Lumen Defender and Microsoft Security: Enhancing SOC Threat Detection and Response
Presented by Microsoft Events, this Ignite 2025 session features Ankur Arora, Craig D’Abreo, and Susmita Nayak discussing how Lumen Defender augments Microsoft Security solutions and empowers SOC teams with advanced threat intelligence.
Lumen Defender and Microsoft Security: Enhancing SOC Threat Detection and Response
Speakers: Ankur Arora, Craig D’Abreo, Susmita Nayak Session: Microsoft Ignite 2025 | BRK383
Overview
Organizations shifting to Microsoft Security face increasing complexity in threat detection, compliance, and response. This session details how Lumen Defender integrates with Microsoft’s security stack to deliver outside-in intelligence for Security Operations Center (SOC) teams.
Key Topics
- SOC Team Challenges: Addressing data overload and complexity in alert management.
- AI-First End-to-End Security Platform: Introduction to Microsoft’s platform and its four security planes.
- Lumen Partnership: Overview of Lumen’s connectors in the Security Store that deliver real-time threat feeds.
- Black Lotus Labs: Explaining their role in Lumen’s threat intelligence and how global backbone visibility detects reused attack infrastructure.
- Network Visibility Analogy: Using U.S. highways as an analogy to help practitioners understand network-based detection.
- Early Warnings: Leveraging network intelligence for faster identification of suspicious activities.
- Endpoint vs. Network Intelligence: Comparison models, benefits for SOCs, and integration strategies.
- Enterprise Security Approach: Tactics such as passing suspicious traffic into logs for later analysis.
Actionable Strategies
- Implement connectors available in the Security Store to ingest Lumen Defender data into Microsoft Security tools.
- Use Black Lotus Labs intelligence to supplement existing Microsoft threat detection.
- Prioritize network-level visibility alongside endpoint monitoring for earlier threat warnings.
- Follow enterprise tactics as showcased, allowing for deeper log-based analysis.
Additional Resources
- Secure Your Data with Microsoft
- Learn more about Telco at Microsoft
- Lumen Defender Threat Insights
- Microsoft Ignite On-Demand Sessions
Chapters
- 0:00 – SOC Team Challenges and Data Overload
- 07:00 – AI-First Security Platform Introduction
- 13:33 – Microsoft Security Platform Overview
- 14:40 – Lumen Partnership and Connectors
- 17:07 – Black Lotus Labs Threat Intelligence
- 25:39 – Network Visibility Analogy
- 27:11 – Reused Attack Infrastructure & Early Warning
- 29:36 – Endpoint vs. Network-Level Intelligence
- 36:21 – Enterprise Security Approaches