What makes us different:
LMNTRIX Intelligence
What is LMNTRIX Intelligence?
LMNTRIX Intelligence is a subscription feature of LMNTRIX XDR.
 SOC operators, CSIRT teams, and security analysts and researchers are in a race against time. The good news is that there’s an overwhelming amount of threat data available today. The challenge is rapidly converting this unstructured, disparate, and duplicative data into the contextual information to drive your security monitoring process and infrastructure.
LMNTRIX Intelligence curates and operationalize threat intelligence and accelerates incident response. It provides the essential analysis and correlation that you need to translate raw, unstructured and duplicative data into true intelligence. Reduce the noise of false positives from outdated irrelevant data in minutes. What’s left is true insight in the form of pre-built rules, reports, and dashboards that we use in LMNTRIX XDR or you can immediately apply and manage within your SIEM console.
LMNTRIX Intelligence harnesses collated intelligence into a single XDR platform to optimize collaboration and information sharing. Proprietary technology delivers earlier detection and identification of threats at every point along the attack lifecycle, making mitigating threats possible before material damage occurs.
- Threat actor communications interception identifies TTPs before they’re used in anger and proof of concept attacks before full deployment.
- Correlation of over 850 million threat indicators against real-time network data deployed deep within customer networks.
Does the LMNTRIX XDR include a Threat Intelligence Platform (TIP)?
LMNTRIX Intelligence is powered by a native TIP built within our XDR– which is a crowed-sourced threat intelligence exchange combined with our own sensor network together with over 20 commercial feeds.
We are all facing attacks, all the time and as a result we have a lot of data – why not share it?Â
That is the idea behind our TIP – Threat Intelligence PlLatform, that delivers a powerful community based immunity system.
Attackers are known to share methods and tactics and in order to advance the state of threat intelligence, organizations must collaborate and correlate more data, more quickly.
Today LMNTRIX TIP aggregates over 300 threat intelligence sources with the aim of aggregating more in the future to help consume, share, and act on threat intelligence.
Our TIP is:
Open
A robust platform with access to a wealth of threat intelligence data
Actionable
An integrated solution to help quickly stop threats
Social
A collaborative platform for sharing threat intelligence
How does LMNTRIX Intelligence work?
The proprietary technology behind LMNTRIX Intelligence allows us to deliver earlier detection and identification of adversaries in your organization’s network. This is achieved by making it possible to correlate tens of millions of threat indicators against real-time network logs as well as with other Active Defense service elements including:
- LMNTRIX NDR: The TIP threat feed is integrated with our NDR sensor deployed on Client’s premises. Any IOC hits on the NDR sensor are automatically validated and incidents created on the LMNTRIX XDR.
- LMNTRIX EDR: The TIP threat feed is integrated with the EDR agents deployed across Client’s endpoints. Any indicator hits on the agents are automatically validated and incident created on the LMNTRIX XDR.
- LMNTRIX Packets: The TIP threat feed is integrated with the Packets data captured on our XDR. Any indicator hits on the Packets data is automatically validated and incidents created on the LMNTRIX XDR.
- LMNTRIX SIEM: The TIP threat feed is integrated with the SIEM feature on our XDR and correlated against log data captured from our client networks. Any indicator hits on the SIEM is automatically validated and incidents created on the LMNTRIX XDR.
Our approach enables detection at every point along the attack lifecycle, making it possible to mitigate threats before material damage to your organization has occurred.
This process used by the LMNTRIX XDR includes:
- Curation & De-duplication – LMNTRIX Intelligence aggregates and de-duplicates threat data from 300+ public, private, and proprietary sources including our own HoneyNet deployed across all AWS regions.
- Machine learning – Algorithms scale to accommodate thousands of IOCs per minute across your environment
- Collaboration & Community – Securely connects security researchers within and across teams in trusted circles to cooperate on effective cyber defense strategies
- Correlate and integrate – Turns data into actionable information: XDR rules, reports, and dashboards
What type of threat indicators are captured by LMNTRIX Intelligence?
