Announcing Lumen Defender℠ AMDR with Microsoft Sentinel: Advanced Managed Detection & Response Powered by Black Lotus Labs®

Tony D'Anna Posted On November 19, 2025
0
82 Views


Two individuals in business suits sitting at a desk, working together on a desktop computer. The background features a colorful abstract design with splashes of yellow, orange, blue and purple, and a tall server tower is visible on the left side.

A new era for Lumen and Microsoft customers is here: Lumen Defender Advanced Managed Detection & Response (AMDR) with Microsoft Sentinel delivers real-time, network-driven threat intelligence and 24/7 security operations, empowering organizations to detect, respond to and mitigate advanced cyber threats. In today’s rapidly evolving threat landscape, customers need a managed detection and response solution that goes beyond endpoint visibility—enabling them to proactively defend against sophisticated adversaries with greater speed, confidence and context.

This collaboration between Lumen and Microsoft brings together two industry leaders to deliver real-time, curated threat intelligence—empowering security teams to stay ahead of threats and strengthen their security posture. The Lumen Defender AMDR solution provides continuous, expert monitoring and rapid response, giving customers peace of mind in the face of evolving cyber threats.

Bringing network-driven threat intelligence to Microsoft Sentinel

As cyber threats grow in complexity and scale, security teams need more than just endpoint visibility—they need insight into the global infrastructure attackers use. Lumen leverages the unparalleled reach and operational strength of our global internet backbone, powered by the threat research expertise of Black Lotus Labs®. With Lumen Defender AMDR, organizations can now access high-fidelity, network-based threat intelligence directly within Microsoft Sentinel, Microsoft’s cloud-native Security Information and Event Management (SIEM) and AI-first security platform.

This integration empowers Security Operations Center (SOC) analysts and security teams to enrich alerts, pinpoint critical threats and accelerate incident response by connecting internal signals to external adversary infrastructure. The result is fast, informed decision-making and enhanced security posture.

“Keeping customers safe from evolving cyber threats often requires expert help. We are delighted that Lumen, with its Advanced Managed Detection and Response and Black Lotus Labs Threat Intelligence and services expertise, combined with Microsoft Sentinel, is here to help customers strengthen their security,” said Vasu Jakkal, CVP Microsoft Security. “This collaboration delivers network-driven threat visibility and 24/7 managed security operations—empowering organizations to detect, respond to, and mitigate advanced cyber threats with speed and confidence. By combining Lumen’s global backbone intelligence with Microsoft Sentinel, we’re helping our mutual customers strengthen their security posture and stay ahead of evolving threats.”

How Lumen Defender AMDR with Microsoft Sentinel works

Lumen Defender AMDR delivers continuous, 24/7 monitoring, detection and response through a cloud-based managed SOC. The service is designed to protect enterprises offering:

  • Real-time threat visibility: Harnessing the Lumen global internet backbone—the #1 peered network¹—and direct observation of global network activity.
  • Curated, actionable intelligence: Delivering validated Indicators of Compromise (IOCs) with enriched context, including threat category, risk, and campaign mapping.
  • Seamless operationalization: Rapid deployment in Microsoft Sentinel, with pre-built analytics rules and dashboards to make threat intelligence impactful and integrating Lumen Defender AMDR with Microsoft Sentinel, security teams can correlate internal enterprise alerts with external adversary infrastructure, prioritize high-fidelity threats and respond faster with enriched context.

The power of collaboration: Lumen and Microsoft

Security teams today face an overwhelming volume of alerts—many of which lack actionable context or connection to broader threat campaigns. Analysts often spend hours chasing signals from endpoints, firewalls and cloud workloads, only to be left with fragments that don’t tell the full story.

Lumen network-derived intelligence, powered by Black Lotus Labs®, changes the game. Think of endpoint intelligence as monitoring your house from the inside—you’ll know when someone tampers with a lock. Lumen network intelligence is like having an aerial view of the entire neighborhood, spotting suspicious vehicles and coordinated movements before they reach your door.

