AI Security AI安全 10h ago Updated 10h ago 更新于 10小时前 42

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale 从1.7万到110万资产:Lumen Technologies如何大规模重建暴露面管理

Lumen Technologies discovered its asset inventory was understated by a factor of 60, growing from ~17,000 known assets to 1.1 million after reconciling data from over 40 disconnected systems. The organization utilized the Axonius platform to create a unified view, enabling rapid zero-day response, application-level risk visibility, and a shift from CVSS-based prioritization to risk-based exposure management. Accurate asset data directly influenced strategic decisions, including a cloud migration Lumen Technologies利用Axonius平台整合40多个孤立系统的数据,将已知资产从1.7万扩充至110万,揭示了企业资产库存的严重低估问题。 通过建立可信资产视图,团队实现了零日漏洞的快速响应、应用级风险可见性,并将网络安全暴露与业务收入挂钩。 摒弃传统的“扫描并群发”模式,转向基于风险的情境化暴露管理,使安全修复工作聚焦于最具业务影响的关键项。 准确的资产数据直接推动了高层决策,包括云迁移以降低40%风险,以及安全预算增加10倍,并获得董事会级别的报告支持。

55
Hot 热度
65
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • Lumen Technologies discovered its asset inventory was understated by a factor of 60, growing from ~17,000 known assets to 1.1 million after reconciling data from over 40 disconnected systems.
  • The organization utilized the Axonius platform to create a unified view, enabling rapid zero-day response, application-level risk visibility, and a shift from CVSS-based prioritization to risk-based exposure management.
  • Accurate asset data directly influenced strategic decisions, including a cloud migration that reduced overall risk by 40% and a tenfold increase in security budget approval from leadership.
  • The case highlights that most enterprises inherit inaccuracies from fragmented inventories, making trusted asset data the foundational requirement for effective exposure management.

Why It Matters

This case study demonstrates that traditional vulnerability management is ineffective without accurate asset context, as organizations often operate under significant blind spots regarding their true attack surface. It provides a compelling business case for investing in asset intelligence platforms, showing how data-driven visibility can unlock necessary funding and drive high-level strategic shifts like cloud migration. For practitioners, it underscores the critical need to move beyond simple scanning toward holistic exposure management that correlates technical vulnerabilities with business impact and ownership.

Technical Details

  • Data Reconciliation: Integrated data from more than 40 disparate IT and security tools into a single trusted model, resolving contradictions in device counts, ownership, and coverage status.
  • Asset Scale Expansion: Transitioned from an initial baseline of approximately 17,000 known assets to identifying 500,000 devices initially, and currently managing a scope of approximately 1.1 million devices.
  • Application Posture Dashboard: Correlated Configuration Management Database (CMDB) relationships with control coverage, vulnerability data, and end-of-life status to evaluate risk at the application level rather than just the infrastructure level.
  • Automated Response Workflow: Implemented a chatbot integration to push immediate alerts to engineers regarding 0-day vulnerabilities, confirming external exposure and establishing ownership within minutes.
  • Risk-Based Prioritization: Moved away from sorting solely by CVSS scores to combining technical findings with asset context, business criticality, and control coverage to prioritize remediations that offer the greatest risk reduction.

Industry Insight

  • Invest in Asset Intelligence First: Organizations attempting to implement advanced exposure management or AI-driven security operations without a clean, consolidated asset inventory will likely fail; data quality is the prerequisite for effective automation.
  • Quantify Risk for Leadership: Security teams must translate technical gaps into business metrics (such as revenue exposure or risk reduction percentages) to secure budget increases and executive buy-in, as demonstrated by Lumen’s 10x investment growth.
  • Shift from Vulnerability to Exposure Management: The industry standard of "scan and spam" based on CVSS scores is obsolete; mature programs must adopt risk-based models that consider exploitability, blast radius, and business context to prioritize remediation effectively.

TL;DR

  • Lumen Technologies利用Axonius平台整合40多个孤立系统的数据,将已知资产从1.7万扩充至110万,揭示了企业资产库存的严重低估问题。
  • 通过建立可信资产视图,团队实现了零日漏洞的快速响应、应用级风险可见性,并将网络安全暴露与业务收入挂钩。
  • 摒弃传统的“扫描并群发”模式,转向基于风险的情境化暴露管理,使安全修复工作聚焦于最具业务影响的关键项。
  • 准确的资产数据直接推动了高层决策,包括云迁移以降低40%风险,以及安全预算增加10倍,并获得董事会级别的报告支持。

为什么值得看

本文提供了一个大型企业在复杂IT环境中重建暴露管理基础的实战案例,证明了高质量资产数据是有效风险管理的前提。对于AI和安全从业者而言,它展示了如何将技术数据转化为可量化的业务洞察,从而获得组织层面的资源支持和战略优先级调整。

技术解析

  • 数据整合与归一化:使用Axonius资产智能平台连接超过40个独立的IT和安全工具,解决数据源不一致、成熟度各异的问题,构建统一的资产模型。
  • 资产规模扩展:初始仅识别约17,000个资产,经初步整理后识别出50万个设备,最终范围扩大至约110万台设备,发现了60倍的资产遗漏。
  • 应用级态势可视化:结合CMDB关系、控制覆盖范围、漏洞数据和生命周期状态,在Axonius内部构建“应用态势仪表板”,从基础设施层上升到应用层评估风险。
  • 风险情境化引擎:利用Axonius Exposures功能,将技术漏洞发现与资产上下文、业务关键性和控制覆盖相结合,替代单一的CVSS评分排序,实现智能风险优先级的排序。

行业启示

  • 资产准确性是安全基石:大多数企业的资产库存存在巨大缺口,暴露管理的有效性完全取决于底层资产数据的质量;必须首先解决数据一致性和完整性问题。
  • 从技术视角转向业务视角:安全团队需要将技术指标(如漏洞)映射到业务影响(如收入风险、合规性),通过量化风险来争取管理层支持和资源投入。
  • 自动化与智能化驱动效率:传统的手动排查和通用扫描已无法满足大规模环境需求,需借助AI和自动化平台实现实时资产发现、所有权映射和智能修复建议。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全