Overview of Use Cases

The Lucidum platform enables security, IT, and other teams to:

  • Develop unique insights from de-duped, triangulated, and aggregated tech stack information

  • Discover and describe previous unknowns — assets, users, and data

  • Identify risks such as unmanaged assets, missing agents, outdated OS, apps, and more

  • Accelerate alert triage, incident response, investigation, and remediation

  • Enhance data security

  • Ensure consistent versioning and upgrade

Use cases describe some common problems that enterprises and providers encounter and how Lucidum solves those problems.

What Are Connectors? #

Connectors enable Lucidum to ingest data from your environment and discover, identify, and classify assets, data, and users.

Lucidum includes pre-built connectors for the most commonly used solutions for security, vulnerability scanning, cloud, data warehouse, identity management, logs, network, endpoint management, IP management, file sharing, and devops.

To configure a connector, you provide credentials that allow Lucidum secure, read-only access to a deployed solution. Lucidum then makes read-only API calls to ingest data from the solution.

The current list of Connectors reflects all the Connectors currently in production at customer sites. With over 300 connectors, we’re sure we have yours. And if we don’t have your connector, we guarantee a 2-day turnaround for new connectors.

To get the most value from your Lucidum system, we recommend you configure connectors for all the security solutions in your environment. For example:

  • The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)

  • The Endpoint Protection solutions in your environment (for example, Trellix Endpoint Security, Symantec Endpoint Protection, SentinelOne, Crowdstrike Falcon, Microsoft Defender for Endpoint )

  • The Endpoint Detection and Response solutions in your environment (for example, SentinelOne, Falcon Crowdstrike, Trend Micro XDR, Check Point Harmony Endpoint, Cortex XDR)

  • The cloud security solutions in your environment for cloud assets (for example, Netskope, Illumio Core, Orca, Tenable Vulnerability Management, Trend Micro Cloud One, Sophos Central)

  • The anti-virus solutions or vulnerability management solutions in your environment (for example, Burp Suite, Cycognito, Greenbone, Kenna, MS Defender, Qualys, Rapid7, Tenable, Vulcan)

  • The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)

  • The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)

  • The SSO solutions and identify and access management solutions in your environment (for example, Okta, AWS IAM, PingOne, OneLogic, SecurAuth)

  • The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)

  • The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)

  • The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)

Lucidum Machine Learning #

Lucidum fills the gaps between security solutions. After ingesting data from connectors, Lucidum enriches that data through machine learning. After ingestion, Lucidum:

  • Deduplicates records. For example, suppose an asset uses DHCP. Suppose Lucidum ingests different information about that asset each day. However, each day, that asset will lease a new IP address. Instead of creating multiple asset records, Lucidum creates a single record for that asset. The single record includes all the IP addresses associated with the asset over time.

  • Triangulates records. Suppose a single user appears with in multiple solutions with multiple versions of a user name. For example, suppose Lucidum ingests a different name from Azure AD, GitHub, and Intune. Suppose Lucidum ingests that names “John.Smith”, “SmithJ”, and “[email protected]”. Lucidum creates a single entry for that user with a single user name and enriches the user record with information from Azure AD, GitHut, and Intune.

  • Aggregates records. Suppose Lucidum ingests data about an asset from Carbon Black, Tenable, Intune, VMware, and InfoBlox. Each data source provides some information. Some of these data sources provide unique information. For example, one solution might provide OS and version, another solution might provide vulnerabilities, another solution might provide hardware information, another solution might provide application data, and another solution might provide cloud information. Lucidum creates a single asset record that aggregates all the data from the multiple solutions.

Creating Your Own Dashboards #

For detailed steps on creating custom dashboard, see the manual on Dashboards and the manual on Value-Oriented Dashboards.