Nexusguard Bastions

• For large-scale mega PoPs demanding 100 Gbps+ capacity, the MX7000 offers unmatched multi-chassis redundancy and scalability, ensuring reliability for modern network environments. For smaller satellite PoPs with under 200 Gbps needs, the R660/X12 combines compact design with powerful performance, delivering efficiency without compromising on capability.
• All hardware complies with Internet standards for physical, network connectivity, and flow collection, while adhering to CSP best practices such as BGP route announcements and robust access control. Additionally, hybrid cloud deployment provides comprehensive protection, combining on-premise and cloud resources for maximum flexibility and security across all network scenarios.

At the core of Nexusguard’s defense system is a cutting-edge Network Protection Engine, augmented by a suite of intelligent modules. These modules activate sequentially upon detecting abnormal traffic patterns, working harmoniously to neutralize threats and ensure uninterrupted service. 

• Attack Detection
  Our advanced system monitors traffic 24/7, comparing it to baselines to pinpoint anomalies like traffic spikes or unusual patterns. This enables rapid detection of threats, from volumetric DDoS to sophisticated application-layer attacks, for immediate response.
• Peace Time Baselining
  Powered by deep learning, Smart Baselining analyzes your network traffic to establish precise baseline thresholds. This reduces false alarms, accelerates anomaly detection, and ensures swift threat mitigation — keeping operations running smoothly.
• Alerts
  Nexusguard’s Event Notifier App delivers alerts via email, SNMP Trap, or syslog, with customizable alert levels for proactive incident management.
• Traffic Diversion
  The Cloud Diversion App automatically redirects traffic to Nexusguard’s network when thresholds are exceeded. With no on-premise equipment or manual intervention required, it ensures seamless mitigation and uninterrupted legitimate traffic flow.
• Attack Mitigation
  Our multi-layered defense combines heuristic algorithms, static/dynamic content caching, and acceleration techniques to block volumetric and application-layer attacks while optimizing network performance.‍
• Clean Traffic Delivery
  During an attack, Nexusguard announces the targeted /24 IP prefix via BGP, routing traffic through global scrubbing centers. Malicious traffic is filtered out, and clean traffic is securely returned via GRE tunnels, keeping networks safe and operational.

Network Protection

• Nexusguard's Network Protection safeguards CSP infrastructure through continuous monitoring, advanced threat detection, and proactive mitigation. Central to this service is an on-premise Bastions server and ample backbone bandwidth to maintain both network protection and uninterrupted Clean Pipe service delivery during attacks.

Clean Pipe

• The Clean Pipe service is designed for downstream clients directly connected to ISPs in partnership with Nexusguard, leveraging the advanced capabilities of Nexusguard Bastions. These clients prioritize seamless and secure connectivity, relying on the ISP’s internet access to reach their critical network assets. By subscribing to the Clean Pipe service, they gain an additional layer of security, effectively mitigating network congestion caused by the disruptive impact of volumetric DDoS attacks.

Origin Protection

• Nexusguard Origin Protection is a leading-edge, purpose-built service designed to safeguard mission-critical services across large-scale networks. Tailored to meet the unique demands of environments managing hundreds of Class C networks, Origin Protection provides robust protection against evolving threats while adapting to diverse infrastructure requirements.

Application Protection

• Nexusguard Application Protection is a premium, purpose-built service designed to combat the growing complexity and sophistication of modern DDoS attacks. Powered by proprietary technology, Application Protection provides always-on, multi-layered defense spanning Layers 3 through 7, ensuring comprehensive security for your public-facing websites, applications, APIs, and other critical web assets.

DNS Protection

• Nexusguard DNS Protection delivers always-on domain resolution through our globally distributed, high-capacity scalable DNS infrastructure. The fully redundant platform is engineered to absorb even the largest DNS-based DDoS attacks while maintaining uninterrupted service for legitimate users — ensuring 100% DNS uptime for critical websites and applications.

Edge Protection

• Nexusguard Edge Protection is designed to safeguard CSP partners by mitigating attacks that could exceed their allocated bandwidth or overwhelm their Bastions server capacity. By seamlessly diverting malicious traffic to the Nexusguard Cloud, this service ensures uninterrupted service availability and optimal network performance.

‍

Network Behavior Threat Detection (NBTD)

The NBTD App employs machine learning (ML) to monitor and analyze traffic patterns to a site over time. Based on this analysis, it dynamically recommends adaptive detection thresholds that align with prevailing traffic behavior. These recommendations serve as a reliable benchmark, enabling accurate initial threshold configuration and ongoing refinement for optimal security.

