From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Lumen Technologies reconciled data from more than 40 disconnected IT and security tools through Axonius, uncovering ~1.1 million devices versus a starting inventory of ~17,000 known cyber assets — roughly 60 times more than previously tracked.
- Geoff Krahn, Director of Product and Platform Security at Lumen, said the team previously couldn't answer basic questions like what percentage of servers had EDR because its sources contradicted each other, and they entered incident response calls "with no idea who owned what."
- Lumen built a zero-day response workflow on Axonius that identifies affected systems, confirms external exposure, and establishes ownership within minutes, then pushes alerts to engineers via a chatbot.
- Lumen created an Application Posture Dashboard that correlates CMDB relationships with control coverage, vulnerability data, and end-of-life status to evaluate risk at the application level rather than the infrastructure level alone.
- The 2026 Axonius Actionability Report, which surveyed more than 600 security leaders, found only 45% of organizations consolidate asset and exposure data into a single view, and 56% still rely primarily on CVSS scores for prioritization.
- Lumen's leadership increased security spending to roughly 10 times its previous level after seeing the full scope of the environment, and the company migrated the majority of its infrastructure to the cloud after Axonius surfaced end-of-life issues — a move Lumen says reduced overall risk by 40%.
Why it matters: Lumen had dedicated security leadership and 40+ inventory systems yet was off by a factor of 60 on its asset count, which forced a 10x jump in security spending and a majority cloud migration. For any enterprise running exposure management on un-reconciled asset data, prioritization and remediation workflows are inheriting that same blind spot — and the leadership dollars to fix it depend on first proving the gap exists.


