Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1826+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management
From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management
NEWS

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management

Lumen Technologies discovered it had 60x more assets than previously known after consolidating 40+ disconnected inventory systems with Axonius. The revelation drove a 10x security investment increase and a cloud migration decision.

Dylan H.

News Desk

July 10, 2026
3 min read

When Lumen Technologies — one of the largest US telecommunications and internet backbone operators — decided to modernize its security posture, it discovered a staggering blind spot: the company thought it had roughly 17,000 assets. The real number was 1.1 million.

That 60x gap between assumed and actual attack surface is the kind of finding that changes organizational strategy, and for Lumen, it did exactly that.

The Discovery

Geoff Krahn, Director of Product and Platform Security at Lumen, led an initiative to consolidate asset visibility across the company's sprawling infrastructure. The challenge: Lumen was pulling from more than 40 disconnected inventory systems — each with its own data format, update cadence, and coverage gaps.

By deploying the Axonius asset intelligence platform, the team aggregated all 40+ sources into a single normalized view. The result revealed 1.1 million assets — endpoints, cloud instances, network devices, third-party SaaS connections, and more — that had previously existed as invisible risk.

Business Impact

The newfound visibility directly drove two major strategic decisions:

1. Cloud Migration

Axonius surfaced a large number of end-of-life devices across the fleet. The inability to maintain and secure aging hardware at scale made the business case for cloud migration — the data made it undeniable. Rather than playing whack-a-mole with expiring hardware, Lumen chose to migrate the majority of its infrastructure to the cloud.

2. 10x Security Investment

Demonstrating to leadership the true size of the attack surface is rarely a conversation that goes well for security teams expecting small budget asks. In Lumen's case, the visibility data was compelling enough to justify a 10x increase in security investment — a rare outcome driven directly by better data.

Risk-Based Prioritization

Beyond asset discovery, Axonius Exposures combined technical vulnerability data with:

  • Asset context — ownership, business function, criticality
  • Control coverage — what security tools are actually deployed on each asset
  • Remediation impact modeling — which fixes deliver the most risk reduction per effort

Krahn described the goal as evolving vulnerability management "beyond scan and spam to intelligent risk-based requests driven by remediation actions that will deliver the most risk reduction."

Threat Intelligence Context

Lumen's Black Lotus Labs provides further context on the threat landscape the company operates in. Their 2026 Defender Threatscape Report documented:

  • 200 billion+ NetFlow sessions monitored daily
  • 1 billion+ DNS sessions analyzed daily
  • 2.3 million unique threats tracked per day
  • 46,000 command-and-control (C2) servers identified per day

Operating at that scale of threat visibility while simultaneously managing an unknown attack surface of over a million assets underscores why accurate inventory is the foundation of any security program.

Key Takeaway

Asset inventory is not a one-time project — it is a continuous discipline. Lumen's experience is a case study in what happens when security teams inherit fragmented tooling and never consolidate it: blind spots accumulate, and the gap between perceived and actual risk grows silently.

For any organization managing distributed infrastructure, consolidating asset discovery before investing in detection and response capabilities is not just good practice — it is table stakes.

#attack-surface-management#lumen-technologies#asset-inventory#exposure-management#axonius#risk-based-security

Related Articles

China and India Ran Separate Spying Campaigns Against the Same Pakistani Police Force

SentinelOne Labs uncovered parallel nation-state espionage operations by China-linked and India-linked threat actors targeting Pakistani law enforcement, compromising biometric data, criminal records, and personnel files.

3 min read

Microsoft Reins in RoguePlanet Zero-Day After Public PoC Release

Researcher 'Nightmare-Eclipse' published a proof-of-concept exploit for a Windows Defender vulnerability in early June after dropping several other Microsoft zero-days — Microsoft has since contained the RoguePlanet threat with a security update.

4 min read

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

An unprotected 800MB server left open for three weeks exposed the full toolkit of a webshell access brokerage operation targeting 1.4 million domains. Over 25,000 sites were confirmed compromised using 27 known CVEs, with a SNOWLIGHT dropper installing a VShell implant.

3 min read
Back to all News