We’re excited to unveil a brand new collaboration between Lumen and Microsoft — introducing the Lumen Defender Risk Feed, now out there within the Microsoft Safety Retailer as a restricted preview. This marks a strong step ahead in delivering superior menace intelligence to assist organizations strengthen their safety posture.
For the primary time, safety groups will be capable of seamlessly entry curated, high-fidelity network-based menace intelligence from Black Lotus Labs®, straight inside Microsoft Sentinel. This integration permits safety groups to counterpoint alerts, pinpoint vital threats and improve incident response by connecting inside alerts to exterior adversary infrastructure.
Enhancing Safety with Lumen Defender Risk Feed
As adversaries develop extra subtle and enhance their attain throughout sprawling world infrastructure, safety groups want visibility into the networks these adversaries use—to allow them to correlate incidents noticed on inside networks and endpoints with the broader infrastructure behind the menace.
Lumen’s method is to leverage the unparalleled menace analysis and operational power of Black Lotus Labs by way of a brand new product provide, Lumen Defender Risk Feed for Microsoft Sentinel, to ship quick, actionable insights on to Sentinel, Microsoft’s industry-leading SIEM and AI-first platform. We allow Safety Operations Heart (SOC) analysts and safety groups to correlate inside enterprise alerts with exterior adversary infrastructure, prioritize high-fidelity threats and reply quicker with enriched context. Joint clients of Lumen Defender Risk Feed and Microsoft Sentinel can now expertise:
- Expertise in information assortment: Harnessing the Lumen world web spine—the #1 peered community1—and direct commentary of world community exercise.
- Excessive-fidelity intelligence: Delivering curated, validated Indicators of Compromise (IOCs) with enriched context like menace class, danger, and mapped to campaigns.
- Seamless operationalization: Enabling fast deployment in Microsoft Sentinel, with pre-built workbooks, analytics guidelines and dashboards to make menace intelligence impactful and visual.
The Energy of Collaboration: Lumen and Microsoft
Safety groups immediately are overwhelmed. SOCs are inundated with 1000’s of alerts each day—a lot of them low-fidelity, repetitive or missing actionable context. Analysts can spend hours chasing down alerts from endpoints, firewalls and cloud workloads, usually with out the visibility wanted to attach the dots. The consequence? Alert fatigue, missed threats and reactive protection.
Take a standard situation: an endpoint alert flags a suspicious executable making a callback to an unfamiliar IP deal with. Finish-point menace intelligence, powered by deep visibility throughout hundreds of thousands of endpoints, helps establish the malware habits, flag the callback and alert the SOC to a possible compromise. That is invaluable—it offers the group a place to begin and confirms that one thing malicious is going on on the system.
However the investigation stalls. The IP has no recognized repute, and there’s no clear hyperlink to a broader marketing campaign. What the endpoint couldn’t see was that the IP was a part of a newly activated command-and-control community spanning a number of geographies—utilized by a sophisticated persistent menace (APT) group to coordinate assaults. With out visibility into the infrastructure behind the alert, the SOC is left with fragments, unable to evaluate danger or reply successfully.
That’s the place Lumen is available in.
Black Lotus Labs, the Lumen menace analysis arm, sees the web from the surface in. Take the analogy of endpoint intelligence as watching your home from the within—you’ll know when somebody breaks a window or tampers with a lock. Lumen network-derived intelligence, powered by Black Lotus Labs, is like having surveillance on the whole neighborhood. It sees the suspicious autos circling the block, the coordinated motion patterns and the infrastructure attackers use earlier than they ever attain your door.
Tying this to the situation above, Black Lotus Labs can hint that IP to a broader malicious infrastructure, uncover associated domains, establish different victims and attribute the exercise to a recognized APT group. Endpoint intelligence sees the menace on the system; Lumen sees the infrastructure behind it. Collectively, these give safety groups the entire image—connecting inside alerts to exterior adversary operations, enriching detection and enabling quicker, extra assured response.
“Essentially the most vital threats aren’t at all times those screaming the loudest. By eliminating noise and surfacing hidden adversary infrastructure and infrastructure-level context, we allow SOC groups to reply quick, with better confidence—and keep forward of attackers,” mentioned Martin Nystrom, VP Engineering, Black Lotus Labs.
By integrating Lumen Defender Risk Feed straight into Microsoft Sentinel, we’re giving safety groups the outside-in visibility they’ve been lacking. This partnership permits SOCs to correlate inside alerts with exterior adversary infrastructure—enriching detection, decreasing false positives, and accelerating response.
It’s a significant step ahead for our shared clients, increasing the operational attain of Black Lotus Labs’ analysis and making it accessible throughout the Microsoft Safety ecosystem for the primary time.
That is what units the collaboration aside. It’s not simply the standard of the info, however the seamless integration and operational worth it delivers. Microsoft Sentinel customers can now leverage the Lumen Defender Risk Feed to:
- Speed up menace detection: Enrich alerts and incidents with context gained by way of visibility into 340,000 world route miles
- Automate response: Cut back alert fatigue and speed up triage with precision-driven menace insights
- Improve visibility: Acquire perception into world menace campaigns, infrastructure and assault patterns—usually earlier than they attain your community
Who’s Black Lotus Labs?
Black Lotus Labs is the Lumen Risk Analysis and Operations division—a multidisciplinary group of knowledge scientists, reverse engineers, safety engineers and menace analysts who focus on detecting, monitoring and disrupting digital threats worldwide. What units Black Lotus Labs aside is their unmatched community visibility:
- Direct entry to the Lumen web spine. Lumen operates probably the most linked networks on this planet. This supplies Black Lotus Labs with unmatched visibility into threats shifting throughout the web—earlier than they ever attain your endpoint
- Monitoring of two.3 million distinctive threats and 46,000 command-and-control (C2) servers
- Visibility into 99% of all public IPv4 addresses by way of transit visitors
- Execute over ~150 C2 disruptions per thirty days by way of takedowns and notifications
This large scale permits Black Lotus Labs to map and monitor malicious infrastructure with extraordinary confidence and pace. By seeing extra of the world’s web exercise—throughout botnets, malware, C2 networks, felony proxies and even nation-state operations—the group can quickly establish patterns of malicious habits. Their analysis is the muse for superior detection and machine studying algorithms, which validate IOCs with excessive constancy earlier than they will attain Lumen clients.
Discover blogs from Black Lotus Labs, together with our newest analysis on botnet teams.
Get Began: Preview Now Obtainable
A preview of Lumen Defender Risk Feed for Microsoft Sentinel is offered now by invitation solely by way of the Microsoft Retailer.
Contact the Lumen Gross sales Staff to request entry to the trial and get began immediately.
1The Heart for Utilized Web Knowledge Evaluation (CAIDA), AS Rank, January 2025.
This content material is supplied for informational functions solely and will require further analysis and substantiation by the top consumer. As well as, the knowledge is supplied “as is” with none guarantee or situation of any sort, both specific or implied. Use of this data is on the finish consumer’s personal danger. Lumen doesn’t warrant that the knowledge will meet the top consumer’s necessities or that the implementation or utilization of this data will consequence within the desired consequence of the top consumer. All third-party firm and services or products names referenced on this article are for identification functions solely and don’t suggest endorsement or affiliation with Lumen. This doc represents Lumen merchandise and choices as of the date of problem. Providers not out there all over the place. Lumen might change or cancel services or substitute comparable services at its sole discretion with out discover. ©2025 Lumen Applied sciences. All Rights Reserved.
Submit Views: 133
