From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale

Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600 security leaders in the 2026 Axonius Actionability Report, only 45% of organizations consolidate their asset and exposure data into a single view, and every downstream security program inherits whatever the inventory gets wrong.

Lumen Technologies, a telecommunications company with nearly a century of history, put this to the test. Geoff Krahn, Director of Product and Platform Security at Lumen, and his team used the Axonius asset intelligence platform to reconcile data from more than 40 disconnected systems into one trusted view. They uncovered 60 times more devices than they knew they had, then rebuilt their exposure management program on that foundation.

Why asset inventories break down at enterprise scale

Lumen’s environment is an extreme case of a problem most security teams recognize. More than 40 independent IT and security tools tracked different slices of reality at different levels of maturity, none agreeing on device counts, ownership, or coverage status. When leadership asked what percentage of servers had EDR, answering meant pulling from sources that contradicted each other.

“We were constantly in incident response calls with no idea who owned what,” Krahn said.

Axonius gave the team a way to reconcile all of those sources into one model. The scope turned out to be far larger than anyone expected:

  • Starting point: ~17,000 known cyber assets across existing inventories
  • After initial reconciliation: 500,000 devices identified and categorized
  • Current scope: Approximately 1.1 million devices

“It has really been an eye-opener for the organization as a whole how large our responsibilities are,” Krahn said. “Being able to quantify it and highlight gaps in controls has allowed us to gain the leadership support and funding we need.”

What trusted asset data makes possible

Zero-day response

When a critical vulnerability drops, speed depends on knowing what’s exposed and who owns it. Krahn’s team can now identify affected systems, confirm whether they’re externally exposed, and establish ownership within minutes, then push alerts to engineers through a chatbot built on top of Axonius.

“Being able to get near-instantaneous information on how many assets are susceptible to a 0-day vuln, who owns them, are they externally exposed… is pivotal to timely response and communication,” Krahn said.

Application posture visibility

Lumen runs thousands of internal applications. Knowing whether a server is patched doesn’t answer what it supports, who owns the application on it, or what revenue stream a compromise would put at risk.

By correlating CMDB relationships with control coverage, vulnerability data, and end-of-life status, Lumen built an Application Posture Dashboard within Axonius that evaluates risk at the application level rather than the infrastructure level alone. Krahn plans to connect this directly to the products Lumen sells, tying cybersecurity exposure to revenue.

How risk-based exposure management replaces “scan and spam”

Without reliable asset context, most teams default to sorting by CVSS score and working top-down. The Actionability Report found that 56% of organizations still rely primarily on CVSS for prioritization, despite broad agreement that exploitability, blast radius, and business impact should drive those decisions.

Critical issues end up buried behind thousands of medium-severity findings that pose no environment-specific risk. Krahn describes the old model bluntly: “scan and spam.” Scan everything, dump the results, hope the right things get fixed first.

With trusted asset data in place, Lumen took a different path. Axonius Exposures allowed the team to combine technical findings with asset context, business criticality, and control coverage to surface which remediations deliver the greatest risk reduction.

“Exposure management will allow us to evolve vulnerability management beyond scan and spam to intelligent risk-based requests driven by remediation actions that will deliver the most risk reduction,” Krahn said.

Better asset data enables smarter exposure management, and exposure management outcomes reveal where asset data still needs to improve.

What happened when Lumen’s leadership trusted the data

Trusted, quantified visibility changed what leadership was willing to decide:

  • Cloud migration: End-of-life visibility drove Lumen’s decision to migrate the majority of its infrastructure to the cloud
  • 10x security investment: Spending grew to roughly 10 times its previous level as leadership saw the full scope in terms they could act on
  • Board-level reporting: Lumen’s board now relies on Axonius-generated reports for asset coverage, EDR deployment, and compliance insights

“The visibility Axonius was able to shed on the end-of-life issues we had with our systems directly contributed to the decision to migrate the majority of our infrastructure to the cloud, reducing overall risk by 40%,” Krahn said.

Is your asset data carrying the same gaps?

If an organization with dedicated security leadership and 40-plus inventory systems found its cyber asset management picture was off by a factor of 60, most enterprises should assume their own data carries similar gaps. 

Every exposure management program inherits the quality of the asset data underneath it. If that foundation hasn’t been tested, the prioritization, ownership mapping, and remediation workflows built on top of it are working from assumptions, not evidence.

Learn more about Axonius Exposures and risk-based exposure management at enterprise scale.

📰 Original Source:TheHackerNews
✍️ Author: info@thehackernews.com (The Hacker News)

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *