Our MSP partners provide a large range of security focused products and services, and as such, we are very careful to complement – not compete, with these.
A number of our security services are complimentary, that is to say they are included by default without charge, for example Pulse Detect (our public port scanning tool) and DDoS protection.
Other services, specifically our FortiGate physical and virtual firewalls, come as fully managed solutions for you to refer to your clients and gain a trailing commission from.
A denial-of-service (DoS) attack floods an IP with traffic, making a website or resource unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource. We will default to the latter acronym going forward.
When it comes to DDoS mitigation there is essentially two main technologies, scrubbing and remote triggered black hole (RTBH):
Scrubbing filters bad traffic while letting legitimate traffic through. Scrubbing comes in varying levels of granularity, the most blunt being firewall rules on ISP routers (to redirect, rate limit, or drop traffic), and the most fine being DDoS scrubbing appliances which steer traffic to scrubbing devices (which will in most cases increase latency).
RTBH signals to all global Tier 1 and many Tier 2 providers that an IP address is the target of DDoS and that we want them to no longer forward traffic to that address. Whilst this is very effective at preventing DDoS traffic from reaching the intended DDoS target, the DDoS target will be taken offline entirely by the mitigation itself.
In practice, this protects the ISP but not the DDoS target. This method sacrifices one subscriber for the good of the rest. In this scenario, wherever possible, we will give the subscriber a new IP address as fast as possible to get them back online.
Lightwire uses a mixture of the above to achieve the best outcome for you and your clients.
The design we have implemented is solid and tested very well during our DR and failover testing. All the VPN, Firewall and WAN site cutovers have gone smoothly and largely without issue.
Your accounts and development team have also been great, they have been responsive to any queries.
For me it’s reassuring and justifies our decision to move to Lightwire Business. Please pass on my thanks to the team, keep up the great work.
ENHANCING SECURITY FOR OUR PARTNERS
We are always looking to offer a value premium to our partners by offering services that compliment your efforts, and in this case we do that through proactively scanning our network for services exposing known vulnerabilities, through non-invasive integrations with industry leading security visibility platforms – reaching out and alerting you, our partner when issues are detected.
Through doing this we can provide you with an exposure history of an IP address over time (on request), allowing you to address issues on behalf of, and in consultation with, your clients.
Managed Physical Firewalls
Using the FortiGate product range, typically a 40F, 60F or 100F, we deploy a physical firewall at each site and use a cloud-based collector to provide reporting and visibility of network security.
Under this model, Lightwire handles the configuration, management and reporting of a number of UTM functions.
Managed Virtual Firewalls
Providing the same feature set as a managed physical device, and also based on a FortiGate design, the virtual firewall model sees NGFW functions provided from inside the Lightwire private cloud using multi-tenancy firewalls to allocate virtual domains per client.
Want to see what our security reporting has to offer? Check out this video.