service elements, providing unrivalled visibility across your environment. As with all other service elements, alerts are fully validated by CDC analysts prior to the creation of an incident.
Does LMNTRIX Cloud provide compliance assurance and reporting?
LMNTRIX Cloud continuously monitors the configuration of your cloud and alerts you to risky misconfigurations, as well as on violations of security best practices and industry standards. LMNTRIX Cloud offers comprehensive reporting of your cloud inventory, exposure, and misconfigurations. It can generate on-the-fly compliance reports against many standards including SOC2, PCI DSS, NIST CSF, Azure & AWS CIS, ISO27001, HIPAA and GDPR. This level of monitoring shows the SOC how misconfigurations are being used to penetrate your environment. This is especially helpful with misconfigurations that cannot be addressed or take time to be addressed. This level of monitoring reduces the risk of misconfigurations that your business must tolerate.
Does LMNTRIX Cloud offer excessive permissions hardening?
LMNTRIX Cloud continuously monitors all Identity and Access Management (IAM) user and role activity in the cloud and tracks how different IAM entities utilize the access permissions they have been granted. By comparing granted permissions to what has actually been used over time, LMNTRIX Cloud identifies excessive access permissions and provides actionable recommendations on how to reduce them- delivered regularly as incidents via the XDR portal.
How does LMNTRIX Cloud deliver threat detection?
LMNTRIX Cloud utilizes dozens of algorithms, including machine learning and deep learning-based, to detect suspicious activity and anomalous behavior across multiple layers of the cloud environment, from user and role activity to east-west and south-north network communications to host activity. LMNTRIX leverages malicious behavior indicators to create an attack sequence. Malicious behavior indicators (MBIs) are behaviors and activities that we flag over time and build into a sequence based on the metadata and logs we are collecting from the cloud. An MBI alone is not usually indicative of an attack, but it is indicative of an interesting activity. A string of MBIs creates an attack sequence and once the overall score of a sequence reaches a specific threshold it is determined to be an alert.
The Detection Process
By using cloud logs, enriching them with status information gained from our API based posture management, applying our ML detections and historical knowledge we create high alerting and validated incidents for your cloud environment.
Attack Stories
Leveraging the full platform logging and visibility, combined with the high-fidelity alerting, we are able to create timelines that represent an adversaries use of tactics, techniques and procedures in your environment.
What telemetry is collected from Azure cloud and what permissions are required ?
Integration of your cloud environment with LMNTRIX cloud security is simple and can be performed within the space of an hour. Separate integration guides have been prepared for each public cloud provider. Our service requires no agents or appliances, making use of built-in API and application functionality.
LMNTRIX Cloud collects and processes the following Azure telemetry:
- Subscription-level telemetry:
- Configuration metadata describing the cloud resources including VMs, databases, and network security groups
- Subscription Activity logs
- Network Flow logs
- Tenant-level telemetry includes:
- Configuration metadata describing users and roles
- LMNTRIX cloud makes use of the following read only permissions:
- Read. All (required)
- A tenant-level read-only permission allowing LMNTRIX cloud security to access information related to Identity and Access Management (IAM).
- Reader (required):
- A subscription-level read-only permission allowing LMNTRIX cloud security to access configuration metadata in your Azure subscriptions.
- Storage Blob Data Reader (optional):
- A storage account-level permission allowing LMNTRIX cloud security to access Activity and Network Flow logs in a specified storage account.
- Read. All (required)
What telemetry is collected from AWS cloud and what permissions are required?
Integration of your cloud environment with LMNTRIX cloud security is simple and can be performed within the space of an hour. Separate integration guides have been prepared for each public cloud provider. Our service requires no agents or appliances, making use of built-in API and application functionality.
LMNTRIX Cloud collects and processes the following AWS telemetry:
- Configuration metadata describing the account settings and its deployed cloud resources, including EC2 instances, databases, security groups, and users.
- CloudTrail logs providing event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS service account activity related to actions across your AWS infrastructure.
- Note: CloudTrail logs are collected by LMNTRIX cloud Security from S3 buckets.
- VPC Flow logs capture information about the network traffic going to and from network interfaces in your VPCs.
