What is Defender Plus?
Defender Plus is a network threat detection and prevention service available as an add-on for Internet on Demand circuits. Powered by Black Lotus Labs threat intelligence, it monitors inbound traffic to your protected internet services, identifies malicious IP addresses, and blocks threats based on severity level.
The service runs at the network edge, intercepting threats before they reach your perimeter. It categorizes threats by severity and can automatically block traffic rated as severe, very high, or high. Customers can customize this behavior through blocking rules, custom allow and deny lists, and configurable notification settings.
Why Threat Management Belongs Alongside Bandwidth Scheduling
If you are already managing IoD circuits through a scheduler, adding Defender Plus management to the same interface removes a separate operational workflow. Network teams managing bandwidth and security for the same circuits no longer need to switch between tools.
Consider a typical scenario: your circuit is scheduled to drop to a low tier overnight, but Defender Plus detects an increase in threat activity during that same window. Having both views in one place means you can correlate bandwidth events with security events and make informed decisions without jumping between dashboards.
What the Defender Plus API Provides
The Defender Plus API exposes six categories of operations, all of which Apptifi integrates with:
Activity Logs let you retrieve and download records of all actions taken within Defender Plus, including configuration changes and rule updates. These can be exported as CSV reports for auditing or compliance.
Event Logs capture the actual threat events detected on your protected services. You can retrieve paginated logs or download full reports for a specified time period. This is your primary visibility into what threats are hitting your network and whether they were blocked.
Custom Lists give you granular control over traffic handling. Maintain allow lists for trusted IP addresses that should never be blocked, deny lists for known bad actors you want permanently blocked, and monitor lists for addresses you want to track without blocking. You can add, update, and delete individual entries or download the full list.
Notifications let you configure how and when you are alerted about threat activity. Create email or text notifications triggered by severity level or percentage increases in threat volume. Update thresholds as your baseline changes, or delete notifications that are no longer relevant.
Blocking Rules define your overall security posture. These determine how Defender Plus handles inbound traffic at each severity level. You can retrieve and update your blocking rules to adjust how aggressively the service filters traffic.
Filters provide the available filter options you can use when querying logs and other Defender Plus data. This helps you build targeted queries for specific time periods, severity levels, or threat categories.
Practical Benefits for IoD Customers
For enterprise teams already using Apptifi for IoD bandwidth scheduling, the Defender Plus integration means:
One interface for both bandwidth and security operations on the same circuit. No separate portal login or dashboard to monitor.
Exportable reports for activity logs, event logs, and custom lists in CSV format. Useful for security audits, compliance reviews, and incident post-mortems.
Custom list management directly from the scheduler. When your security team identifies an IP to block or allow, they can update the list without switching tools or logging into a separate API console.
Notification configuration that stays in sync with your operational workflow. Set up alerts for the severity levels and thresholds that matter to your team, and manage them alongside your bandwidth schedule.
Getting Started with Defender Plus in Apptifi
If your IoD circuit has Defender Plus enabled, Apptifi connects to the Defender Plus API using the same authentication flow as the IoD API. Configure your API credentials in Settings, and Apptifi will surface your activity logs, event logs, custom lists, notifications, blocking rules, and filters within the application.
No additional software or separate API keys are required. If you are already scheduling bandwidth with Apptifi, Defender Plus management is available immediately.