How Lumen Used Zafran to Prioritize, Detect, and Mitigate Real Risk
Lumen operates one of the largest telecom networks in North America: a complex, hybrid environment shaped by acquisitions and continuous change. With more than 30,000 assets, their vulnerability management program was overwhelmed by sheer volume and noise. The team needed to go beyond scanning and patch lists to understand which vulnerabilities were truly exploitable, and act fast.
The Challenge: Fragmented Visibility and Manual Analysis
Lumen’s security team faced an overwhelming vulnerability backlog with tens of thousands of vulnerabilities across hybrid infrastructure and legacy systems. Traditional scanners surfaced raw CVE counts without showing which vulnerabilities were actually exploitable, leaving analysts guessing where to focus.
Zero-day tracking was even more painful. Each new disclosure required manually comparing vendor advisories against internal asset data to determine exposure. Analysts then had to verify whether existing defenses, such as EDR policies, firewall rules, or WAF signatures, already blocked exploitation attempts. The process was time-consuming, error-prone, and slowed the team’s ability to act on what truly mattered.
Without a unified view tying vulnerabilities to runtime data and control coverage, prioritization became guesswork. Security and IT teams were forced into reactive patching cycles instead of focusing on vulnerabilities that posed a clear, proven path to exploitation.
The Solution
The Solution: Context-Driven Exploitability and Automated Zero-Day Hunting
Zafran integrated directly into Lumen’s existing defenses to create a live, contextual model of exploitability across 30,000+ assets. The platform didn’t just aggregate data; it connected the dots between vulnerabilities, assets, and the real-world conditions that make them exploitable.
As the speed of exploitation continues to accelerate and as threat actors often operationalize new vulnerabilities within hours, real-time visibility becomes essential. This continuous correlation showed Lumen exactly which vulnerabilities were running in production, exposed to the internet, and unprotected by existing controls. Those findings became the organization’s new “source of truth” for vulnerability prioritization.
When a zero-day was announced, Lumen’s threat hunting team used Zafran to quickly determine whether the affected vendor or platform was in use within their environment and to verify the software versions running. Zafran provided immediate insight into existing compensating controls and helped identify which systems represented the greatest risk, allowing the team to prioritize remediation efficiently. What previously took hours or days was reduced to minutes.
The Implementation
“Zafran has proven to be a force multiplier. It helped us mitigate a lot of risk that we knew that we had in our environment and this has helped prove it but it's also helped us go after the areas that would be the biggest bang for your buck.”
Brett Wentworth, Vice President & Deputy Chief Security Officer
Lumen Technologies
The Results
Zafran delivered measurable impact across Lumen’s vulnerability operations:
- Rapidly identified exposure across thousands of vulnerabilities by validating which were truly exploitable based on runtime presence, internet exposure, and configuration of Lumen’s existing defenses
- Cut manual triage time for zero-days by automating threat-to-asset correlation
- Integrated 30,000+ assets into a single exposure view without impacting performance
- Streamlined collaboration between vulnerability, threat, and IT operations teams through Zafran’s unified exposure model
Zafran now serves as a core component of Lumen’s vulnerability management workflow, bringing clarity, precision, and speed to exposure identification and remediation.
Learn More
Zafran has redefined vulnerability management with a new operating model that transforms reactive patching into proactive risk reduction. Using your existing defenses and live risk context, Zafran helps you prove what’s truly exploitable, and mitigate it fast.
See why leading enterprises trust Zafran to focus on what actually matters. Discover the new operating model for vulnerability management.
Industry
Primary Use Cases
Key Outcome
Integrated 30,000+ assets into a unified single source of truth
See Zafran in action
See Zafran in Action
Prioritize and fix what is truly exploitable using risk context from your existing security tools