- CloudTrail S3 Data event logs capture data events for objects stored in an S3 bucket. Once enabled, these S3 data events are delivered by AWS as part of the regular CloudTrail logs. LMNTRIX recommends that you enable CloudTrail S3 Data event logs for those S3 buckets that hold information critical for your business. For more information, see: https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-fors3.html
LMNTRIX cloud makes use of the following read only permissions (granted to LMNTRIX cloud by assigning IAM permission policies to a cross-account role created for LMNTRIX cloud security in the customer’s AWS account.):
- Security Audit policy—An AWS-managed policy provided out-of-the-box. This policy grants access to read security configuration metadata, such as information about the configuration of users, servers, databases, and more.
- AWSWAFReadOnlyAccess policy—An AWS-managed policy provided out-of-the-box. This policy provides read-only access to AWS WAF configuration metadata.
- Read-access permissions to the S3 buckets in the AWS account(s) storing the CloudTrail and VPC Flow logs:
- s3:ListBucket
- s3:Get*
- In addition, you need to set up SNS notifications in your AWS account. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_SetupSNS.html
What are LMNTRIX responsibilities during LMNTRIX Cloud onboarding?
- Provide a license to use the LMNTRIX Cloud service consistent with the parameters of your purchase.
- Provide the customer or partner with the required information to complete the integration of their public clouds with LMNTRIX Cloud.
- Assist with configuration of cloud policy & response.
- Provide 24-hour access to our Cyber Defense Center (“CDC”) so that you may ask questions related to the Service. While LMNTRIX will do our best to answer your questions immediately, some inquiries will result in a ticket for the Senior Intrusion Analyst Team which will be addressed during LMNTRIX’ normal business hours, Monday through Friday, 8:00-5:00 U.S. Eastern Standard Time excluding U.S. holidays (“Normal Business Hours”).
What are Client responsibilities during LMNTRIX Cloud onboarding?
- Complete the LMNTRIX Cloud section of the starter pack.
- Integration of their cloud environment with us per the relevant integration guide.
- Providing LMNTRIX with the required permissions and information to establish the service.
- Configure logging as appropriate to make use of threat detection service.
- Maintain awareness of all public cloud vendor fees, especially as related to logging.
We know that every day you have everything on the line, and that with so much at risk it can seem like adversaries have all the advantages. Together we can take the power back. Where other cybersecurity providers see a vendor and a customer, we see a united team of defenders who are stronger as one.
I couldn't believe the level of detail during testing using an unannounced red team. In real-time, LMNTRIX analysts were baiting attackers and actively pursuing them in our environment-it was like something out of a movie.
Matt Kraus
IT Manager, Alliance Funding Group
LMNTRIX XDR didn't just do one thing; it covered all the bases: endpoint, network, cloud, mobile, identity, moving target defense and proactive threat hunting. To build this ourselves, we'd need 50 different products, and then we'd need to find security analysts capable of managing them all. The hyper-converged and holistic approach that LMNTRIX takes is a real game changer in my opinion.
Kim Green
CISO, World Market
I appreciate that working with the LMNTRIX team feels collaborative, and they leverage their extensive knowledge of current trends and attack techniques to guide us effectively. With our small team, we lack the resources to constantly research emerging threats—LMNTRIX fills that gap, providing us with vital information that helps us prioritize and refine our security strategy.
Shaun Hay
Group Manager Technology and Systems
LMNTRIX seamlessly integrates with our team, making their analysts an extension of our own resources. Their deep understanding of our environment allows my internal team to focus on other essential security initiatives that drive Dentons' success.
Victor Yeo
Head of Information Security
Our approach to detection is something we take seriously. While many MDR companies can set up a SOC and connect with various technologies to pass on alerts, LMNTRIX stands out by providing the critical context we need. They bridge the gap between us and our tools, delivering insights that truly matter. It's like LMNTRIX is playing chess, while others are just playing checkers.
Eduard Pieters
Chief Information Officer
LMNTRIX stood out in our evaluation as the sole provider that developed its own sophisticated cloud detections instead of merely relying on GuardDuty as an intermediary. Unlike other vendors who claimed capability in managing our cloud alerts, LMNTRIX was the only one that substantiated its capabilities.
Integrating our SIEM with the LMNTRIX XDR platform has provided a more comprehensive view of our security events and alerts across Microsoft 365, Defender, and Azure Active Directory. This integration facilitates quicker and more precise incident responses. The streamlined workflows and reduced manual processes have freed up valuable time, allowing us to address additional security priorities.
John Smith
Director of Cybersecurity and Incident Response
