Lumen DDoS Hyper delivers an automated self-service path so you can order and turn up your DDoS mitigation fast.
Overview
Lumen DDoS Hyper offers security for the agile digital environment. It’s available for a flat monthly service fee and backed by multiple layers of threat defense, our extensive and deeply peered global backbone combines advanced scrubbing center technology with Black Lotus Labs® threat intelligence for enhanced cyber security to combat complex, costly and persistent threats.
By: Lumen Technologies
Management Software: Control Center
Delivery Methods: Fully automated service delivery. Contact us for custom manual provisioning options.
Quoting Lumen DDoS Hyper (1:06)
Lumen DDoS Hyper service requires:
- IPv4 and/or IPv6 protection
- If Lumen is the sole internet provider and you’re protecting IPv4 - IP prefixes can be between /8 and /32. If some or all of your internet service is provided by a third party, the IPv4 Prefixes must be between /8 and /24.
- If Lumen is the sole internet provider and you’re protecting IPv6 – IP prefixes can be between /29 and /128. If some or all of your internet service is provided by a third party, the IPv6 Prefixes must be between /29 and /48.
There are some Lumen Internet services that may require additional configuration in order to work with Lumen DDoS Hyper. We have two models in which we can support Lumen network customers:
- Internet direct – requires the following configurations:
- Must be a Lumen DIA/HSIP service on AS3356
- BGP or Static routing protocols with WAN IP up to /27
- DDoS protection type must be On-Demand if you have a Lumen managed router.
- Multiport circuits not supported (combination of DIA/MPLS circuits on different VLANs)
- GRE – requires the following configurations:
- Customer must be able to configure a GRE tunnel with BGP peering.
- For non-Lumen Internet service options, you must use a GRE tunnel clean traffic return with BGP peering.
Lumen® DDoS Solutions Comparison Chart
Introduction to Lumen DDoS Hyper
Configuring Lumen DDoS Hyper with GRE Clean Traffic Return
Configuring Lumen DDoS Hyper with Internet Direct Clean Traffic Return
Configuring Lumen DDoS Hyper Monitoring Options
Configure and Activate Lumen Web Application Firewall
Pricing and Features
Get powerful DDoS protection for as little as $850/month. Available for a limited time to eligible U.S. customers purchasing new service, and we’ll waive $10K installation fees.*
| Starting at clean traffic return rate x
Starting price is based on 12-month contract |
100 Mbps | 100 Mbps |
| Maximum bandwidth | 100 Mbps | 100 Gbps |
| Billing options x
Prices vary depending on the billing option selected |
Monthly or annual | Monthly or annual |
| Lumen scrubbing centers automatically and constantly inspect traffic and mitigate detected threats x
Incompatible with circuits that have Lumen-managed routers |
||
| Traffic is scrubbed once customer approval is given or upon attack detection automatically with preapproval | ||
| Network-based, unlimited mitigation | ||
| Global multi-tiered scrubbing architecture | ||
| Carrier-agnostic defense: Protects Lumen or third-party connections for IPv4 and IPv6 traffic x
Read DDoS Hyper FAQ for technical requirements |
||
| 10 clean traffic return paths and 10 flow-based monitoring instances x
Clean traffic return methods via over-the-top (GRE) or integrated with Internet Direct |
||
| Base service protects up to 256 blocks of either /24 IPv4 and/or /48 IPv6 addressess | ||
| Proactive monitoring and alerting by global Security Operations Centers with 24/7 support | ||
| 1 second time-to-mitigate x
SLAs are based on when most attacks hit the scrubbing centers |
||
| Attack monitoring via Lumen network or Customer Router (CPE) x
Not currently supported for Always-On with the Lumen Managed Router |
||
| Unlimited address space size | ||
| Designated security consultant for runbooks, analysis and reporting | ||
| Additional clean traffic return paths and Flow-Based Monitoring available | ||
| Web Application Firewall (WAF) offering Layer 7 defense | ||
*Limited time DDoS offers. $850 monthly service rate is for On-Demand mitigation service with a 12-month agreement. Reduced monthly service rates are for On-Demand or Always-On mitigation service with a month-to-month or 12-month agreement. Lumen will waive one-time installation fee, a savings of up to $10,000 for On-Demand and Always-On mitigation services. Offers are available for a limited time to eligible U.S. business customers purchasing new service and are based on total clean traffic return bandwidth, IPV4 protection and exclude transport, taxes and fees. Early termination fees will apply to rates and offer as set forth in customer’s agreement. Services not available everywhere. Lumen may change, cancel or substitute offers and services, or vary them by service area at its sole discretion without notice. Credit approval and deposit may be required. Offers may not be combined with other offers. Additional restrictions, terms and conditions apply.