Event Notifier

Event Notifier provides comprehensive security alerting capabilities designed to maintain operational awareness and accelerate incident response. The solution delivers real-time notifications through multiple integrated channels including email, SNMP traps, and syslog, ensuring critical security events are immediately communicated to the appropriate teams. 

Cloud Diversion

Nexusguard's Origin Protection incorporates Cloud Diversion App to automatically manage traffic surges. When bandwidth exceeds predefined thresholds, the system initiates traffic diversion — typically within minutes — without requiring manual intervention or on-premises hardware. This automated process maintains continuous service while simplifying operations through fully automated threshold-based triggers and appliance-free implementation.

SMART Filter

SMART Filter App is an advanced mitigation capability within the NetShield platform, powered by proprietary Smart Detection technology. This intelligent solution dynamically generates and optimizes mitigation rules in real-time, continuously adapting to evolving attack methodologies to ensure maximum protection effectiveness.

At the heart of the system lies an intelligent feedback mechanism that establishes baseline traffic patterns, monitors for deviations, and automatically implements appropriate mitigation responses.

Flow Spec

Nexusguard’s implementation of its FlowSpec App enhances precision by dynamically identifying and acting on specific traffic flows. Using criteria such as source and destination IPs, Layer 4 parameters, and packet attributes (e.g., length, fragmentation), it enforces real-time mitigation policies at border routers. These policies can selectively drop malicious traffic, redirect suspicious flows to a Virtual Routing and Forwarding (VRF) instance for deeper analysis, or apply rate-limiting to throttle unwanted traffic without complete disruption.

Reporting

The Nexusguard platform captures comprehensive attack traffic data, delivering full visibility into key security metrics. The Report App transforms this data into actionable insights, enabling the generation of detailed analyses of bandwidth utilization, mitigation performance, and security events.

Key metrics include:

• Top application-layer DDoS attacks
• Most significant volumetric attacks
• Historical trends and patterns

Accessible through the Nexusguard Portal, the Report App serves as a centralized reporting hub. Users can quickly generate both standardized reports or customized analyses tailored to specific operational or compliance requirements.

Logger

Nexusguard’s Logger App provides a centralized log management solution, consolidating and storing critical network data including TCP, WAF, and web access logs. The system maintains comprehensive historical records, facilitating the ability to easily retrieve and analyze log files as needed.

‍

• Nexusguard Bastions delivers a seamless and unified experience for CSPS by integrating continuous traffic analysis, real-time attack alerts, traffic redirection, advanced scrubbing, and the delivery of clean traffic — all in a single platform. Central to this system is an intuitive, multi-tenant administration portal, where each customer enjoys their own personalized profile. CSP administrators gain full control, with the ability to effortlessly manage individual customers and tailor their security settings.
• The dynamic dashboard brings everything together, presenting a wealth of metrics, event logs, and detailed reports in an easy-to-understand format.

• Our Customer Portal offers end-clients a smooth, self-service experience, empowering them to independently monitor events, incidents, traffic graphs, and more — all without relying on their CSP partner. Each client is equipped with their own dedicated dashboard portal, tailored to their individualized service. These personalized portals feature unique security profiles and customizable parameters, ensuring they align perfectly with the specific needs and requirements of each business.

Nexusguard’s proprietary API enables tight integration with partner CSP operations, helping streamline workflows, enhance efficiency, and simplify management for a more cohesive service experience.

• Nexusguard’s SaaS model replaces capital-intensive (CapEx) investments with a predictable operational expenditure (OpEx) model, eliminating lifecycle concerns and the risk of end-of-support scenarios. This transition removes the need for periodic technology refresh cycles and large capital outlays.
• Our subscription-based approach guarantees uninterrupted licensing and support, maintaining operational effectiveness indefinitely. This sustainable model delivers increasing value over time, with total cost of ownership (TCO) that progressively declines the longer the solution remains in service.

• Included as a standard feature with every deployment, Nexusguard provides comprehensive training, enablement, evaluation, and ongoing re-training for our sales and pre-sales teams, partners and their teams. Our courses are designed by seasoned practitioners with years of hands-on experience, ensuring they are practical, realistic, and highly effective.

• Nexusguard’s SOC is staffed by a team of highly skilled security professionals who work around the clock to monitor and defend against emerging threats, including zero-day attacks. Leveraging advanced threat intelligence systems and real-time monitoring capabilities, our SOC ensures rapid detection and swift response to security incidents, keeping your systems safe and secure at all times.