<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-56W9VX" height="0" width="0" style="display:none;visibility:hidden">

Global Scrubbing Network

Highly redundant and scalable, Nexusguard's multi-node scrubbing network can eliminate attacks closest to their sources. The infrastructure employs global BGP Anycast to disperse and mitigate malicious and attack traffic, ensuring extreme resiliency and low latency at any point of time - in peacetime or during an attack.

Intelligence-based Detection

Nexusguard Threat Intelligence collects and analyzes traffic data from the mitigation platform, SOC, research, IP reputation and external intelligence exchanges to identify threats, mitigate them proactively, and take preventive security postures.

Zero day attack

False positive incident

Malicious crawler

Blacklisted IP

Multiple Filters for Effective, Fast Mitigation

Comprehensive, multilayered mitigation platform eliminates massive volumetric-based and complex L7 attacks in a matter of nanoseconds.

High-speed border filtering

Defend against bandwidth flood using wire-speed Access Control Lists. Nexusguard also keeps tracking lists of bogus IPs and infected hosts, which are also filtered at this layer.

Protocol vertification Deep packet inspection (DPI)

Filter out SYN flood and other similar attacks that attempt to exploit the TCP/IP protocol vulnerability. Progressive challenge-response (C/R) algorithms are further employed to distinguish between spoofed and legitimate traffic.

Adaptive filtering

Statistical Analysis and Anomaly Recognition are used to guard against zero-day attacks.

Application-level filtering

It learns what applications are running on the client’s network in order to effectively detect and deter application traffic violations using Nexusguard’s DPI engine. Malicious traffic is further assessed by the C/R engine. Intelligent HTTP Malformed filtering steps in to mitigate application-specific level attacks (HTTP attacks) as they arise.

Flexible content filtering

Deter morphing HTTP Flood attacks by adapting flexible-content filters to counter evasive intents rapidly.

Web application firewall (WAF)

Protect web applications, mobile apps and application program interface (API) apps against common threats such as the OWASP Top 10 Attacks.


Caching serves as the last layer of protection to absorb the final bit of attack traffic, if any, that has slipped through the preceding layers.

Beat all DDoS attacks

Nexusguard handles all web traffic and requests, mitigate attacks, and route only clean traffic back to client web servers. Nexusguard detects and mitigates any type of attack, such as:

UDP Flood

SYN Flood

ICMP Flood

HTTP Flood

Ping of Death

Smurf Attack

Fraggle Attack


Application Attacks

NTP Amplification

Advanced Persistent Threats

Zero-day Attacks

Granular Visibility & Robust Logging

Turn traffic, performance and visitor analytics displayed on the Customer Portal into actionable intelligence and insights that drive business decisions and strategy. Event and attack reports and logs can also be customized to fulfill your reporting, audit and compliance obligations.

Flexible Policy Configuration

While the Nexusguard Provisioning Team build baselines and set mitigation rules after studying your infrastructure, traffic patterns and user behavior, you are given the flexibility to customize rule groups and rules, including adding whitelists/blacklists to specific rules, to meet your specific security and compliance needs.

Web Application Firewall (WAF)

Cloud-based, turnkey and PCI-certified WAF employs blacklist rules to address known security risks, especially OWASP Top 10 Most Critical Web Application Security Risks. Flexibility to define site-specific rule sets on Customer Portal.

SSL Attack Mitigation

Protect sites and applications from SSL-based attacks. SSL decryption and challenge-response mechanisms are enforced only on malicious requests. SSL cert management tool is PCI and ISO 27001 compliant.

CDN, Caching & Load Balancing

Traffic going through Nexusguard is compressed and cached to deliver content and service faster and more steadily. Load-sharing traffic services support multiple backend configurations. Automatic backend failover delivers extreme resilience to failures.

Progressive C/R Algorithms

Defend the application layer against all abuses and attacks. It employs non-intrusive authentication challenges depending on user behavior; and delivers a non-disruptive browsing.

Patented Crawler Detection

Block malicious crawlers, spammers, hackers and bad bots and even those using forged IP addresses before they could do damage, steal your site content or login information, and DDoS your website.

Intuitive Customer Portal

View and retrieve real-time traffic data and analytics, threats and event logs through visually appealing dashboards, infographics and lists. You can customize security policies, specific rule sets, as well as view and download logs, reports, etc.