In addition to delivering network-driven threat intelligence, Lumen infrastructure is uniquely positioned to support Microsoft’s next generation of AI-powered cloud services. As AI workloads demand unprecedented scale, speed and reliability, the Lumen global backbone combined with metro edge compute capabilities provides the high-performance connectivity required for mission-critical applications. This AI-ready network fabric enables Microsoft to accelerate innovation, helping to ensure solutions like Microsoft Azure, Microsoft 365 Copilot and Microsoft Foundry, including Azure OpenAI remain performant and secure—even as the complexity of cyber threats and data volumes continue to grow.

This outside-in visibility allows Black Lotus Labs® to trace malicious IPs to broader infrastructure, uncover related domains, identify other victims and attribute activity to known threat groups. By connecting internal alerts to external adversary operations, Lumen and Microsoft enable security teams to enrich detection, reduce false positives and accelerate response.

Black Lotus Labs®: See more. Stop more.®

Black Lotus Labs® is the Lumen Threat Research and Operations division—a multidisciplinary team of data scientists, reverse engineers, security engineers and threat analysts who specialize in detecting, tracking and disrupting digital threats worldwide.

What sets Black Lotus Labs® apart is unmatched network visibility:

  • Direct access to the Lumen internet backbone: One of the most connected networks in the world, providing visibility into threats moving across the internet before they reach your endpoint.
  • Tracking of millions of threats: Monitoring 2.3 million unique threats and 46,000 command-and-control (C2) servers.
  • Global coverage: Visibility into 99% of all public IPv4 addresses via transit traffic.
  • Operational impact: Executing over 150 C2 disruptions per month through takedowns and This scale allows Black Lotus Labs® to map and monitor malicious infrastructure with extraordinary confidence and speed, forming the foundation for advanced detection and machine learning algorithms that validate IOCs with high fidelity.

To highlight the significance of Black Lotus Labs® threat intelligence, Lumen is making this service available during the preview period. This allows organizations to experience its impact firsthand within the Microsoft Sentinel environment.

Elevate your security operations

With Lumen Defender AMDR and Microsoft Sentinel, organizations can gain access to real-time, curated threat indicators sourced from one of the world’s largest internet backbones. Powered by Black Lotus Labs®, this solution enables proactive defense against malicious proxies, botnets and open relays—automatically blocking threats at the network edge.

By combining the global reach and threat intelligence of Lumen with Microsoft’s advanced security platform, security teams can elevate their cybersecurity posture, reduce risk and focus on their core mission with confidence.

Get Started

Lumen Defender AMDR for Microsoft Sentinel is available now for preview. To learn more about how this solution can help your organization strengthen its security posture, contact the Lumen Sales Team.

Contact the Lumen Sales team to request access to the trial and get started today.

Request invite

 

¹The Center for Applied Internet Data Analysis (CAIDA), AS Rank, January 2025

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue. Services not available everywhere. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2025 Lumen Technologies. All Rights Reserved.

Post Views: 82

No related posts.





Author

Tony D'Anna

Tony D'Anna is Sr. Product Manager for Cybersecurity & AI at Lumen, where he delivers innovative security solutions for large enterprises and public sector clients. He holds a B.S. in Computer Science from the University of California Riverside and an MBA from Santa Clara University, with certifications from Microsoft, Palo Alto Networks and CrowdStrike. Tony is passionate about mentoring aspiring cybersecurity professionals. Outside of Lumen, he enjoys golf, hiking and volunteering.

Trending Now
Postcard From A Bitflinger
Dave Ward October 22, 2025
ivision engineers IT resilience with on-demand internet solutions and AI-ready infrastructure
Lumen Customer Stories Team October 29, 2025
You may also like
Lumen and HPE Bring Smart, Fast, Secure AI Solutions to the Edge
November 17, 2025
Digital resilience in the sky: Lumen builds a scalable, future-ready security ecosystem for the Space Needle
October 15, 2025
Apex Datacom neutralizes 200K threats in 30 days with Lumen Defender℠ Plus
October 1, 2025