Support and Service Options
Lumen DDoS Hyper is monitored 24/7 by Lumen global SOCs with most known forms of attacks mitigated in seconds after traffic is on-ramped through Lumen scrubbing centers.
- On-Demand or Always-On attack mitigation available
- Clean traffic can be returned via GRE tunnel or Internet Direct
- Up to 10 clean traffic return paths and 10 Flow-Based Monitoring instances
- Automated detection, mitigation and response with Rapid Threat Defense backed by Black Lotus Labs threat intelligence
- Optional SOC Advanced Support Services for runbook development, analysis and reporting tailored to your business needs. Choose between 5, 10, 15 or 20 hours per month.
FAQs
DDoS attacks can happen when you least expect it, the best course of action is to be prepared for whatever attackers will throw your way. Lumen DDoS Hyper is a DDoS mitigation solution that can be quoted, purchased and configured through our online portal in a matter of minutes, not hours.
Your business can take advantage of feature-rich DDoS mitigation that can be tailored to your needs at the snap of a finger.
As you’re considering a DDoS mitigation solution with Lumen, you can explore all the variety of options that are available to your business through our self-serve online portal – Lumen Marketplace. You can easily purchase a tailored DDoS mitigation solution instantly and prep for configuration.
Once Lumen is protecting your business, we can defend against DDoS attacks by rerouting customer traffic using BGP advertisements through our global multi-tiered scrubbing centers for cleaning. Attack traffic is filtered out and legitimate traffic is sent back to the customer.
Contract terms are flexible – go monthly or sign up for a whole year. You can take advantage of flat, predictable pricing that won’t change if you’re attacked.
Lumen uses multiple layers of defense including our global internet backbone, intelligent scrubbing centers, extensive peering and Black Lotus Labs® threat intelligence. All of this works together to proactively block threats before they become attacks.
Customers can choose between two models of mitigation:
- On-Demand mitigation – traffic is only scrubbed when an attack is detected, or mitigation is activated. Your network is still constantly monitored.
- Always-On mitigation – traffic is continually scrubbed and monitored.
- On-Demand or Always-On DDoS attack mitigation
- Clean traffic return via Internet Direct for Lumen DIA customers and/or via a GRE tunnel for over-the-top protection on third-party internet services
- Up to 100 Gbps of clean traffic return with up to 10 clean traffic return paths (CTRP) and 10 Flow-Based Monitoring (FBM) instances. Up to 50 CTRPs and FBM instances are available for an additional charge.
- Real-time portal access to analyze performance during peacetime, day two management with event reporting and extensive attack visibility, historical threat data and the ability to make changes to your solution.
- Optional services:
- SOC Advanced Support provides run book development, analysis and reporting tailored to your business needs.
- Web Application Firewall (WAF) provides web application firewall, API protection and Bot Risk Management for additional layer 7 defense.
Lumen DDoS Hyper can be ordered online using Lumen Marketplace (self-service portal) or through the Lumen Control Center (for existing Lumen customers) or by contacting your Lumen sales representative. We will invoice your order. No credit card is required.
Once you accept the quote and terms of the service you will be redirected to Control Center where the technical parameters to provision your service will be gathered. This includes the IP address space that needs to be protected, the IP address(es) of the GRE tunnel(s) or Lumen Internet circuits and information needed to collect Netflow from your router or Lumen edge router.
Lumen has developed a solution that can protect the wide spectrum of our customers’ needs.
If your internet is NOT provided by Lumen:
- You must have a router* (CPE) capable of GRE tunnel termination and able to support the GRE throughput requirement for your service, BGP advertisements, NetFlow generation and IP address space of at least /24 or larger.
