Lumifi Acquires Netsurion

ShieldVision 2.0

ShieldVision empowers security teams to build use cases and response flows for SIEM, EDR, NDR technologies, and more. Out of the box, it includes more than 1,000 pieces of content including searches, automated response Threat Flows, and prebuilt reports. This enables endpoint, network, and cloud responses using specific queries to customize workflows for your individual business needs. It also grants users the ability to control alert noise granularly by implementing exclusions at a global or per-alert level, in addition to dynamic enrichment and exclusions in Threat Flow.

How will this acquisition affect my existing contract with Netsurion or Lumifi? 

Your contract and terms within the contract will remain unchanged.

What additional cybersecurity solutions or services will be available to me due to this acquisition?

Lumifi provides a comprehensive range of services, including monitoring and management for Security Information and Event Management (SIEM), Network Detection and Response (NDR), and Endpoint Detection and Response/Extended Detection and Response (EDR/XDR). In addition, we offer solutions for email management, digital risk management, and vulnerability management to ensure the optimal security and functionality of your systems. Our services are designed to provide you with extensive protection and management solutions for your digital environment.

Will there be any disruption to my services during the transition period?

Downtime is expected to be minimal, or in some cases, not a factor at all. Wherever possible, we intend to run both solutions in parallel during migration, as this overlap will help ensure all nuance, exclusions, and processes are migrated fully. For customers who are not able to run the solutions in parallel, a small, scheduled amount of downtime is likely, which Lumifi seeks to minimize to the bare minimum required to complete migration. All customers will receive a detailed project plan that clarifies step-by-step processes.

What specific benefits, enhancements or improvements can I expect from this acquisition? 

We’re excited for the opportunity to bring to you several significant benefits and enhancements.

Lumifi operates a U.S.-based 24x7x365 Security Operations Center in Scottsdale, Arizona, ensuring continuous protection for your business. Our expert team, comprised of U.S. personnel with military and government backgrounds, brings unparalleled expertise and dedication to your security needs. With a dedicated SOC analyst team providing round-the-clock monitoring and response, thousands of alerts and system upgrades are handled swiftly, resulting in improved security outcomes. As part of this, a dedicated use case development team crafts tailored rules for all supported solutions in the Lumifi portfolio, ensuring monitoring is aligned with your organization’s needs.

Lumifi also provides ShieldVision, a richly-featured, proprietary XDR solution that enables SOAR responses, automated investigation, endpoint response, and SIEM functionality, built with ease-of-use and consumability in mind. This also includes reporting and easily performed search and investigation capabilities. Furthermore, hot storage and archival storage will be migrated and condensed into a single, indexable, searchable data store, accessible through ShieldVision 24/7, reducing the need for lengthy, time-consuming data retrieval requests.

ShieldVision includes more than 1,000 report and dashboard panels alongside more than 500 custom detection use cases, available out-of-the-box. Users are free to duplicate existing and edit or create their detection use cases, as well, leveraging rich SOAR functionality for extremely tailored and customizable responses.

Will my point of contact or support team change because of the acquisition? 

Lumifi aims to maintain continuity and familiarity with its support team as much as possible. Current customer support personnel (Technical Account Manager + Customer Success + Channel Management Teams) will remain as your primary point of contact, in addition to Netsurion engineering team members you may have interacted with in the past. All SOC operations will be transitioned to our US-based location in the coming months.

What support will be provided for Netsurion’s Open XDR in the future?

The Netsurion Open XDR platform will reach end-of-support in 2025. Lumifi resources will be maximally available to facilitate migration to ShieldVision.

How will my data be migrated and retained?

Lumifi will migrate and retain all data going back 400 days, moving it into ShieldVision, which enables historical searchability on demand.

Will there be a difference in the SLA and tiers of support we receive, or options of service levels?

There will be no SLA/SLO tiers. We don't have SLAs worked out for ShieldVision, but expect 5 9s, or something similar. Everything is cloud hosted with redundancy built in.

How do I engage with Lumifi and/or the SOC?

You can engage with Lumifi via Incident Management within ShieldVision and call in. You can reference this document for more information.

What does the migration process look like?

Please reference this document for a high-level overview of the migration process.

If I currently run on-prem OpenXDR, what are my options? (Only pertains to on-prem customers)

Lumifi’s ShieldVision platform is fully SaaS. If migration to a cloud-native solution makes sense for your organization, Lumifi will aid in scoping, provisioning, and migration to ensure data is retained and operations are resumed smoothly in the new platform. Additionally, Lumifi has several other solutions that may fit your on-prem use case.

What multi-tenancy features are available in ShieldVision for the MSP user? (Only pertains to MSP customers)

ShieldVision was built with MSPs in mind. MSPs have a broad, multi-tenant view of their own client’s incidents and support cases, including savable filters. ShieldVision also comes with MSP-focused reports that help get a broader view of health and utilization across the client base. Furthermore, MSPs see a separate client dashboard, enabling “click-in” to individual client instances as if they were a privileged user of that client. MSPs can also create and deploy their own unique content, including searches and ThreatFlows, for their clients only, helping brand and differentiate the service as your security practice grows.

