Insure against attacks on large networks vital for delivery of any uptime service

Available as an on-demand, managed solution, Nexusguard’s Origin Protection is designed to protect mission-critical services across large networks, especially those managing hundreds of Class C networks or even a Class B network, from L3/4 and L7 attacks. 



Large Network Protection

Protect subnets (Layers 3, 4 and 7) against DDoS attacks, leveraging on our highly scalable, fully redundant and globally distributed scrubbing network to mitigate the largest and most sophisticated DDoS attacks.

Network Behavior Analysis

Obtain recommended detection threshold values with Nexusguard’s Smart Baselining that utilizes deep learning to observe and analyze the pattern of traffic to the protected network for a period of time. This helps reduce false alarms and detect anomalies faster.

Real-time Monitoring & Configuration

Monitor real-time traffic, including dropped and clean traffic, on an integrated portal with dynamic dashboard and analytics. View and download event logs and reports. Configure security policies.

Multiple Detection Modes

Optimize detection to address stealthy network attacks or hit-and-run attacks with Instant Flood Detection, Auto Flood Detection and Time-based Flood Detection, minimizing the harm that a threat can do and ensuring that it can be dealt with more efficiently.

Multiple Mitigation Templates

Build custom mitigation policies with templates for specific protection groups to improve mitigation accuracy and minimize false positive rates in your environment.

Automatic Traffic Diversion

With the new Cloud Diversion App you can effortlessly and automatically divert traffic to the Nexusguard network when the services identifies anomalies so that attack mitigation can take place, ensuring that only legitimate traffic enters ur network at all times.


Guaranteed uptime for the network, backed by enterprise-grade SLA against all DDoS attacks

- Protect layers 3, 4 and 7 on core networks and downstreams
- Custom rules matching your organizational security policy
- Minimize downtime and reduce costly impacts of attacks
- Mitigate attacks at the nearest origins

Maximize user experience and performance even during DDoS attacks

- Multiterabit scrubbing capabilities ensure resiliency & low latency
- Ensure business continuity by allowing legitimate transactions to be processed

Enjoy unparalleled visibility of network traffic and threats in real time

- Comprehensive real-time dashboard and analytics
- Automatic monthly reports
- Real-time packet-captures
- Unlimited raw log downloads

24x7 access to dedicated engineers to immediately address your concerns

- Attack monitoring and mitigation with 24x7 SOC & support team
- Dedicated technical support

Trusted by

  • Origin Protection Brochure

    Nexusguard is the expert in DDoS mitigation and is uniquely positioned to protect your network Infrastructure against malicious traffic so that you can detect and filter out potential DDoS packets before they impact your systems.

    Download now >
  • Origin Protection Datasheet

    Nexusguard Origin Protection Service guards against threats that target network resources. The service is especially beneficial for organizations that can’t afford any downtime of network assets.

    Download now >
  • InfraProtect Datasheet

    Nexusguard InfraProtect offers CSPs the ability to leverage Nexusguard's globally distributed infrastructure to be used as an off-site sandbox to perform traffic analysis, shaping and DDoS mitigation so that traffic that reaches CSPs' network are always clean.

    Download now >
  • The Pros & Cons of Self-administered BGP Diversion

    This paper will evaluate the different route diversion options and their impact and highlight the different facets one should consider before deciding whose hands to entrust their keys to.

    Learn more >
  • InfraProtect vs Origin Protection - A Comparison Guide

    The guide is meant to help you explore the similarities and differences you need to consider when choosing the InfraProtect, Origin Protection or both to protect your network from DDoS attacks.

    Learn more >
  • Origin Protection for Large Networks

    Protecting a network from malicious and attack traffic is what we are committed to doing to our best at Nexusguard. Our Origin Protection (OP) is architected to protect backend networks. But for enterprises or organizations managing a vast network, such as those managing hundreds of Class C or Class B networks, they want to implement an effective Layer 3/4 mitigation to handle volumetric attacks.

    Learn more >
  • Enhancing Nexusguard Cloud Diversion With RPKI ROA

    For route verification to be effective, Nexusguard validates ROAs created by their customers, ensuring all their routes are safe to announce to the Internet.

    Read now >
  • Safeguarding Customer Assets with Nexusguard On-Net

    Nexusguard’s enhanced Cloud Diversion method, On-Net, not only reduces network latency but also expedites time-to-mitigation, ensuring customer assets are protected at all times.

    Read now >
  • Automatic filtering via Nexusguard SmartFilter, for intelligent mitigation

    By combining automated mitigation with accurate Smart Detection, Nexusguard’s SmartFilter provides an intelligent approach to implementing cost-effective, fast-to-deploy, real-time protection against DDoS attacks.

    Read now >
  • Enabling RPKI For A Safer Internet

    With RPKI enabled, Nexusguard ensures configuration mistakes and abuse by bad actors are eliminated, and BGP sessions for our customers and peers are fully validated.

    Read now >
  • Smart Mode: DDoS Attack Detection Using Machine Learning

    The advances in artificial intelligence (AI) in recent years has given rise to the application of Machine Learning models to enhance DDoS attack detection. Nexusguard’s Smart Mode detection uses Machine Learning techniques to predict whether network traffic coming from a source is legitimate or part of a malicious DDoS attack.

    Read now >
  • The Best Of Both Worlds: On-Premise And In The Cloud

    To safeguard their businesses from the growing diversity of DDoS attacks, organizations have begun leveraging the combination of on-site appliances for detection with cloud-based mitigation to create an interworking hybrid solution. The collaboration between Fortinet’s FortiDDoS mitigation appliances for detection with Nexusguard’s cloud-based DDoS protection service provides a unified hybrid solution to address this need.

    Read now >
  • Reaping The Benefits Of DDoS Incident Handling Automation

    Nexusguard’s Cloud Diversion App provides the complete set of tools you need to facilitate the automation of your incident handling workflows, expedite time-to-mitigation and optimize your overall security strategies. Our app is easy to implement and use, allowing you to leverage the capabilities of your existing security infrastructure.

    Read now >
  • How to detect and mitigate Bit-and-piece DDoS attack

    You may be concerned about the impact posed by “Bit-and-Piece Attacks”, a tactic targeting ASN-level CSP networks and able to bypass traditional detection. It can give a great challenge to the legacy detection and mitigation of traditional telcos and ISPs.

    Read now >
  • Communications Service Providers (CSPs) Are Being Brought To Their Knees By “Bit-And-Piece” Attacks That Fly Under The Radar

    CSPs are suffering from an extremely stealthy network-layer attack − the “bit-and-piece” attack that we identified as earlier as in 2018, which was later dubbed as carpet bombing by some others. Designed to bypass traditional threshold-based detection, this attack is posing a new security challenge for CSPs, which can cause massive service degradation for its network and its customers and there’s nothing their on-premise investments can do to help.

    Read now >

Request a Demo or Proof-of-Concept (POC)