Starting from roughly 17,000 known assets in legacy inventories, Lumen Technologies' security team now counts approximately 1.1 million devices after reconciling more than 40 disconnected systems into a single trusted view.
Geoff Krahn and Lumen’s moment of reckoning
Geoff Krahn, Director of Product and Platform Security at Lumen, framed the problem in blunt operational terms: "We were constantly in incident response calls with no idea who owned what." That lack of authoritative ownership and coverage data was not a minor reporting error but a fundamental constraint on response, remediation and risk decisions. Lumen's inventory picture moved from an initial ~17,000 known cyber assets to 500,000 after an initial reconciliation and then to a current scope of roughly 1.1 million devices — a discovery Krahn called "an eye-opener for the organization as a whole."
Axonius reconciliation across 40+ systems
Lumen used the Axonius asset intelligence platform to reconcile data from more than 40 independent IT and security tools. Those systems, the company found, tracked different slices of reality at varying maturity levels and did not agree on device counts, ownership, or coverage status. By consolidating those sources into one model, the security team could quantify gaps in controls and present that quantified view to leadership — a prerequisite, Krahn said, for gaining the support and funding to act.
Zero-day response and a chatbot-driven workflow
Trusted asset data altered how Lumen reacts to critical vulnerabilities. Krahn described a near-real-time capability: the team can now "identify affected systems, confirm whether they're externally exposed, and establish ownership within minutes," then push alerts to engineers through a chatbot built on top of Axonius. "Being able to get near-instantaneous information on how many assets are susceptible to a 0-day vuln, who owns them, are they externally exposed... is pivotal to timely response and communication," he said.
Application Posture Dashboard, revenue ties, and migration choices
Lumen runs thousands of internal applications and found that knowing whether a server was patched was not enough to assess business risk. By correlating CMDB relationships with control coverage, vulnerability data, and end-of-life status inside Axonius, the team built an Application Posture Dashboard that evaluates risk at the application level rather than the infrastructure level alone. Krahn plans to connect that dashboard "directly to the products Lumen sells, tying cybersecurity exposure to revenue." The visibility Axonius provided into end-of-life systems "directly contributed to the decision to migrate the majority of our infrastructure to the cloud, reducing overall risk by 40%," he said.
What this means for technologists, procurement leaders, and boards
- Technologists and security teams: With reconciled asset context, teams can move from "scan and spam" — scanning broadly and surfacing thousands of medium-severity items — to risk-based remediation that combines exploitability, blast radius and business impact with technical findings.
- Procurement and budget owners: Lumen's quantified visibility persuaded leadership to increase spending — roughly 10x prior levels — and to make substantive architecture decisions such as cloud migration driven by end-of-life exposure metrics.
- Boards and executive reporting: Lumen's board now relies on Axonius-generated reports for asset coverage, EDR deployment, and compliance insights, turning previously fragmented inventories into actionable governance inputs.
The practical lesson Krahn and Lumen lay out is straightforward and stark: every exposure management program "inherits the quality of the asset data underneath it." Where that foundation hasn't been tested, prioritization, ownership mapping and remediation workflows are operating on assumptions rather than evidence. As Krahn put it, "Exposure management will allow us to evolve vulnerability management beyond scan and spam to intelligent risk-based requests driven by remediation actions that will deliver the most risk reduction."
For organizations that have never reconciled inventories across dozens of tools, Lumen's experience suggests a simple starting implication: assume your asset data carries similar gaps until you test and prove otherwise. Learn more about Axonius Exposures and risk-based exposure management at enterprise scale in the original account linked below.