Will MSP customers have a portal or ability to access the platform?

Yes, there is an MSP view that shows data a panel/card type object for each customer with some quick reference health and ticket data, and by clicking on the card they can enter the individual client environment as if they were an admin.

Are there any APIs we can pull as well? So we can integrate with other tools?

Yes, Lumifi supports both bi-directional webhook and enables some functionality through API.

Are you doing any remediation like stopping malicious IP connections? If so, how?

ShieldVision can tie into firewalls via API to implement a block rule.

What does Lumifi consider your product? SIEM, EDR, MDR, XDR, SOAR?

We define it as a SOC automation tool with inbuilt SIEM and EDR; technology paired with our MDR service. It is definitely a hybrid of several different technologies, rolled into an easy to consume package.

Is there an API to unenroll an endpoint?

Yes, devices can be unenrolled on demand.

Can we group endpoints?

Yes, they can be defined through Endpoint Policies.

What does Lumifi do for environments that do not have a traditional active directory environment (M365, Entra ID and Intune )?

Yes, all M365 and Entra ID are fully supported. Intune may require additional parsing, but we can build a custom ingest pipeline if necessary.

How do you update agents that are already installed. Can you do this via the platform?

Updates are automatically applied directly from Elastic

Does Elastic Defend include a firewall? Is this how isolating a asset is done. If not can you talk more about what isolation entails.

Elastic Defend does not include a host-based firewall. Isolation is a supported action within ShieldVision. It is network based isolation that only allows communication with Elastic (enabling un-isolation later).

Does all of it need to be built out or do you have canned alert/monitoring configurations that would cover most general use cases?

Yes, we have a full library of rules (we call them Searches), playbooks (ThreatFlows), and reports that will be enabled and available to you on day one.

Most of the default query workflows we'd need are already built out, so we might not have to spend any time making or editing our own?

Correct. You may use them as examples, or duplicate and modify them (disabling the old one).

What set of products would be required for customers looking for only the SIEM and SOC services?

We support a variety of SIEM tools outside Elastic. For many customers, Elastic is fully featured enough to fulfill their SIEM requirements. It is an enterprise grade solution with enormous flexibility and scalability, and our implementation in ShieldVision helps simplify the management of the platform.

Are we able to search raw logs?

Yes, we have two means of investigation – Quick Search, which we showed on the demo, and Composer, which is more technical and elaborate, requiring greater knowledge of the platform. We will demo Composer on a dedicated webinar at some point in the near future (likely July timeframe).

Can the ShieldVision platform open a ticket in an external Ticketing system?

Yes, our bi-directional webhook should be able to meet this requirement.

Do you integrate with ConnectWise Manage, and/or Automate?

Yes, depending on the use case, our API support should be able to meet the need.

How does the EDR capability work with other EDR tools? can they co-exist with SentinelOne or Crowdstrike? Defender?

Elastic can be deployed in a passive, detect-and-forward only mode, in which case certain Elastic processes may need to be excluded in the other EDR tool.

Does the platform have a UEBA component?

Yes, Elastic supports UEBA/ML use cases.

What is the time frame for transitioning from Netsurion?

We aim to transition as many customers as quickly as possible. Our goal date for initial deployment of Elastic Defend and collectors is by end of June.

Related to Agent Deployment. Agent Windows deployment will need to set manually the different permissions for audit logs on critical patch and systems folders?

Audit logs are pulled via the agent, defined via the Endpoint Policies.

Do you have any SOAR integrations?

ShieldVision has in-built SOAR capability, although depending on the use case, we may be able to integrate with external SOAR tools.

Join us for an immersive experience where you'll meet our team, delve into our state-of-the-art SOC, and explore the cutting-edge technology powering it all. Gain exclusive insights into ShieldVision, our proprietary technology, and get a glimpse into our ambitious plans for the future.

Take a behind-the-scenes tour of the dedicated team driving our SOC processes and operational functions, and uncover the secrets behind the technology fueling our company's success.

P.S. If you're unable to attend, no worries! We'll record the session for your convenience and share it afterward.

"In an era of ever-increasing cybersecurity challenges, numerous companies face vulnerability. Joining forces with Netsurion marks a pivotal move, utilizing our recent infusion of growth capital to actualize our expansive vision. Together, we're closing the cybersecurity skills divide, empowering businesses to withstand the myriad and dynamic threats of today." Michael Malone, CEO, Lumifi

Welcome to Lumifi, Netsurion Customers

Why Lumifi & Netsurion?

Gartner's SOC Visibility Triad

ShieldVision 2.0

FAQ

Meet & Greet Webinar

WEDNESDAY, JUNE 5TH | 10 AM PT / 1PM ET

Resources

Partners

About

Solutions

Security Operations Center (SOC)

Questions?

Support