Lumen Defender

Lumen Defender℠ powered by Black Lotus Labs^® is your shield against internet‑based threats, adding a new layer of defense to protect your infrastructure. Lumen Defender provides automated network threat detection and response capabilities to proactively detect and block evolving threats at the Lumen network edge. It uses Black Lotus Labs technology to identify potentially malicious host IP addresses and blocks traffic from those IP addresses which Lumen believes to be malicious. With no new hardware or manual configuration required, Lumen Defender provides robust and hands‑free proactive network protection.

Lumen Defender is available in two tiers:

• Lumen Defender Essentials
  • Monitors your inbound internet traffic as it passes through Lumen internet infrastructure and correlates that traffic against a list of potential threats.
  • Proactively blocks certain malicious IP‑based threats on the Lumen network based on risk levels designated by Black Lotus Labs threat intelligence.
  • Portal access to view threat data captured by Lumen, including category, frequency, and destination.
    
    Note: Lumen Defender Essentials data shown is based on sampled data only and does not represent every threat that has been detected or blocked.
     
• Lumen Defender Plus
  
  • All features included in the Lumen Defender Essentials service.
  • Select monitoring and/or blocking of threat risk levels categorized as Severe, Very High, and High, and ability to permit a unique threat by IP address. (Severe is selected by default.)
    
  • Set up and send end‑user alerts by email and/or text; create, modify custom allow, deny, monitor, and block certain threats, provided the IP addresses are shown in the threat list. Filter, view, and export certain reports, including lists of active threats and blocked threats (and associated threat category) for up to a rolling 12‑month period.

Lumen Defender relies on threat intelligence generated by the Lumen Black Lotus Labs threat research team. For every IP address in their database, Black Lotus Labs assigns a risk score from 0–100. Using a proprietary algorithm, they determine the risk score using three factors:

• Threat category: Some internet‑based threats are worse than others. For example, communicating with a Command & Control (C2) server is more dangerous than communicating with a port scanner. Therefore, the risk score will be higher for more dangerous threats.
  
  
• Confidence: The certainty or confidence that an IP address is associated with malicious behavior can vary based on several factors. Risk scores will be higher when there is stronger evidence that an IP address is a threat.
  
  
• Age: Internet‑based threats are typically transient, and threat actors will frequently relocate their hosts to avoid detection. An IP address that is malicious today might be safe next week. As IP addresses cease to exhibit risky behavior, their risk scores should decrease over time.
  
  

Whitepaper: Black Lotus Labs® Threat Intelligence: Risk Scores

To get help with Lumen Defender, click chat (available within Lumen Connect℠) or open a portal support ticket.