Back to Feed
VulnerabilitiesJul 10, 2026

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale

Lumen Technologies scaled its asset inventory from 17,000 to 1.1 million devices using Axonius.

Summary

Lumen Technologies significantly expanded its asset inventory from approximately 17,000 to 1.1 million devices by implementing the Axonius asset intelligence platform. This initiative reconciled data from over 40 disparate systems, providing a unified view that enabled faster incident response, improved application posture visibility, and facilitated a shift from a 'scan and spam' approach to risk-based exposure management.

Full text

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale The Hacker NewsJul 10, 2026Asset Management / Enterprise Security Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600 security leaders in the 2026 Axonius Actionability Report, only 45% of organizations consolidate their asset and exposure data into a single view, and every downstream security program inherits whatever the inventory gets wrong. Lumen Technologies, a telecommunications company with nearly a century of history, put this to the test. Geoff Krahn, Director of Product and Platform Security at Lumen, and his team used the Axonius asset intelligence platform to reconcile data from more than 40 disconnected systems into one trusted view. They uncovered 60 times more devices than they knew they had, then rebuilt their exposure management program on that foundation. Why asset inventories break down at enterprise scale Lumen's environment is an extreme case of a problem most security teams recognize. More than 40 independent IT and security tools tracked different slices of reality at different levels of maturity, none agreeing on device counts, ownership, or coverage status. When leadership asked what percentage of servers had EDR, answering meant pulling from sources that contradicted each other. "We were constantly in incident response calls with no idea who owned what," Krahn said. Axonius gave the team a way to reconcile all of those sources into one model. The scope turned out to be far larger than anyone expected: Starting point: ~17,000 known cyber assets across existing inventories After initial reconciliation: 500,000 devices identified and categorized Current scope: Approximately 1.1 million devices "It has really been an eye-opener for the organization as a whole how large our responsibilities are," Krahn said. "Being able to quantify it and highlight gaps in controls has allowed us to gain the leadership support and funding we need." What trusted asset data makes possible Zero-day response When a critical vulnerability drops, speed depends on knowing what's exposed and who owns it. Krahn's team can now identify affected systems, confirm whether they're externally exposed, and establish ownership within minutes, then push alerts to engineers through a chatbot built on top of Axonius. "Being able to get near-instantaneous information on how many assets are susceptible to a 0-day vuln, who owns them, are they externally exposed... is pivotal to timely response and communication," Krahn said. Application posture visibility Lumen runs thousands of internal applications. Knowing whether a server is patched doesn't answer what it supports, who owns the application on it, or what revenue stream a compromise would put at risk. By correlating CMDB relationships with control coverage, vulnerability data, and end-of-life status, Lumen built an Application Posture Dashboard within Axonius that evaluates risk at the application level rather than the infrastructure level alone. Krahn plans to connect this directly to the products Lumen sells, tying cybersecurity exposure to revenue. How risk-based exposure management replaces "scan and spam" Without reliable asset context, most teams default to sorting by CVSS score and working top-down. The Actionability Report found that 56% of organizations still rely primarily on CVSS for prioritization, despite broad agreement that exploitability, blast radius, and business impact should drive those decisions. Critical issues end up buried behind thousands of medium-severity findings that pose no environment-specific risk. Krahn describes the old model bluntly: "scan and spam." Scan everything, dump the results, hope the right things get fixed first. With trusted asset data in place, Lumen took a different path. Axonius Exposures allowed the team to combine technical findings with asset context, business criticality, and control coverage to surface which remediations deliver the greatest risk reduction. "Exposure management will allow us to evolve vulnerability management beyond scan and spam to intelligent risk-based requests driven by remediation actions that will deliver the most risk reduction," Krahn said. Better asset data enables smarter exposure management, and exposure management outcomes reveal where asset data still needs to improve. What happened when Lumen's leadership trusted the data Trusted, quantified visibility changed what leadership was willing to decide: Cloud migration: End-of-life visibility drove Lumen's decision to migrate the majority of its infrastructure to the cloud 10x security investment: Spending grew to roughly 10 times its previous level as leadership saw the full scope in terms they could act on Board-level reporting: Lumen's board now relies on Axonius-generated reports for asset coverage, EDR deployment, and compliance insights "The visibility Axonius was able to shed on the end-of-life issues we had with our systems directly contributed to the decision to migrate the majority of our infrastructure to the cloud, reducing overall risk by 40%," Krahn said. Is your asset data carrying the same gaps? If an organization with dedicated security leadership and 40-plus inventory systems found its cyber asset management picture was off by a factor of 60, most enterprises should assume their own data carries similar gaps. Every exposure management program inherits the quality of the asset data underneath it. If that foundation hasn't been tested, the prioritization, ownership mapping, and remediation workflows built on top of it are working from assumptions, not evidence. Learn more about Axonius Exposures and risk-based exposure management at enterprise scale. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Application Security, Asset Management, Cloud security, Compliance, endpoint security, enterprise security, Exposure management, Risk management, Security Operations, Vulnerability Management ⚡ Top Stories This Week ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts ⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks 282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS ⭐ Featured Resources What 200+ Security Teams Reveal About Using IP Intelligence in 2026 Get Hands-On SANS Training for Today’s Cyber Defense and Offensive Security Challenges See What’s Really Exposed Across Your IT, OT,

Entities

Axonius (vendor)Axonius asset intelligence platform (product)Axonius Exposures (product)