The Hidden Assets: How Lumen Technologies Uncovered 1.1 Million Devices and Revolutionized Exposure Management
A new report highlights a critical blind spot in enterprise cybersecurity: inaccurate asset inventories. **Lumen Technologies**, a global telecommunications giant, dramatically improved its security posture by reconciling disparate data sources, revealing a staggering 60 times more devices than initially known and transforming its approach to exposure management.
Most enterprises operate under the assumption that their asset inventory is largely accurate. However, reality often paints a different picture. The 2026 **Axonius Actionability Report**, based on a survey of over 600 security leaders, reveals that only 45% of organizations consolidate their asset and exposure data into a unified view. This fragmentation directly impacts the effectiveness of downstream security programs.
**Lumen Technologies**, a telecommunications company with nearly a century of operational history, put this challenge to the test. **Geoff Krahn**, Director of Product and Platform Security at Lumen, and his team leveraged the **Axonius** asset intelligence platform. Their goal was to reconcile data from over 40 disconnected systems into a single, trusted view. The results were astounding: they uncovered 60 times more devices than they previously knew they had, a discovery that fundamentally reshaped their exposure management program.
## Why Asset Inventories Break Down at Enterprise Scale
Lumen's environment, while extreme, illustrates a common problem for many security teams. Over 40 independent IT and security tools were tracking different aspects of their infrastructure, each with varying levels of maturity. Crucially, none of these systems agreed on device counts, ownership, or coverage status. This created significant hurdles when leadership sought answers to fundamental questions, such as the percentage of servers equipped with EDR.
"We were constantly in incident response calls with no idea who owned what," Krahn stated.
**Axonius** provided the team with a mechanism to reconcile all these disparate sources into a cohesive model. The true scope of their environment far exceeded initial expectations:
* **Starting point:** Approximately 17,000 known cyber assets across existing inventories.
* **After initial reconciliation:** 500,000 devices identified and categorized.
* **Current scope:** Approximately 1.1 million devices.
"It has really been an eye-opener for the organization as a whole how large our responsibilities are," Krahn noted. "Being able to quantify it and highlight gaps in controls has allowed us to gain the leadership support and funding we need."
## What Trusted Asset Data Makes Possible
### Zero-Day Response
When a critical vulnerability emerges, rapid response hinges on knowing what systems are exposed and who owns them. Krahn's team can now identify affected systems, confirm external exposure, and establish ownership within minutes. They can then push alerts to engineers via a chatbot integrated with **Axonius**.
"Being able to get near-instantaneous information on how many assets are susceptible to a 0-day vuln, who owns them, are they externally exposed... is pivotal to timely response and communication," Krahn emphasized.
### Application Posture Visibility
**Lumen** operates thousands of internal applications. Simply knowing if a server is patched doesn't reveal what applications it supports, who owns those applications, or the potential revenue impact of a compromise.
By correlating CMDB relationships with control coverage, vulnerability data, and end-of-life status, **Lumen** developed an Application Posture Dashboard within **Axonius**. This dashboard evaluates risk at the application level, moving beyond infrastructure alone. Krahn plans to directly link this to **Lumen**'s products, connecting cybersecurity exposure to revenue.
## How Risk-Based Exposure Management Replaces "Scan and Spam"
Without reliable asset context, most teams default to prioritizing vulnerabilities by **CVSS** score. The **Actionability Report** found that 56% of organizations still primarily rely on **CVSS** for prioritization, despite widespread agreement that exploitability, blast radius, and business impact should drive these decisions.
This often leads to critical issues being buried under thousands of medium-severity findings that pose no environment-specific risk. Krahn candidly described the old model as "scan and spam" β scan everything, dump the results, and hope the right things get fixed first.
With trusted asset data in place, **Lumen** adopted a more strategic approach. **Axonius Exposures** enabled the team to combine technical findings with asset context, business criticality, and control coverage. This approach highlights which remediations will deliver the greatest risk reduction.
"Exposure management will allow us to evolve vulnerability management beyond scan and spam to intelligent risk-based requests driven by remediation actions that will deliver the most risk reduction," Krahn stated.
Better asset data empowers smarter exposure management, and in turn, exposure management outcomes reveal areas where asset data still needs improvement.
## What Happened When Lumen's Leadership Trusted the Data
Trusted, quantified visibility fundamentally altered leadership's decision-making process:
* **Cloud migration:** End-of-life visibility directly influenced **Lumen**'s decision to migrate the majority of its infrastructure to the cloud.
* **10x security investment:** Spending on security increased approximately tenfold as leadership gained a comprehensive understanding of the full scope in actionable terms.
* **Board-level reporting:** **Lumen**'s board now relies on **Axonius**-generated reports for insights into asset coverage, EDR deployment, and compliance.
"The visibility **Axonius** was able to shed on the end-of-life issues we had with our systems directly contributed to the decision to migrate the majority of our infrastructure to the cloud, reducing overall risk by 40%," Krahn affirmed.
## Is Your Asset Data Carrying the Same Gaps?
If an organization with dedicated security leadership and over 40 inventory systems discovered its cyber asset management picture was off by a factor of 60, it's reasonable for most enterprises to assume their own data may harbor similar discrepancies.
Every exposure management program's effectiveness is directly inherited from the quality of its underlying asset data. If that foundation remains untested, the prioritization, ownership mapping, and remediation workflows built upon it are operating on assumptions rather than concrete evidence.
Learn more about **Axonius Exposures** and risk-based exposure management at enterprise scale.