Adlumin unveils enhancements to their Security Operations Platform

MDR is just one of eight features in the Adlumin platform, which goes to market entirely through channel partners, initially VARs and SIs, and more recently, MSPs.

Robert Johnston, CEO and cofounder of Adlumin

Today, Adlumin,  which provides MDR [managed detection and response] services as part of their Security Operations Platform, is announcing a series of enhancements to that platform. They include new AI-based features like lateral movement alert upgrades, malicious scheduled task detection, and malicious script block, honeypot deception technology and a free attack simulation tool for Microsoft Office 365 environments.

Adlumin is a relatively new company, formed in 2016, whose Go-to-Market strategy is entirely focused on their channel partners. Where they fit into the market has evolved significantly during that short time, although they have always been a channel company.

“We really started as a software company, building midmarket analytics products similar to Prisma Cloud, although Prisma is focused on the enterprise,” said Robert Johnston, CEO and cofounder of Adlumin. “We sold the software through the channel to midmarket customers who needed functionality like log management, SIEM and SOAR.”

Johnson said that they then evolved to become a security operations platform.

“We became a command operations centre for the channel and for midmarket customers, who could consolidate all their applications and have them delivered 100% through the channel,” Johnston stated. “In 2021, we added MDR to suite, and it became our first managed security offering. Then in 2022, we noticed there was an incredible opportunity in the channel and midmarket to satisfy three customer asks: decrease complexity; decrease multi-vendor spend; and choose convenience first. We launched three new products for this – continuous vulnerability management, proactive security awareness to provide security awareness training and program delivery, and progressive pen testing, which was fully automated. We built these into our SaaS application to solidify our place as the command centre for security operations. Thus MDR is only one of eight widgets, all of which are designed to address those three big customer asks.”

Johnston said that a key advantage for Adlumin in the market stems from originally starting as a software company.

“Having started building software has enabled us to separate clearly software from services and increases our transparency,” he stated. “Our MDR service was based on our software. We also sell our software to MSSPs for their own MDR service. Many of our competitors use someone else’s software. We are constantly evolving, and we are not dependent on other people’s technology to do our job.”

Adlumin’s channel is evolving as well.

“We started in the VAR/ software integrator and two-tier distribution space and that serves a slightly larger market from the midmarket,” Johnston said. “We  launched our MSP business, which serves smaller customers, in the last three quarters. We are newer there, but it is growing very well. So we now operate from the bottom of the market, with around 10 people to ‘enterprise light.’

This new update to the platform extends its capabilities with deception and AI technologies.

“The new Honeypot deception technology was an ask from our customers,” Johnston stated. “In the midmarket though they have to be white glove – no configuration. Our honeypots are easy to deploy and consume, and they are free.”

The three enhanced AI-based enhancements have protection against ransomware as a major objective.

“Every ransomware attack we have seen starts out as a cloud email breach,” Johnston said. “We have introduced Lateral Movement Alert upgrades.” These aggregate individual suspicious  activities from a generic user until they collectively project a high-fidelity threat signal, providing a defense against adversarial lateral movement that accesses several hosts in succession in behavior that in isolation could be benign.

“Malicious Scheduled Task deployment is another anti-ransomware innovation, responding to the fact that ransomware has gained a lot of ground,” Johnston said. The issue here is authenticated attackers abusing Windows Task Scheduler to run malware. The new AI-based detection defends against this vulnerability by combining a neural network that isolates process execution anomalies with subsequent checks for known indicators of compromise.

The third new AI feature is Malicious Script Block. A new hybrid detection logic with AI and domain knowledge rules will flag suspicious Script Blocks.

Adlumin also announced the availability of a free attack simulation tool for Microsoft Office 365 environments.

“This was important because cloud email is the most dangerous place on the Internet, Johnston stressed. “This lets them test their cloud email defenses by running attack simulations.”

Adlumin will be demonstrating the capabilities and new features of its platform at RSA Conference 2023, April 24-27, 2023 in San Francisco, California. They will be at Booth #1761 in the South Hall of the Moscone Center.