Designed to protect large networks from L3/L4 attacks of all complexities, Nexusguard InfraProtect offers telcos and ISPs the ability to leverage Nexusguard's globally distributed infrastructure to be used as an off-site sandbox to perform traffic analysis, shaping and attack mitigation.
The multi-layered detection and mitigation engine features Network Behavior Analysis (NBA) to analyze traffic data in order to detect traffic anomalies and alerts the Communications Service Provider (CSP) to divert traffic to Nexusguard’s scrubbing cloud. Only clean traffic is forwarded back to the origin server.
Legacy flow-aware devices such as firewalls, load balancers, IPS, IDS, etc. often fail to detect stealthy network layer attacks, such as bit-and-piece attacks, also known as carpet bombing. In this kind of attack, the attacker disperse bits and pieces of junk traffic across a diverse pool of IP addresses across hundreds of IP prefixes, a tactic designed to evade detection.
While firewalls, routers and switches can protect against intrusive attacks at Layer 3 to some extent, they could become the traffic bottleneck themselves when dealing with large volumetric attacks.
When faced with powerful or advanced attacks such as bit-and-piece attacks, blackholing traffic to targeted IP addresses as a mitigation measure is no longer effective nor is it viable given the potentially large impacts.
Mitigation template contains rule-sets to define the default settings for all configurations that will be used to mitigate perceived threat. Once switched on, these rules are automatically enforced when the threshold values (e.g. upper limits) defined by detection policies are reached. To meet different security needs of CSPs, policies are customizable at network/host levels. On the same platform, the CSP has access to our Portal, functioning as a single-point for management and reporting, to gain real-time traffic visibility, control and attack logs.
By deep-learning method, Nexusguard smart baselining determines an accurate upper and lower threshold value that adapt to the prevailing traffic pattern. Since the threshold values are kept fine-tuned on an ongoing basis, false alarm, alarm fatigue, “alert spamming” and manual tuning of alert rules that error making steps can be reduced. With such detection and mitigation strategies, any malicious or suspicious traffic causing multi-vector attacks directed to L3/4 and L7 layers is effectively scrubbed away not only to prevent consumption of expensive bandwidth, but also to enhance network uptime and availability. Our scalable and agile DDoS protection strategized by cutting-edge detection and mitigation for CSPs is committed to meeting SLAs.
To minimize the service impact and avoid collateral damage, blackholing is easily performed via our Portal, considered a last resort to drop all the overwhelming traffic to a host that may cause collateral damage. In other words, Infrastructure Protection that minimizes the risk of collateral damage by blackholing is a form of cyber insurance that allows you to transfer security risks to a third-party vendor.
InfraProtect can be delivered as a managed service. Nexusguard’s 24x7 SOC keeps monitoring traffic, responds to and mitigates attacks, provides threat warnings, as well as detailed incident reports. This service is considered outsourced in the way that frees your IT team from firefighting and thus to reduce outage-related helpdesk costs.