Clean Pipe (CP)

A robust set of rules designed to counter flood attacks, including IP, TCP, UDP, ICMP, SSL/TLS, and SIP floods. These attacks overwhelm systems by flooding them with excessive requests, depleting resources and blocking legitimate traffic. Anti-flooding ensures systems remain responsive and operational.

Powered by a dynamic IP reputation database, NTIF policies block threats based on the historical behavior and risk profiles of malicious IP addresses. This intelligence-driven approach proactively prevents attacks before they can disrupt operations or compromise security.

A highly customizable tool that defines mitigation policies tailored to customer network traffic patterns and security needs. Flex Filter goes beyond standard anti-flood measures by offering enhanced metrics and comprehensive data visualization.

This technique sets traffic thresholds post-mitigation, ensuring controlled data flow before sending it to other systems or networks. Acting as a safeguard, it prevents network congestion and minimizes disruptions across shared network resources.

SmartFilter is a cutting-edge mitigation tool within NetShield, powered by Nexusguard’s Smart Detection mode. It automatically generates and adapts mitigation rules in real-time, dynamically responding to evolving attack strategies to ensure optimal protection.

At its core, SmartFilter employs a smart feedback mechanism, which continuously monitors traffic against a clean traffic level baseline, applying mitigation actions when deviations occur. During attacks, it self-adjusts — dropping malicious traffic or allowing legitimate traffic to flow — ensuring optimal performance and robust security at all times.

Continuously monitors traffic, offering advanced warnings and triggering responses if thresholds are exceeded within a set timeframe.

Focuses on bursty traffic and hit-and-run attacks, enabling quick threat detection through active traffic monitoring.

Uses Nexusguard’s AI-driven Deep Learning system for dynamic traffic profiles, ensuring precise detection and minimizing false positives.

Leveraging advanced deep learning, Smart Baselining continuously analyzes network traffic to establish accurate baseline thresholds. This intelligent approach minimizes false alarms, enhances the speed of anomaly detection, and enables rapid threat mitigation.

Traditional methods like Remotely-Triggered Black Hole (RTBH) use BGP to drop all traffic to an under-attack server, including legitimate traffic. BGP Flow Specification (FlowSpec) offers a more precise alternative, enabling rapid deployment of filtering and policing across BGP peer routers to mitigate DDoS attacks without completely blocking access.

Nexusguard employs FlowSpec to match specific flows based on source, destination, L4 parameters, and packet data (e.g., length, fragment). It dynamically installs actions at border routers to:

• Drop traffic matching the flow,
• Redirect traffic to a VRF (Virtual Route Forwarding) for analysis, or
• Police traffic at a defined rate.

Designed to provide complete visibility and control, the Customer Portal is a powerful, user-friendly platform for managing security and performance. Featuring an integrated dashboard and detailed analytics, it enables customers to view and configure detection and mitigation settings tailored to their specific service plans. From monitoring real-time traffic — including raw and clean bandwidth — to tracking network performance metrics like cached bandwidth and request volumes, the portal offers a comprehensive overview of their digital environment.

Customers can stay ahead of threats by viewing ongoing and stopped DDoS attacks, analyzing potential risks, and exploring detailed insights such as visitor geography, source IPs, connection speeds, and more. The portal also provides access to detailed event logs, downloadable raw logs, and monthly reports for deeper analysis.