In practice, on average the LMNTRIX XDR is able to detect 20%-25% more incidents each month as a result of the threat intelligence feed than without it. It achieves this by automating detection for the following threat scenarios:
- Crimeware
- Dynamic DNS
- Phishing Attacks & URLs
- Anonymous VPN
- Hacking Tools
- Malware C&C
- APT IPs & Domains / APT IP User Agent
- Brute Force, Spammer & Bot IPs
- TOR Detection
What does a typical outcome look like when using LMNTRIX Intelligence in a SOC?
The following diagram depicts the value LMNTRIX Intelligence delivers from the time events are collected, security attacks identified and finally the attacks that are confirmed to be incidents.
What are the deployment options for LMNTRIX Intelligence?
The LMNTRIX Intelligence (TIP) platform is a native feature of LMNTRIX XDR and hosted on AWS, where it curates and de-duplicates data. The primary method of consumption of the service is by other XDR service elements such as the NDR, EDR, Packets and SIEM. Optionally, Clients can also consume the threat feed using standard protocols into their existing security infrastructure including SIEM, EDR or NextGen Firewalls.
For whole of governments or industry sectors who wish to deploy the platform internally, LMNTRIX makes the platform available as a private TIP.
What are the service deliverables from LMNTRIX Intelligence?
LMNTRIX Intelligence provides the LMNTRIX XDR and our threat analysts with the edge they need to analyze, discover, share and integrate threat data into security team processes for business risk reduction. The service deliverables include:
- Analyzes and pinpoint IOCs allowing you to quickly search for a specific indicator type over any time range, and drill-down into details.
- Eliminates unnecessary, duplicative and irrelevant indicators – before they enter your infrastructure.
- Integrates with the LMNTRIX XDR and your SIEM and other parts of your security architecture for automated threat detection and response.
- Real-time Risk Analysis – Ranks each individual IOC based on severity, relevance, and contextual variables.
- Easy-to-use interface – to view threat information received through STIX/TAXII feeds.
We know that every day you have everything on the line, and that with so much at risk it can seem like adversaries have all the advantages. Together we can take the power back. Where other cybersecurity providers see a vendor and a customer, we see a united team of defenders who are stronger as one.
I couldn't believe the level of detail during testing using an unannounced red team. In real-time, LMNTRIX analysts were baiting attackers and actively pursuing them in our environment-it was like something out of a movie.
Matt Kraus
IT Manager, Alliance Funding Group
LMNTRIX XDR didn't just do one thing; it covered all the bases: endpoint, network, cloud, mobile, identity, moving target defense and proactive threat hunting. To build this ourselves, we'd need 50 different products, and then we'd need to find security analysts capable of managing them all. The hyper-converged and holistic approach that LMNTRIX takes is a real game changer in my opinion.
Kim Green
CISO, World Market
I appreciate that working with the LMNTRIX team feels collaborative, and they leverage their extensive knowledge of current trends and attack techniques to guide us effectively. With our small team, we lack the resources to constantly research emerging threats—LMNTRIX fills that gap, providing us with vital information that helps us prioritize and refine our security strategy.
Shaun Hay
Group Manager Technology and Systems
LMNTRIX seamlessly integrates with our team, making their analysts an extension of our own resources. Their deep understanding of our environment allows my internal team to focus on other essential security initiatives that drive Dentons' success.
Victor Yeo
Head of Information Security
Our approach to detection is something we take seriously. While many MDR companies can set up a SOC and connect with various technologies to pass on alerts, LMNTRIX stands out by providing the critical context we need. They bridge the gap between us and our tools, delivering insights that truly matter. It's like LMNTRIX is playing chess, while others are just playing checkers.
Eduard Pieters
Chief Information Officer
LMNTRIX stood out in our evaluation as the sole provider that developed its own sophisticated cloud detections instead of merely relying on GuardDuty as an intermediary. Unlike other vendors who claimed capability in managing our cloud alerts, LMNTRIX was the only one that substantiated its capabilities.
Integrating our SIEM with the LMNTRIX XDR platform has provided a more comprehensive view of our security events and alerts across Microsoft 365, Defender, and Azure Active Directory. This integration facilitates quicker and more precise incident responses. The streamlined workflows and reduced manual processes have freed up valuable time, allowing us to address additional security priorities.
John Smith
Director of Cybersecurity and Incident Response
