Securing Redmond: Microsoft Turns to Lumeta for Network Map

A quickly growing network can leave the enterprise vulnerable to outages and loss of corporate information assets. Because many devices are added quickly, administrators may have a difficult time determining what is secure and what is open to the Internet.

In order to improve its network security, Microsoft turned to Lumeta Corp., a security startup headed by Bill Cheswick, former Bell Labs security researcher. Lumeta had created a process for comprehensive mapping of an intranet.

Mapping a network the size of Microsoft’s is no small task. With over 100,000 nodes and more than 3,000 routers, the network continues to grow and hackers could easily gain access with complete secrecy.

The Lumeta Network Discovery (LND) service required little action on the part of the Microsoft security team. According to Howard Schmidt, chief security officer at Microsoft, the LND mapping team only needed access to the Microsoft network, whether by VPN or dialup, in order to complete its work.

Microsoft’s Schmidt notes that the LND mapping was performed before the highly publicized Microsoft network break-in of last year. Networks should be mapped periodically, says Schmidt, in order to avoid major network hacks and outages.

The LND service, according to Lumeta spokesperson Diane Burley, provides foundation level information about networks. It maps all the routes within the networks, and unlike traditional mapping tools, it talks to the network routers themselves. In addition to the map, LND provides HTML reports for cross-referencing data.

The LND service maps network communities by color, and includes both IP addresses as well as canonical names of network segments. Burley notes that the most common vulnerabilities are open connections to universities, where a legitimate user to the network may be logging on without an authorized connection, and telecommuters logging on with a VPN but no firewall.

Schmidt reports that what LND found on Microsoft’s network were mostly legitimate connections, with a few segments that Microsoft did not officially recognize. These turned out mostly to be partner activity that had not gone through official Microsoft network authorization channels; they were business-appropriate, but technically unauthorized.

Schmidt sees LND being applied in the future for preemptive security purposes, as the service helps administrators to get a comprehensive picture of their networks. Lumeta’s Burley adds that companies -- such as Microsoft -- with a high volume of mergers and acquisitions will find LND helpful in order to determine how to best streamline the network as well as shut down unauthorized connections.

According to Burley, LND helps to answer the question of how to merge networks and the issues of private versus public network space. Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.