Hybrid DDoS Mitigation

The Best of Both Worlds

We provide multiple deployment models that combine local and global scrubbing capacities so that local traffic can be processed and retained locally, while international traffic is handled by Nexusguard’s global scrubbing centers. Locally processed data under control is subject to the laws of the country where the backend web server is located. Only when local attack traffic threatens to saturate local pipe will it be offloaded to Nexusguard’s global cloud infrastructure.


Being in control does not have to come at the expense of cloud scalability

Limited Pipe Bandwidth

As attacks continue to grow in bandwidth and can easily scale to several Gbps in size, local traffic scrubbing performed by a standalone device requires the local pipe to be sized to handle both legitimate and attack traffic. Without scalability built into the solution, the CSP’s local capacity can easily be congested and overwhelmed, rendering critical services to be impacted or unavailable.

Data Security Concerns

One reason for CSPs, government organizations and financial institutions to use cloud DDoS mitigation is due to data privacy, security and compliance concerns. Some organizations prefer control over the physical hardware and network infrastructure.

Our solutions address a range of challenges Communications Service Providers (CSPs) are faced with

Truly Consistent and Robust Hybrid Experience

Nexusguard on-premise Bastions operates simultaneously with the Nexusguard Global Scrubbing Cloud to detect and mitigate threats in real-time, in contrast to traditional sequential-hybrid models that requires activations that are often gated procedurally, technically and financially. Bastions and Nexusguard Extended Cloud protection is a fully customizable solution that puts the control back into the CSP's hand on selecting the best strategy during each and every individual event.

RESTful API Integration

Nexusguard has developed a RESTful API based signaling architecture that allows for interoperability between your on-prem appliance and our cloud scrubbing network. Through a dispatching system, the hardware can implement the scheduling of the Nexusguard cloud scrubbing service by making calls to a RESTful API.

Agile and Comprehensive Protective Action

Swiftly respond to DDoS attacks, whether they are single or multi-vectored bound for L3/4 or L7 layers, and immediately and automatically employ an corresponding on-premise mitigatory solution. Besides producing the local solution, leveraging Nexusguard’s multi-terabit cloud infrastructure, MX7000 provides the scalable and on-demand mitigation.

Fully & Centrally Managed Platform with 3-tiered multitenant portal

The platform is managed by Nexusguard SOC 24x7 in the way that rule-set updates, upgrades and patches are delivered automatically. Established on such a platform, a partner portal equips multi-tenant environments with 3 types of access: super admin, admin and user accounts.

Cloudshield App

Nexusguard Cloudshield App is commonly deployed in hybrid DDoS mitigation solutions. Upon detection of a DDoS attack, Cloudshield integrates the attack data with a customer’s on-premise appliances; if the attack is smaller than the capacity of the Internet uplink, it is mitigated locally by the on-premise appliance. Moreover, Cloudshield synchronizes with the Nexusguard Cloud Diversion App to automatically divert traffic during large attacks exceeding the traffic level defined by the customer, to the Nexusguard scrubbing cloud to drop attack traffic.

Request a Demo or Proof-of-Concept (POC)

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.