Security
You need a wholesale provider that is focused on providing you with the tools to succeed.
Our security services are designed to do just that, to provide you with a competitive edge.
A number of the features on offer are complimentary, that is to say they are included by default without charge, for example port scanning (called Pulse Detect) and DDoS protection.
Other services, specifically our FortiGate physical and virtual firewalls, come as fully managed solutions for you to sell to your clients.
DDoS
A denial-of-service (DoS) attack floods an IP with traffic, making a website or resource unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource. We will default to the latter acronym going forward.
When it comes to DDoS mitigation there is essentially two main technologies, scrubbing and RTBH (remote triggered black hole):
Scrubbing filters bad traffic while letting legitimate traffic through. Scrubbing comes in varying levels of granularity, the most blunt being firewall rules on ISP routers (to redirect, rate limit, or drop traffic), and the most fine being DDoS scrubbing appliances which steer traffic to scrubbing devices (which will in most cases increase latency).
RTBH signals to all global Tier 1 and many Tier 2 providers that an IP address is the target of DDoS and that we want them to no longer forward traffic to that address. Whilst this is very effective at preventing DDoS traffic from reaching the intended DDoS target, the DDoS target will be taken offline entirely by the mitigation itself.
In practice, this protects the ISP but not the DDoS target. This method sacrifices one subscriber for the good of the rest. In this scenario, wherever possible, we will give the subscriber a new IP address as fast as possible to get them back online.
Lightwire uses a mixture of the above to achieve the best outcome for you and your clients.
The design we have implemented is solid and tested very well during our DR and failover testing. All the VPN, Firewall and WAN site cutovers have gone smoothly and largely without issue.
Your accounts and development team have also been great, they have been responsive to any queries.
For me it’s reassuring and justifies our decision to move to Lightwire Business. Please pass on my thanks to the team, keep up the great work."
ENHANCING SECURITY FOR OUR PARTNERS
Pulse Detect
(Port Scanning)
We are always looking to offer a value premium to our partners by offering services that compliment your efforts, and in this case we do that through proactively scanning our network for services exposing known vulnerabilities, through non-invasive integrations with industry leading security visibility platforms – and reaching out to our partners when issues are detected.
Through doing this we can provide you with an exposure history of an IP address over time (on request), allowing you to address issues on behalf of, and in consultation with, your clients.
Managed Physical Firewalls
Using the FortiGate product range, typically a 40F, 60F or 100F, we deploy a physical firewall at each site and use a cloud-based collector to provide reporting and visibility of network security.
Under this model, Lightwire handles the configuration, management and reporting of a number of UTM functions.
Managed Virtual Firewalls
Providing the same feature set as a managed physical device, and also based on a FortiGate design, the virtual firewall model sees NGFW functions provided from inside the Lightwire private cloud using multi-tenancy firewalls to allocate virtual domains per clients.
