Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
An introduction to Illumio Insights | Andy Harcup | YouTubeToText
YouTube Transcript: An introduction to Illumio Insights
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
Video Summary
Summary
Core Theme
Alumio Insights is a breach containment platform that leverages AI and data feeds to identify critical security threats within an organization's cloud and endpoint environments, enabling rapid analysis and remediation.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
Welcome to the first of a series of
training sessions on the Alumio breach
containment platform. Today we're going
to be talking specifically about Alumio
Insights which was released early in 2025.
You're looking at Alumio Insights on the
screen right here. here. And just to put
this in context, uh the data that you
see and the way that it's displayed on
the screen is all being retrieved from
our SAS platform. When we deploy a
Lumio, we can deploy it by ingesting
cloud objects. We can also deploy it by
receiving data from our agents that live
on the endpoints. And that data is
gathered in our SAS platform. And we
then use feeds as well as AI to overlay
that and surface to the top the most
important things that should be
investigated within the organization and
we refer to this as finding the needles
in the haststack. So as you can see here
there's a number of different areas
which would be of immediate interest
once we start to troll through this data.
data.
You will see that we've got malicious IP
address or IP addresses and you can see
that we can see the flows in and out to
those IP addresses as well as the amount
of data in the way of bytes that is
going to and from these malicious IP addresses.
addresses.
There's a number of areas here and if I
scroll down you can see we can see
things like risky services or risky
traffic services. We can see the top
destination roles. We can see countries
and we can see really interesting things
like DORA compliance large language
models. A good example here would be a
graduate that's working in a law firm
that took a
um a client's project and uploaded
sensitive information to somewhere like
Deep Sea or Chat GPT quite innocently
looking for some help to analyze a
document and without realizing it has
put very private information into the
public domain.
So you can see there's some really
interesting insights here. The idea of
today is to drill into one of these to
show you just how we can drill right
down into that information and
understand the impact of what we're
looking at and then take action to
prevent any further disruption. So we'll
do this by looking at this address here.
This is an information going outbound to
what we know is a malicious IP address.
And you can see here this is ending 162.154.
162.154.
What we'll do is we will go to this
malicious IP threats over to the left
here. We'll click up here on outbound
because it's information going out of
our organization
and we'll see the address here 162.154
or ending in that. We'll select this
address. We'll scroll down
and you can see now that we're filtering
on this destination IP address ending 162.154.
162.154.
All the information and all the flows
we're looking at here, the individual
flows you can see going out and you can
see the bytes all of the data that's
going out in this column here in send
bytes. The one thing we notice here is
it all seems to be coming from this same
source. this source machine with a
source IP address. You can see here that
this uh virtual machine is sat in Azure.
Uh and really what we want to understand
now is the nature of what we're looking
at. It certainly looks to me like uh
this specific host is harvesting
information and sending it out of the
organization. And that is typically what
happens before a company gets hit with
ransomware. and then a demand for a
ransom comes in and if the enterprise or
company should fail to pay that ransom
then this data will be leaked into the
public domain.
So what we really want to know and
understand is what's the actual reach of
this machine. Let's click that and find
out. And when we click this uh specific
virtual machine here, what's going to
happen is we're going to use a security
graph to build a resource traffic map.
And you can see here immediately the
reach to which this machine has within
the organization.
Now this is showing us all of the
different flows and where that machine
can reach out to and of part what part
of uh any application it is within the organization.
organization.
We can drill into any specific flows
here by clicking them. So if we look at
this we'll look at the suspect machine
here and what communication it has with
this critical device in our organization
here. We'll select that. We'll click the
actual green arrow there and here are
all the flows and all the information
about those flows between these two instances.
instances.
We can equally just doubleclick the
machine itself. We get all of the
information about that specific virtual
machine, everything that it's connected
to and then more importantly all of the
traffic flows. everything that that
machine is talking to within our organization.
organization.
Now, obviously, this will allow us to
make a decision based on the analysis of
that data of what we would like to do or
the action we would like to take against
this this compromised host.
You will notice here that you can see
the assets across which we're looking
are based in Azure. They're based in
Google Cloud. They're based in AWS. And
the beauty of this platform is that it
works across all of these environments.
So we can see traffic as it flows across
all of your heterogeneous network
without worrying about anything on the
underlying infrastructure itself. So
what can we do to prevent any further
disruption from this host? If you look
here just above, you can see that we
have what's called dynamic quarantine.
And if I now click this, I'm able to
take action. And if I hit quarantine
here, I am going to take this device off
of the network. And this will will still
allow critical service like DNS
um and connectivity. PCE is our policy
compute engine or management platform.
it will allow us to connect to that
device to investigate and remediate that
device or indeed take it off the network completely.
completely.
So this gives you an overview of our
breach containment platform. You're able
to bring to the surface the needles in
the haststack or the things that you
should care about based on all of the
data that you have within the SAS platform.
platform.
You're then able to analyze and see exactly
exactly
uh what the flows of information look
like from any kind of incident and then
take action by actually quarantining
the said um device or sorry workload.
So there we are. That is Alumio insights.
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