- You will also need a public ASN.
If your internet IS provided by Lumen:
- You must have a qualified Lumen Internet circuit on AS3356
- Note that this configuration can protect subnets smaller than /24 and can protect a single host IP at a time
*Support for DDoS Hyper with the Lumen Managed router is available only with On-Demand DDoS Hyper service using Internet Direct clean traffic return with either BGP or static WAN IP routing configuration.
There are some Lumen Internet services that may require additional configuration in order to work with DDoS Hyper. We have two models in which we can support Lumen network customers.
Internet Direct:
- Must be a Lumen DIA/HSIP service on AS3356
- BGP; or static routing; or no routing protocols with WAN IP up to a /27.
- DDoS protection type must be On-Demand if there is a Lumen Managed Router
- Multiport circuits not supported (combination DIA/MPLS circuits on different VLANs)
GRE:
- Customer must be able to configure a GRE tunnel with BGP peering
Non-Lumen Internet service customers can use a GRE tunnel for clean traffic return with BGP peering.
Yes, DDoS Hyper supports IPv4 and IPv6 protection.
Once you accept the quote and terms of the service you will be redirected to Control Center where the technical parameters to provision your service will be gathered. This includes the IP address space that needs to be protected, the IP address(es) of the GRE tunnel(s) or Lumen Internet circuits and information needed to collect Netflow from your router or Lumen edge router.
You can track the status of your order in our portal, Control Center. The service is provisioned in near real-time. Once the service is provisioned, we will notify you and provide you with configuration parameters, if applicable, for your CPE to make it work with the Lumen DDoS Hyper service.
If you have questions while you’re purchasing DDoS Hyper there is dedicated chat support. This can be found in the bottom right side of your screen when going through the purchase process.
Once you have purchased there is dedicated support with chat and call options available in our portal, Control Center. The portal will provide regular updates, and our support team is available to guide you through the process.
Lumen Web Application Firewall (WAF) provides layer 7 defenses designed to protect your web-facing assets and APIs against web manipulation and bot attacks, and more. By bundling WAF with your Lumen DDoS Hyper service, you enable holistic web protection.
For additional information, view our DDoS Hyper + Application Protection Brochure.
You can add security consultant hours to your DDoS Hyper service on a monthly basis. This designated security consultant can:
- Walk-through pre-activation
- Assist with portal enrollment and training
- Develop custom runbooks
- Help with reviews and policy verifications for analysis and optimal configuration
- Write reports containing analysis, advice and recommendations.
You must call the Lumen SOC to finalize the activation of your service before any mitigation can begin. You can contact the SOC by calling them directly: (866) 254-5210 – menu option 2 for DDoS Mitigation activation.
The service is monitored 24/7 by Lumen global SOCs with most known forms of attacks being mitigated in seconds after the traffic hits the scrubbing centers.
It depends on what mitigation model you’ve purchased.
On-Demand customers options:
- SOC-assisted: The Lumen SOC automatically detects the attack, notifies the customer and begins mitigating the attack once customer approval is given.
- Auto-mitigation: The Lumen SOC, subject to customer pre-approval, sets up auto-mitigation, which allows mitigation to occur when an attack is detected.
- Customer-requested: You may choose the option to contact the Lumen SOC when under attack to request the start of mitigation.
Always-On Customers:
- Always scrubbed: your traffic is always routed through Lumen Mitigation infrastructure. There is no need to request a mitigation since the traffic is always being cleaned. Attack notifications can be set up with our SOC.
- Customer-initiated: mitigation is in your hands. Customers have complete control over initiating mitigation. You can still contact the Lumen SOC if you need additional help.
The Lumen SOC can be contacted directly by calling: 866-254-5210 – menu option 2 for DDoS Mitigation activation.
If there is a need to escalate a potential DDoS attack or issue a trouble ticket to the Lumen Security Operations Center management team, the escalation path can be found on page 2 of the “Managed Security” section in the Lumen Service Assurance Escalation Matrix website: https://repairescalations.lumen.com/
Not all products and services are available in all regions and countries; please contact a representative near you for details.
